APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Risk Management
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Risk Assessment Keeping Cyber Bully Away

    Paul Ernst, CIO, Sandler Capital Management

    Digitization Transforming Business in all Sectors

    Robert Aitken, CIO, Beyond Bank Australia

    Trend Micro: Nurturing Risk Management with Hybrid Cloud

    CEO & Co-founder

    Ensuring your Seat on the Leadership Table

    David Otte, CAO and CIO, Bingham Greenebaum Doll LLP

    Cyber Fraud - the Silent Killer

    Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.

    All Roads Lead to Risk Assessment

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Navigating the Dynamic Terrain of Modern Banking

    HenkySulistyo, Chief Risk Officer ,CIMB Niaga

    Getting the Most from Your Road Risk Management Programme

    Caroline Perry, Development Director at Brake

    right

    Managing Technology Risks

    Andrew Koh, Deputy Chief Manager, Risk Management, China Construction Bank

    Tweet
    content-image

    Andrew Koh, Deputy Chief Manager, Risk Management, China Construction Bank

    Today’s business landscape is ever evolving, competitive, driven by disruptive technological innovations, all trying to match changing consumers’ demographics and expectations. Enterprise Risk Management (ERM) is in the business of preventing potential major risks from emerging out of these disruptive environments. Using ERM to manage risks, support disruptive technologies and protect innovators’ reputations.

    With the exceptions of a few global technology players, ERM in the technology world is severely under-represented. Not surprising, innovation always comes first and well supported by companies as a whole. However, today’s rapidly evolving and highly disruptive business landscape, driven by the need to meet changing demographics with the rise of millennials and new business expectations, should equally make these companies more compelling to learn to use ERM to effectively managing technology risks that serves to protect their businesses and safeguard their own reputation so that they can continue to drive innovation. The fallout of firms as a result of reputational risk often causes the public, governments and regulators to raise issues of questionable internal practices and governance in these affected companies.

    ERM in a Technology World

    Based on COSO or ISO 31000 standards, ERM relates to managing risks within an organisation in holistic, end-to-end processes that cuts across different business lines within an organisation. In the technology landscape, the closet cousin to ERM is Information Technology (IT) security that contain elements of IT risk management processes, albeit in silo-style way in managing risks within an IT environment.

    "Risk assessment serves to identify, quantify, control and review potential major technology risks in both daytoday businesses and also in major projects undertaken by these companies"

    Yet one of the greatest challenges remaining today is how to marry ERM and IT security together as these are hired, run by two different and distinct groups of people that shared little in common in terms of working background and experiences, make worse by specialised educational and industry training courses.

    ERM expertise tend to be drawn from finance and audit professionals graduate from business schools, while IT security talent pools are more often drawn from IT graduate with computing and information system backgrounds.

    Conducting risk training and involving key projects for ERM and IT personnel together has been proven to be the most direct and effective approach to formally address these challenges in bringing the mindsets of the both parties to a common level of understanding threats, vulnerabilities, risks, and structured levels of cooperation, depending on the degree of risk levels. As an ERM thought leader, I am proud to have personally trained technology and risk leaders, involved in major national technology projects, as well as the privileged to be invited to participate in global IT and ERM related events.

    Risk Assessment on New Technologies and Innovations

    Drawn from personal experiences, engagement with board directors and C-Suite executives, amongst the widely acceptable ERM concepts lie in the risk assessment process. Risk assessment serves to identify, quantify, control, and review potential major technology risks in both day-today businesses and also in major projects undertaken by these companies. Yet many companies struggle to effectively identify and to quantity all key risks arising from technology related activities they are facing and potentially exposing them to uncertainty and future potential losses. The real challenges lie within the capabilities of corporations to effectively identify and to quantify losses from potential risks, because they are often cannot be measured and quantified such as reputational risks and the impact on their profitability and on their own brand valuations.

    Risk Leadership in Understanding Disruptive Technology Risks and its Impact

    A prominent Board member of a major corporation once said to me to take risk leadership to managing risks is to have a complete understanding of how disruptive technology risks can impact on stakeholders that are embracing these transformative processes. This also meant ERM managers have to understand the fundamental concept of technology itself before further extending to how disruptive technologies can impact on the firms they are working.

    Reputation Risk

    Managing reputational risk remains an elusive, moving target across all governmental agencies, corporations and financial institutions. It’s like the gathering of and cumulating to the creation of a perfect storm. Think about how just one client dissatisfaction can snowballed to groups of clients complaining against defective product quality, poor safety records, environmental and health issues on one hand, while the same company may face other issues such as regulatory enquiries to addressing these complaints, legal and other financial liabilities as more information became known both within the affected firm itself and outside the firm.

    Selecting the appropriate ERM techniques and working with risk owners to identify potential risks and to quantify them can help companies to internally manage their own reputation and can even prevent reputational risk from escalating towards its full potential by working out how a specific potential threat(s), can lead to a specific risk from occurring and its potential impact across economic costs, regulatory actions, customers’ complaints and ultimately aggregating these impacts on a company’s risk appetite statement. One of the ways to prevent potential reputational risks is to design together with risk owners, a set of key risk indicators (KRIs) and serving as early predictors of risk transformations, to support the monitoring of key performance metrics that may potentially lead to an underlying reputational risk profile changes.

    Operating from Singapore, China Construction Bank delivers 24x7 services to its clients and caters accessibility to mobile phone banking, household banking and personal online banking as well.

    tag

    Financial

    Information Technology

    Enterprise Risk Management

    Weekly Brief

    loading
    10 Most Promising Risk Management Solution Providers - 2017
    ON THE DECK

    Risk Management 2017

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/cxoinsights/managing-technology-risks-nwid-3915.html