Home > Audit, Cyber, Governance, GRC, Risk, Technology > Technology, Strategy, Cyber, and Risk

Technology, Strategy, Cyber, and Risk

November 8, 2014 Leave a comment Go to comments

How do you assess the risk of missing the opportunity to leverage disruptive technology?

Does being on the “bleeding edge” still scare you?

Are you scared of cyber risk that you are rooted in place?

With incredible advances in technology coming at us from all sides, the potential for organizations to offer new products and services, as well as make dramatic improvements in how they run the enterprise, is huge.

Yet, each of these new technologies also introduces new risks that are of concern to information security, risk, and assurance professionals.

I am concerned that organizations are not prepared to survive let alone thrive in this environment.

I want to share some questions for your consideration, but let’s look first at one new technology that is emerging as disruptive to manufacturing and other sectors: additive manufacturing, commonly known as 3-D printing. These two sites explain some of the potential:

For most of us, 3-D printing is something from the world of science fiction or TV series. But, it is real and it is now.

Do you think every organization that could be affected by this technology has taken the necessary steps to determine how it should affect their organizational objectives and strategies? Do they even know how it could affect them?

My questions:

  1. Is your organization monitoring new technology and able to identify how it could affect your organization?
  2. Do you know what your competitors may be doing with it?
  3. Do you know what other organizations are doing or planning to do that might turn them into competitors (think Apple and Rolex)?
  4. Are the right people thinking about how the technology could affect your organization?
  5. Do they have the ability to come up with ways to use the technology that are novel and different from others?
  6. When new technology is considered, does your organization have reliable processes to assess related risks?
  7. Is the voice of risk heard – and understood?
  8. Is your organization prepared to take the risks necessary to succeed?
  9. Do you understand the risk of not taking the risk?
  10. Is your organization sufficiently agile to cast old ideas aside and seize the opportunities?
  11. Is your organization willing to wait when the (adverse) risk exceeds the opportunity?
  12. Do your information security, risk management, internal audit, and other assurance providers steer you to take the right risks or are they only a drag, pointing out the negative?

Do you agree with this list? What would you change?

I welcome your comments.

  1. allanmisner
    November 11, 2014 at 2:11 PM

    I think your list is complete, but more to the point, how do we recognize when your companies are properly structured? While now directly within my charter, I do see structural changes in the company with certain departments growing quickly (i.e., planning, business development IT, and communications). This is an indicator of adjustment to/for change, but nothing guarantees a company is ready for disruption.

  2. Norman Marks
    November 11, 2014 at 2:14 PM

    Allan, growth is not always an indicator of agility. Sometimes a larger department has more to protect and becomes resistant to change.

    How do you know whether your organization is agile? I don’t know that there is an easy test. It’s probably something you can sense in the way the management team operates.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: