Faisal Hoque: Strategic Risks Managed at the TopBy Faisal Hoque | Posted 2008-09-15 Email Print
As business technology becomes embedded in core organizational processes, control systems and decision support systems, it is vital that boards appreciate the material risks due to technology and understand the risk-mitigation strategy. Intensified concerns about risk management, auditing and fraud detection, and corporate governance have sensitized boards and top management teams to adopt an even more active role in the oversight of business strategy and key enterprise activities.
The following strategic risks must be managed at the top:
• Business model risk refers to the robustness of the business model and how well it is being executed.
• Competitive risk pertains to the ability to sustain competitive action and retaliation.
• Investment risk relates to the ability to manage business technology spending in a business environment in which capital is scarce and technologies are volatile, expensive and not easily understood.
• Integration risk refers to the risks of inadequate integration between business technology investments and business processes.
• Misalignment risk pertains to inadequate alignment between business technology spending and business priorities.
• Governance models risk relates to the risks of inadequate participation and involvement of business and technology executives on key business technology management decisions.
The management of regulatory compliance has always been an area of board oversight. However, the strategic importance of information and the nature of current business technologies have raised the stakes regarding the privacy, security and confidentiality of information. In particular, there is heightened sensitivity to safeguarding not just sensitive corporate transaction data, but also data about customers, employees and business partners.
The pervasiveness of business technologies has made it far easier for unauthorized pilferage of such information and data. In addition, with heightened concerns about terror, regulations increasingly compel organizations to furnish more data than before. The management of compliance requires attention to the following:
• prevailing regulations;
• maintaining and protecting data about transactions, customers, employees, and business partners;
• alerting stakeholders about incidents of unauthorized access;
• providing the affected stakeholders with assistance;
• the potential for economic sanctions and the threats to business continuity due to noncompliance;
• effectiveness with regard to managing data in conformance with the regulations and stakeholder expectations; and
• the cost of responding to the compliance expectations.
Faisal Hoque is chairman and CEO of BTM Corporation. BTM innovates business models and enhances financial performance by converging business and technology with its unique products and intellectual property. © 2008 Faisal Hoque