Managing Technology Risks

ERM expertise tend to be drawn from finance and audit professionals graduate from business schools, while IT security talent pools are more often drawn from IT graduate with computing and information system backgrounds.

Conducting risk training and involving key projects for ERM and IT personnel together has been proven to be the most direct and effective approach to formally address these challenges in bringing the mindsets of the both parties to a common level of understanding threats, vulnerabilities, risks, and structured levels of cooperation, depending on the degree of risk levels. As an ERM thought leader, I am proud to have personally trained technology and risk leaders, involved in major national technology projects, as well as the privileged to be invited to participate in global IT and ERM related events.

Risk Assessment on New Technologies and Innovations

Drawn from personal experiences, engagement with board directors and C-Suite executives, amongst the widely acceptable ERM concepts lie in the risk assessment process. Risk assessment serves to identify, quantify, control, and review potential major technology risks in both day-today businesses and also in major projects undertaken by these companies. Yet many companies struggle to effectively identify and to quantity all key risks arising from technology related activities they are facing and potentially exposing them to uncertainty and future potential losses. The real challenges lie within the capabilities of corporations to effectively identify and to quantify losses from potential risks, because they are often cannot be measured and quantified such as reputational risks and the impact on their profitability and on their own brand valuations.

Risk Leadership in Understanding Disruptive Technology Risks and its Impact

A prominent Board member of a major corporation once said to me to take risk leadership to managing risks is to have a complete understanding of how disruptive technology risks can impact on stakeholders that are embracing these transformative processes. This also meant ERM managers have to understand the fundamental concept of technology itself before further extending to how disruptive technologies can impact on the firms they are working.

Reputation Risk

Managing reputational risk remains an elusive, moving target across all governmental agencies, corporations and financial institutions. It’s like the gathering of and cumulating to the creation of a perfect storm. Think about how just one client dissatisfaction can snowballed to groups of clients complaining against defective product quality, poor safety records, environmental and health issues on one hand, while the same company may face other issues such as regulatory enquiries to addressing these complaints, legal and other financial liabilities as more information became known both within the affected firm itself and outside the firm.

Selecting the appropriate ERM techniques and working with risk owners to identify potential risks and to quantify them can help companies to internally manage their own reputation and can even prevent reputational risk from escalating towards its full potential by working out how a specific potential threat(s), can lead to a specific risk from occurring and its potential impact across economic costs, regulatory actions, customers’ complaints and ultimately aggregating these impacts on a company’s risk appetite statement. One of the ways to prevent potential reputational risks is to design together with risk owners, a set of key risk indicators (KRIs) and serving as early predictors of risk transformations, to support the monitoring of key performance metrics that may potentially lead to an underlying reputational risk profile changes.

Operating from Singapore, China Construction Bank delivers 24x7 services to its clients and caters accessibility to mobile phone banking, household banking and personal online banking as well.