Page 13 - IRMSA Risk Report 2020
P. 13
DISR UPTIVE TECHNOL OGIES
T OP CHALLENGES TO P TREAT MENT S
• Disregard for “organic”/“silent” of • Carry out a full “risk context and maturity study” to
disruptive technologies. understand and determine the impact of this risk on
• Failure by risk teams to fully the organisation.
comprehend risk to incorporate • Incorporate “smart-tech” into risk decision making
new technologies into risk management and internal audit processes.
methodologies. • Complete a “disruptive technology audit” with skilled
• Non-recognition interrelationships between advisors.
new technologies environmental risk, health • Upskill risk and executive teams in understanding
safety risks, risks, and and dealing effectively with potential disruptive
others. technologies.
• Silo-thinking organisations their • Ext gover t oversee
responses integrated technology beyond information technology.
thinking to treat technology risks.
• responsibilities and
secondary risk exposures that come from disruptive
technology opportunities.
C Y BER AT TA CKS , D ATA FR A UD AND D ATA THEFT
T OP CHALLENGES TO P TREAT MENT S
• Cyber risk discussions of oversight and executive • Oversight and executive bodies must show intent
bodies do not include the identification of risks to and action and ensure that the whole organisational
avoid, risks to accept, and risks to treat or transfer. awareness programme is driven relentlessly.
• Ov executiv approach • Oversight and executive bodies must set clear
cybersecurity as an IT issue and do not plan expectations of their appetite for cyber risk. This must
adequately to prevent, respond, and recover from a be linked to performance measures and a mature
potential cyber event. risk response, with adequate resourcing and budget.
• Human error is still the most common cause of • Understand the consequences and legal implications
successful cyber breaches. of cyber risks and how these relate to their specific
• Cyber risk is dynamic in nature and the pace of circumstances.
technological innovation remains rapid. • Impact and vulnerability analyses, information
• Incidents, innovations, and lessons learnt are not classification, and alignment with the system of
shared across industries and organisations. control are key.
• Cybersecurity awareness training is critical as
most vulnerabilities are caused from within an
organisation.
F AIL URE , DEL AY AND / OR SUB-OPTIM AL IMPLEMENTATION OF EC ONOMIC
REFORM INITIATIVES
T OP CHALLENGES TO P TREAT MENT S
• The inability of government to deal decisively with • Design market-friendly policies that can attract both
state capture. foreign and local investment.
• Rising debt to Gross Domestic Product. • Create viable public-private partnerships to deal
• Falling business confidence sentiment. with State Owned Enterprises and boost investor
• Ongoing inability by government to deal with State confidence.
Owned Enterprises. • Prioritise state spending in strategic areas such as
• Policy uncertainty/market unfriendly policies. public health and education.
• Failure to attract foreign direct investment. • Implement austerity measures, re-deploy youth to
invigorate state departments and dispose of state
assets.
• Deal decisively with state capture through the
National Prosecution Agency’s arrest of high-profile
individuals.
T A B L E 2 : S O U T H A F R I C A T O P 1 2 R I S K S – C H A L L E N G E S A N D R I S K R E S P O N S E S .
1 2
