Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.
TechRepublic's Karen Roby spoke with Tonny Dekker, global enterprise risk consulting leader at EY, about how boards feel about investing in technology for risk management. The following is an edited transcript of their conversation.
SEE: Security incident response policy (TechRepublic Premium)
Karen Roby: EY released the findings of a new survey, in which it talked to many board members about their feelings on this, and I think it is somewhat eye-opening. Tonny, this was a really big survey, very informative. Just give us a snapshot of the survey itself and the information you were looking to gain from this.
Tonny Dekker: The survey was done with a number of organizations that have revenue above one billion dollars. And we did it with, 500 board members. They are either on the supervisory board or they are on the board being executive. But most important is that we do this yearly to feel some insight. What is going on in the minds and in the hearts of those board members, when it concerns risk management, and that's not limited to what other specific risks they see and the trends they see, but also the organizational side of it. Like how did they feel, from their supervisory and oversight responsibility that they feel confident about what they have oversight on and how they look at the functions they are supervising and management, how they deal with risk management. And that is, every year, quite an exercise to your point, quite significant, but it also gives us really some deep insights on what's going on and gives us some of the insights we need in order to better serve our clients and build a better working world.
Karen Roby: And sometimes Tonny, we know with surveys like this, you somewhat expect things to come out of it. And then some things really shock you. What really stood out to you?
Tonny Dekker: What specifically, in this one, stood out for me personally, and also with our role in risk management is that, one of the aspects and areas we were emphasizing was the use of technology and data. And we expect that most would say, "Yes, technology and data has become more important." What came out, because we did parallel to that interviews with chief risk officers, and we saw that there is a gap between what boards are thinking and finding about the risk management function and what they would expect and what chief risk officers expect.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
So, what stood out is that boards feel more than ever before that the usage of technology and data is extremely important, going forward. They see much more need in forward-looking trends and predictive analytics on risks evolving, and also the weak signals of risks that might appear at the horizon.
And that the use of technology and data is critical. And yet, we see that not all chief risk officers are fully comfortable with that. They feel they are well doing in the classic compliance corner they're in, and they feel that to get out of that corner, that it takes quite an effort, and board members don't accept it anymore. They need more than just the compliance reporting. I don't want to generalize this, but it is an insight that was mostly feeling toward.
Karen Roby: And so, Tonny, does that sound like a lot of this information is in line with where you thought it would be?
Tonny Dekker: As I'm daily in contact with many of my clients, I normally know quite well what they express. What I found encouraging is that the board members now feel much more their responsibility, that they also express that they have a role in it to say, and that they can influence it. So, it's not enough to just express, "I expect more," but board members start to feel the responsibility that they can through the budget process for the year, enforce that more investments is being done in technology and in data analytics and in the skills, that are needed for that in the functions, and that was quite for me, surprisingly positive, that awareness is much more there, but more is needed, obviously.
SEE: Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)
Karen Roby: Always room for some growth there, Tonny. Talk a little bit about how COVID has played and is playing a role in the way board members are feeling.
Tonny Dekker: Yeah, I think COVID was an accelerator in that sense, it was like almost capitalizing the thought process. So one would expect that if COVID would not have been there, there was much more emphasis and interest in the digitalization of the business. And in looking at the opportunities at the horizon. What COVID did is, it enforced organizations to rethink rapidly the operating model. It also encouraged the boards that disruptions are here to stay so more and more disruptions are there. COVID was just one of them which could have been predicted.
And that's created, I think a thinking process in boardrooms that more disruptions will come and we'd better take the time and consider how, as organization we are going to cope with it. And that means that aid, in terms of putting budgets aside or being open-minded about the opportunities that disruption may bring to the organizations, that will be addressed. So, COVID was definitely an accelerator and created much more stamina, but also much more encouragement to go for it.
Karen Roby: All right, Tonny. And in closing here, just talk a little bit about what you think this survey says about our future and what's to come?
Tonny Dekker: I think what the survey clearly shows is that board members feel much more responsible for risk management than ever before. We see that the board members feel that they need to create awareness. Each board member should create awareness within the board about the responsibility of technology and usage of data.
There's much more consciousness that forward-looking data, evolving risks and the velocity of weak signals developing into the risk of crystallization needs to be attained by organizations. And with that boards have to talk with risk management, have to enforce that skills are being upgraded and that external data, as well as internal data, are being old school technology with artificial intelligence to estimate much better than ever before what scenarios could be there that an organization should look at. And that forward-looking aspect is a thing that will evolve very quickly in the coming years and what you will see in the years to come is that those organizations that don't address that will have a very hard time because it's being expected by the stakeholders of the organization.
Subscribe to TechRepublic's YouTube channel for all the latest tech information and advice for business pros.
- The security and privacy behind IBM's Digital Health Pass (TechRepublic)
- Colonial Pipeline attack reminds us of our critical infrastructure's vulnerabilities (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)