Preparing for a Data Governance Revolution in the See-Through Economy: Takeaways from Speaking at the 2019 ISACA-IIA GRC Conference
Steven Minsky | Aug. 23, 2019
The Internal Institute of Auditors (IIA) and ISACA held their 2019 Governance, Risk, and Control Conference from August 12th to 14th in Fort Lauderdale. This year I was honored to be selected to speak on the effects of data privacy risks in the See-Through Economy in my presentation, “Prepare for a Data Governance Revolution with a Risk-Based Approach.”
Each year, powerhouse risk governance associations ISACA and the IIA bring together the leaders of the governance, risk, and control (GRC) industry from their more than 325,000 combined members from around the world so they can learn best practices, gain new skills, and bring actionable knowledge back to their organizations. This conference empowers organizations to embrace the necessary shift to new methodologies when they tackle both predictable and unpredictable changes in the business. The GRC professionals who attended the conference will be leading the charge of mitigating risks through internal controls, ultimately protecting their organizations’ reputations in the See-Through Economy.
I’ll be recapping below some of the key takeaways I shared with nearly 400 attendees during my session, in addition to tools I provided that you can use in your own organization.
The Challenge: Managing Increasingly Daunting Data Diversity in the See-Through Economy
The International Data Corporation predicts that there will be a ten-fold increase in worldwide data by 2025. As businesses continue to experience this increasing amount of data, governing it becomes even more complex. As a result, organizations are relying more and more on third party vendors to store and manage their data. This practice creates additional data privacy risks that must be properly governed by the business in order to prevent cybersecurity breaches. Although you can outsource a process, you can never outsource the associated risks.
The public sets high expectations for a company’s cybersecurity program. For example, 92% of consumers agree companies must be proactive about data protection. To aid consumers’ high expectations, the See-Through Economy connects people all over the world through social media and provides an outlet for them to voice their concerns. When expectations are not met, investors are front-row witnesses to consumer outrage, which consequently affects how they invest. Fortunately, cybersecurity mishaps are completely preventable with an enterprise risk management software.
Use the See-Through Economy to Your Advantage
It is important to note that the See-Through Economy does not have a negative connotation. Companies need to also take advantage of its benefits. As I was traveling to this conference, I flew down on Spirit Airlines, which had the best availability for my schedule. People were surprised to hear that as a CEO, I was traveling on an airline with such an apparently negative reputation. However, I was pleasantly surprised with the entire Spirit experience. There were no technical difficulties, I was on a brand new plane with comfortable seats, and each associate I interacted with was nothing but friendly. Spirit is a prime example of an organization who could use the See-Through Economy to their advantage. By projecting positive customer experiences like mine that don’t align with the bad stereotypes, Spirit could benefit. Using social media as an outlet, the public could be made aware of positive customer experiences.
Connect Your Risks to the Right Controls
In my session, I shared two helpful tools: the risk-based approach wheel and risk-based translator. Each of these tools helps organizations effectively communicate and engage with employees in various departments, levels, and stages across the enterprise. Using a risk-based approach and engaging the entire business is especially important when we think about how the controls we have in place connect to known risks.
Connecting risks to mitigation activities is the first step in preventing risk management failures. To help further explain this I gave the following example. As I was going through airport security on my way to the conference, I brought along with me a bag of pocket-sized hand sanitizers to give out at the LogicManager booth. I was worried that this would violate the policy requiring liquids to be less than 3.4 ounces given that there were so many of them; however, when I asked the security personnel, I was informed this was allowed. Grateful I did not have to throw out 50+ hand sanitizers, I still found myself pondering the risk at hand. Although TSA was able to check off the box that the hand sanitizers were technically all under 3.4 oz, I still boarded the plane with well over this amount of liquid. What risks are the controls actually mitigating? With an effective risk management program, TSA could map this risk to an appropriate control so that it becomes clear what they are trying to prevent and avoid a potential disaster.
Implementing a risk management program is essential, and soon you will become the superhero of your organization. How do you get the board’s buy-in for continued support? It’s simple. When presenting ERM to the board, keep it short, and colorful. C-level executives do not have the time to go through the ins and outs of every department. Fortunately, all you need to communicate with your executives are dashboards that aggregate data across the enterprise into concise reports. With new technologies and increasing amounts of data and partnerships, risks are inevitable. An enterprise risk management system can help. Proactively manage your risks by connecting them to the appropriate mitigation activities and internal controls across the enterprise. Ultimately, ERM helps identify controls in a fast-moving environment to make sure the right people with the right knowledge are making key risk-reward account decisions. With a proactive and engaging ERM strategy in place, you’ll be able to avoid any corporate disasters. Lastly, play up to the advantages of the See-Through Economy to showcase satisfied customers and highlight the risks you are properly mitigating at your organization.