For years, the promise of artificial intelligence has been on the horizon, exciting business leaders across industries. From speculations that it would change the way we do business to the question of how AI would impact our lives at home, there’s no shortage of hype around the burgeoning technology. While still in what will likely later be regarded as its infancy, AI has arrived and is already having an impact across a range of operations, including governance, risk management and compliance programs. There’s no doubt AI holds an enormous amount of potential, but as it rolls out, it’s important to spot the difference between what’s hype and what’s real, and in this industry, there’s no shortage of hype. The hype—far from perfect If you’ve spent years thinking AI was the magic bullet for compliance, legal and security issues, you’re not alone, but unfortunately, the age of unbreachable protections and perfect GRC has not yet arrived. For now, organizations still struggle with these risks. A joint study by Deloitte & Touche and Compliance Week found that, even in an increasingly complex landscape, 40 percent of companies do not complete a yearly compliance risk assessment at all. This leaves companies vulnerable to […]
The recent pandemic has generated an unprecedented health crisis that is affecting people and businesses globally. However, its consequences go far beyond the spread of the virus itself. It has thrown up both challenges and opportunities to organizations across industries. For the banking and financial services industry, for example, it has marked a year that put its risk-taking abilities, business sensibilities, mental and organizational strengths through acid tests. However, despite a few glitches, most financial services organizations have been able to carry out operations smoothly, thanks to their digitization efforts. Over the last year, the financial environment has been changing dramatically, forcing financial institutions to rethink and adapt their business models to the new circumstances. To fight the economic turmoil caused by the pandemic, many countries have already put in place extensive financial measures to support their people, businesses, financial institutions, local governments, and financial markets hit by the economic fallout. While rapid digitization transformed many businesses, it also gave rise to digital risks. Geopolitical tensions have deepened as new working practices and use of new collaboration tools create fresh cyber vulnerabilities and points of weakness for fraudsters and criminals to exploit. And the huge swings in financial markets exacerbate […]
The sudden onset of the pandemic and the subsequent lockdowns and travel restrictions have upended business around the globe. To navigate the resulting complex and dynamic risk landscape, organizations have no option but to go digital. For the internal audit function too, it has become imperative that it reinvents itself with innovative tools and technologies to stay relevant and meet today’s business challenges. In Deloitte’s 2020 survey of audit committee chairs and members, 92% of respondents said that IA should provide insights on and help prepare for emerging risks, while 63% said IA should be faster reporting results of their work. The current volatile business environment warrants an agile, flexible, and future-ready internal audit function that can add value to an organization. Internal Audit: The Digital Transformation Journey The internal audit function provides valuable insights into the effectiveness of an organization’s risk management, governance, and internal control processes. Before considering what Industry 4.0 technologies to adopt to modernize IA, it is important to have a comprehensive view on the level of maturity of this function, the maturity of the technology being considered, and the associated risks. Internal Audit Maturity Level Identifying the current level of maturity of IA marks the […]
Earlier this month, tech titan Microsoft reported a state-sponsored cyber breach which is said to have impacted thousands of businesses around the globe. In a blog post, the Microsoft Threat Intelligence Center (MSTIC) attributed this breach with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China. The group was able to exploit vulnerabilities in the on-premises Exchange Server which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. In this hyper-connected business environment where we depend on multiple organizations to run our business smoothly, the cyberattack surface is continuously expanding and not limited to your infrastructure only. It is imperative that organizations continuously monitor the relevancy and effectiveness of their cyber risk management programs as well as of their partners with whom they are sharing sensitive information to identify and address any vulnerable areas or loopholes. The situation is further exacerbated by the growing interconnectivity of organizations resulting from the accelerated pace of digitalization. As such, organizations are left with an extremely short window of time to react to any emerging or existing risk event. An organization is only as strong as its weakest link. […]
Over the last 45 days as Senior Vice President and Managing Director of Asia Pacific Region, I had had the opportunity to talk to over 100+ customers, partners and potential MetricStreamers and I am excited by what I hear! This is a growth market where GRC is table stakes! But what our customers and partners are looking for is innovation that helps them thrive on risk, using risk as a competitive differentiator and risk by design as a thought process, when they develop their products and services. As the velocity and complexity of risks increases, organizations will need more contextualized insights. They need to make GRC pervasive through automation, AI and frontline engagement; simplify risk-informed decision-making and seize opportunities versus simply mitigating risk. As I build our presence in the region, I am excited by our customer stories. Of how our solutions have solved complex challenges to quantify cyber risks and prioritize investments; increase collaboration by breaking down risk, compliance, and audit silos; enabled the frontline to surface issues in real time and help create a compliant, risk-aware culture across enterprises that empowers our customers thrive on risk. All of this with the strong foundation of a single integrated risk […]
With the growing frequency and sophistication of cyberattacks, cybersecurity leaders are on high alert to implement and maintain an effective and sound cybersecurity program. Cyber risks and the challenges of ensuring robust cyber health are further exacerbated as the digital interconnectivity of people, processes, and organizations continues to intensify. Cyberattacks are growing at an alarming rate and do not show any signs of slowing down. Attacks on web applications alone surged by a whopping 800% in the first half of 2020, according to a report by CDNetworks. The Center for Strategic & International Studies (CSIS) estimates that cybercrime costs the world nearly $600 billion every year. Furthermore, private sector companies are expected to lose $5.2 trillion in revenue to cybersecurity attacks over the course of five years, from 2019 to 2023, as per a report from Accenture. It is important to note here that organizations are often not the victims of a targeted attack, such as hacks, DDoS (Distributed Denial-of-Service) attacks, and others. Untargeted attacks, such as those carried out via malware (worms, spyware, adware, computer viruses, etc.), phishing emails, etc., are not directed towards any specific person or business and are more common. These attacks indiscriminately infect devices, casting […]
The recent MetricStream IT Risk and Compliance Survey Report 2021 reveals a deep divide between IT Cyber Risk Management Strategy and Actual Practice. ______________________________________________________________________________ Since COVID-19, the pace of digital transformation has accelerated dramatically increasing our dependence on technology. Almost everything we do today is digital-first. Unfortunately, this has opened doors to new risks that can have wide-ranging consequences on business profitability and reputation. Today, companies need a clear understanding of their exposure, vulnerabilities, and potential losses related to every decision they make, in order to build and implement a concrete risk-based approach to cybersecurity. Decision-makers need faster and better risk visibility—which calls for an advanced, integrated, and automated IT GRC approach. A couple of months ago, we decided to ask IT risk and cybersecurity practitioners from around the world some pressing questions on the current scenario – How effectively are IT and Cyber risks being managed? How mature are risk assessments and monitoring processes? Who is leading IT and cyber risk programs? And how robust are the tools being used? As it turns out, the pandemic is likely to trigger a surge in IT and cyber risk investments where key focus areas include IT security solutions and regulatory compliance, […]
Over the years, internal auditing has continued to pivot and evolve in response to changing stakeholder needs. From certifying the reliability of financial statements, to advising on a broad range of business risks, regulatory changes, culture, and cybersecurity, internal auditors have adapted time and again to meet business expectations in a dynamic world. Then came the COVID-19 crisis which forced internal auditors to once again shift gears, and find new ways of helping their organizations contain and respond to the crisis. Now, with the start of a new year and the roll-out of vaccines, the end of the pandemic looks to be in sight. As organizations prepare for a post-COVID-19 world, how can internal auditors continue to deliver value? Our latest eBook provides some insights as it explores ways in which internal auditors can strengthen their strategic advisory role to accelerate business performance. Based on these insights, here are four priorities that are likely to be top of mind for internal auditors in 2021. 1. Enhance the business impact of internal auditing Businesses are grappling with digital disruptions, cost pressures, compliance burdens, and more. In the face of these challenges, internal auditors must move beyond their traditional role as corporate […]
As the pandemic continues to batter right through into 2021 and businesses return to the next normal with vaccines making their way into our lives, staying on course with compliance becomes even more critical. Why so? Regulatory and Corporate compliance, closely tied to brand image and reputation, tops any organization’s priority today to steer clear of penalties, work stoppages or lawsuits in an environment where regulatory complexities are growing. Chief Compliance Officers (CCO) recognize that the cost of non-compliance is too high to bear in a world that is still facing the scourge of COVID-19 crisis. CCOs, tasked with guaranteeing adherence while pre-empting risks, understand the value of putting together a risk-based, integrated compliance strategy. So, let’s look at what makes for a comprehensive compliance strategy. Starting with a risk-based and federated approach, it entails tracking regulatory engagements, keeping policies in sync with new regulations, while not taking the eye off integrity and culture needs. A federated approach to compliance makes room for a holistic view, where departments across the board collaborate and share compliance information and technology, but also ensure that the unique compliance needs of each department are kept in place. This is the sign of a true […]