Risk, governance and compliance - three simple words that carry astounding weight and meaning for any business, anywhere in the world. Many businesses recognise the challenge of having risk management, governance policies and compliance procedures in place. Yet, five years ago, few would have foreseen the latest requirement on the horizon - digital risk management.
As our worlds of BYOD, IT, IoT and an always-on, always-connected society permeate every corner of the globe, the risk for any business - and multi-nationals in particular - has grown exponentially. So much so that Gartner predicts that, by 2017, one third of large enterprises engaging in digital business models and activities will have a digital risk officer or an equivalent.
So what does that mean exactly? With the superset of technology now available to businesses and consumers alike, organisations have strived to share information, branding, content via multiple social channels and much more online. Paper and print are diminishing as we place more and more online in the digital sphere.
What this does is create an enormous bank of digital content and, in all likelihood, a disparate bank of digital assets depending upon the geography of an organisation’s offices. What might be deemed appropriate content and branding in the US and UK, for example, may be entirely different for Asia Pacific or South America. So how do senior executives, responsible for meeting multiple legislative and regulatory requirements, monitor and manage their digital assets?
As Paul Proctor, vice president and analyst at Gartner, says: “Digital risk officers (DROs) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk.” Creating a role or responsibility for digital assets within an organisation is a smart approach, but how does one individual - or perhaps a team - monitor these assets across a multi-national organisation?
Businesses need to consider the variety of different regulations across different regions, for example, the forthcoming General Data Protection Regulation in the European Union, the assessment of technological risk of systems used to manage digital engagement, or even the representation of a brand. All of these and more require regular assessment and monitoring so that, if or when a DRO or risk management team is questioned about the organisation’s digital assets, they can easily report back to the regulatory body or auditors, demonstrating that the organisation complies appropriately.
The other major benefit a DRO role brings to an organisation is the ability to drive value from digital asset spend. Multi-nationals, in particular, will often have countries or regions producing duplicate or overlapping content. With an accurate understanding of the global digital estate, the DRO will enable decisions based upon not only the risk profile of assets, but also the value they deliver, avoiding unnecessary spend where value may be sub-optimal or where assets have become stale due to lack of updates.
The accurate understanding of the entire digital estate through effective data capture and governance will then provide insights for better and more impactful decisions, but also create savings and drive savvier purchasing decisions, ultimately ensuring the DRO role pays for itself. So, while the predictions of the new DRO role abound, what can businesses who’ve not yet made the hire do now?
Empower your knowledge base - The majority of businesses, especially multi-nationals, will be blessed with a group of knowledgeable employees (or consultants), such as lawyers, security executives, risk officers and senior executives. When combined, these individuals can and should provide a cohesive view of the organisation’s digital assets and legislative/regulatory requirements in each location.
Think global, act local - By auditing the businesses across every location and recording the different digital assets produced and stored, the risk management team can start to gain a clear view of any challenges or areas for concern, as well as flagging future challenges in a reliable risk management system.
Set realistic expectations - Regulatory and legislative organisations will expect organisations to recognise the importance of their digital assets. But the acknowledgement that digital risk management is still in its infancy means that you could be ahead of the curve.
Be proactive - Proactively prevent issues - don’t wait for the proverbial to hit the fan. By having a robust risk management policy and procedures in place, you’ll be able to detect, report and address issues that are important. After all, prevention is better than having to continually firefight problems.
By creating a clear data collection process in your business, you’ll be able to profile the risk of assets and use the information to compare value, therefore optimising the risk-reward balance. Overall, remember those producing digital assets never envisioned that they would one day have to comply with the growing regulatory demands that modern businesses now face. If you want to be successful in motivating your entire organisation into being compliant, remember to keep things simple, educate and collaborate. By getting all employees to appreciate the associated benefits of risk management, you’ll be more likely to succeed in implementing and maintaining your digital assets.