How to Build Conjunction between Operational and Cyber Risk Frameworks

Today, organizations need to align their traditional operational risk frameworks with the new and emerging trends of cyber risk. RMA’s recent installment of the Governance, Risk, and Compliance Audio Conference Series offered insight into how to integrate operational and cyber risk.

Guarav Kapoor, COO, MetricStream shared five key points to consider:

  • Disruption is the only constant. Kapoor advised predicting disruptions and being prepared to respond to both the known and unknown. IT disruption is the biggest threat and can include breaches in data protection, third party oversights, and governance and controls.
  • Harmonization of digital data is key. Digital enterprise has led to data being stored in multiple sources. Different types of data are collected, stored, used, and purged across the enterprise without a harmonious strategy. Kapoor recommended creating an agile master data of process, risk, control, and assets. Aggregating data from multiple sources will provide contextual insights and guidance.
  • Engaging the front line is critical. Fraud and theft are now concentrated in the digital realm. The digital enterprise together with the front line’s inaptitude in understanding cyber risks provide ample opportunities for breaches. It’s essential to educate the front line about risk culture and empower them with information to make decisions.
  • Foresight is a competitive advantage. Kapoor stressed the importance of foreseeing risk events using digital information and the power of artificial intelligence. Institutions are experiencing increased regulatory burden on the use of automated decision making. Human assistance is necessary to ensure accuracy, governance, and lack of bias in automated decision making.
  • Outcome-driven, agile programs are an important future strategy. Institutions that adopt new ways of doing business without the proper control environments in place struggle to change with fast-paced technology changes. Kapoor recommended building an integrated operational risk program that can to adapt to the fast pace of cyber risk and make continuous change without disruption.

Washington, The Week Ahead - July 15-19, 2019

Read More

Washington, The Week Ahead - July 8-12, 2019

Read More

How to Build Conjunction between Operational and Cyber Risk Frameworks

Read More

comments powered by Disqus