Professional Documents
Culture Documents
Za Managing Risk in Digital Transformation 112018
Za Managing Risk in Digital Transformation 112018
2
Managing Risk in Digital Transformation
Introduction
Consumers and businesses are adopting digital
technology at a rapid pace, and while this is
generating new opportunities, it in
Managing Risk is Digital
also creating
Transformation
new risks.
The digital transformation journey of many Currently risk management teams remain on a reactive
Security
things (IoT), artificial intelligence (AI), cloud business insight with which they have been equipped.
computing, predictive analytics and blockchain As technology transformations shift the risk
rapidly changing the way many companies design landscape, organisations will
and curate experiences, manufacture, distribute need to develop an
and service products. entirely new approach
to digital risk. Our
An increased burden is being placed not only on Deloitte Digital Risk
the IT department but also on the internal risk Framework will assist
Laying out the building blocks of the digital
ourrisk
clients in this
function. Business leaders areismaking
strategy crucial tostrategic
its success. An immediate step
choices on the investment, technology, resourcing Journey.
by organizations is to have robust measures around
levels and the skills needed to operate
cybersecurity a digital
and the easiest approach is to perform
typical
business, all of which will information
have an impactsecurity
on theand/or cyber security
assessments of systems. The questions which need
short-term profitably and long-term viability
to be addressed are, ‘Is this enough? Is cybersecurity
of their businesses. These strategic choices
the only risk to a digitally enabled organization?’
inevitably involve an element of risk. At the same
time businesses have Forto cope with external
an effective digital environment to meet the
threats. For example, asdesired objective,
businesses it is critical to consider risk areas
undergo
digital transformation beyond
and moretraditional
of theirrisk. For example, social media
assets
is becoming an integral part of marketing, thereby,
become digital, the threat of cybercrime and risks
creating risks to brand value and reputation.
around data privacy are growing.
Similarly, customer profiling is prominent for better
customer experience, but then profiling process
While digital transformation
should beis creating
aligned tomajor
protect privacy of customer
data. Another
opportunities for organisations, important
it is also aspect to be considered is
digital resiliency–due to large dependency on the
introducing a new dimension to the traditional
technology, the availability of the systems is non-
view of risk. negotiable. There are several other scenarios across
different industries and operations that cover other
risk domains that could be considered.
06
1
Managing Risk in Digital Transformation
2
Managing Risk in Digital Transformation
3
3. Generate movement
Apply algorithms and automation to
translate decisions and actions from
Source: Deloitte Centre for Integrated the digital world into movements in
Research/Deloitte Insights. the physical world.
3
Deloitte’s Digital Risk
Managing Risk in Digital Transformation
Framework
Framework
Deloitte’s Digital Risk
Deloitte’s Digital Risk
Framework
Framework
Strategic
Strategic
We have We have considered10 risk 1010 risk
Weconsidered
have considered risk
ns areas–Strategic,
areas:areas–
Strategic,Strategic,
Technology, Technology,
t io ns Technology Technology,
e ra t io Technology
Op e ra Operations,
Operations, Third
Third Party, Party,
Op Operations, Third Party,
Strategic Regulatory, Forensics,
Regulatory, Cyber,
Forensics, Cyber,
Digital Payments
Digital Payments Regulatory,
We have Resilience,
considered 10 risk Forensics, Cyber,
Data Leakage, and
ns Cloud
Cloud areas– Strategic,Resilience,
Resilience,
Technology, Data
Data Leakage,
Leakage, andand
e ra
t io Technology Privacy-as the risk landscape
Op
Digitalisation
Digitalisation
of RM of RM Third-
Third- Operations, Privacy–as
Privacy–as
Third
in any Party,
digital the risk landscape in in
the
ecosystem. risk landscape
Party
Party
Digital Payments Regulatory,
Based any
Forensics,
any digital
Cyber,
digital
on the ecosystem.
ecosystem.
applicable Based
risk Based on on
Resilience, Data Leakage,
the andinitiatives,
applicable risk areas for the
CyberCyber Cloud
Customer
Customer
Lifecycle
Robotic
Robotic areas the applicable risk areas for the
for the digital
Digitalisation
of RM
Lifecycle Process
ProcessThird-
Automation
Privacy–as the riskcontrol
different landscape in
measures
Automation
Party
Operational
Operational andand any digital ecosystem.
need to be Based on
designed as to be designed
Technology
Technology Asset
Asset
Data
Data Cognitive
Cognitive measures
measures need
need to be designed
Cyber (SCADA) Customer
Lifecycle Lifecycle
Robotic Intelligence the applicable risk areas for the
(SCADA) Lifecycle
Lifecycle Lifecycle Process Intelligence
(RPA&CI) per leading standards and
as per leading standards and
Data
Operational
Automation
and
(RPA&CI)
Data
Leakage industryaspractices.
per leading standards and
The critical
Employee Leakage
measures needindustry
to be practices.
designed The critical
aspectindustry
in definingpractices. The critical
Technology Asset Data Cognitive
(SCADA) Lifecycle
Employee
Lifecycle
Lifecycle
Lifecycle
Intelligence the controls
(RPA&CI)
Data as per leading standards and
Blockchain
BlockchainLeakage
is to take into consideration
IOT Employee industry practices.
is toThe
take critical
intoofconsideration the
Privacy IOT Lifecycle the nature
is toandtake level
into consideration the
Privacy nature and level of digitization in
Blockchain
digitisation in the operations,
IOT
nature andthe
is to take into consideration level of digitization in
Privacy Digital Risk
AI as the
most ofoperations,
these areas as most
are at of these
DigitalStrategy
Risk nature and levelthe operations,
of digitization in as most of these
Strategy AI a areas are at a nascent stage and
nascent stage and tightly
the operations, as most of these
areas are at aornascent stage and
Digital Risk
y
to r coupled with coupled
systems
AI
Strategy
u l a tightly
areas are at a nascent stage andwith systems or
Resilience e g to r y
or y R
ula
manual tightly coupled
processes,
tightly coupledmanual
with systemsprocesses,
or
with
so there systems
so there or
might
Resilience la t eg
Resilience gu R might be constraints to
Forensics
R e
manual processes,
Risk Areas
manual
be constraints processes,
so there might so there
to implement the might
implement the controls.
Forensics
Forensics Risk Areas be
Risk Areas constraints be
to constraints
implement
controls. the to implement the
Extended Enterprise
controls. controls.
Digital Governance Customer Experience Extended Enterprise
Extended Enterprise
Enterprise
Digital Governance Customer Experience
Digital Governance Customer Experience Enterprise
Enterprise
07
07
4
Managing Risk in Digital Transformation
Managing Risk in Digital Transformation
5
Managing Risk in Digital Transformation
10
7
Managing Risk in Digital Transformation Managing Risk in Digital Transformation
8
Managing RiskRisk
Managing in Digital Transformation
in Digital Transformation
Managing Risk in Digital Transformation
Discover
Aligned to the organisation’s Digital vision, study the selection of digital enablers, and analyse
the context so as to assess the digital footprint and its impact.
Develop
Based on Deloitte’s Digital Risk Framework, develop a risk-based digital architecture
customised to the organisation’s digital needs and operating environment.
Implement
In the context of business, implement the risk-based digital architecture for the selected
digital enablers supported by an overall risk governance.
Monitor
Embed a continuous review process that evolves in response to disruption and new
developments across the digital estate, legal and regulatory requirements.
11
9
Managing Risk in Digital Transformation
Sustainability
Sustainability
“An approach to digital risk management should begin with an
understanding of the organisation’s digital footprint and creating a register
of digital risks using our Deloitte digital risk framework as a base.”
“An approach to digital risk management should begin with an understanding of the organization's digital foot
print and creating a register of digital risks”
03
12
10
Managing Risk in Digital Transformation
Conclusion
Digital Transformation across can create a scalable and adaptable its impact to the existing ecosystem
industries has led to a rapidly digital journey encompassing a to drive optimum value from their
changing business environment well-defined digital strategy, an digital initiatives. Despite all the
which offers exponentially appropriate business case, and a challenges and risks that the evolving
augmenting opportunities for new customised and flexible approach. environment presents, organisations
capabilities and initiatives. cannot overlook the opportunities
Along with Digital transformation, that ‘moving to digital’ brings forth
One of the most critical success it is imperative for organisations along with the profound impact that
factors to win in this digital era is to also manage the risks that are it shall have on them.
organisational agility. Businesses introduced into the environment and
11
Managing Risk in Digital Transformation
Contacts
Navin Sing Michele Townsend
Managing Director: Risk Advisory Africa Risk Advisory Africa: Director
Mobile: +27 83 304 4225 Mobile: +27 82 441 7164
Email: navisingd@deloitte.co.za Email: mtownsend@deloitte.co.za
Keshnee Naidoo
Shahil Kanjee
Risk Advisory Africa: De-risking Digital
Risk Advisory Africa Leader: Cyber
Transformation Leader
Technology Risk
Mobile: +27 82 960 0982
Mobile: +27 83 634 4445
Email: kesnaidoo@deloitte.co.za
Email: skanjee@deloitte.co.za
Anthony Olukoju
Wesley Govender
Risk Advisory Regional Leader: West Africa
Risk Advisory Africa Leader: Data Analytics
Mobile: +234 805 209 0501
Mobile: +27 83 611 2929
Email: aolukoju@deloitte.com.ng
Email: wgovender@deloitte.co.za
Temitope Aladenusi
Gregory Rammego Risk Advisory West Africa: Director
Risk Advisory Africa Leader: Forensic Mobile: +234 805 901 6630
Mobile: +27 82 417 5889 Email: taladenusi@deloitte.com.ng
Email: grammego@deloitte.co.za
Julie Nyangaya
Rushdi Solomons Risk Advisory Regional Leader: East Africa
Risk Advisory Africa Leader: Internal Audit Mobile: +254 20 423 0000
Mobile: +27 741 414 444 Email: woelofse@deloitte.com
Email: rsolomons@deloitte.co.za
Rodney Dean
Candice Holland
Risk Advisory Central Africa: Director
Risk Advisory Africa Leader: Regulatory Risk
Mobile: +263 867 700 0261
Mobile: +27 82 330 5091
Email: rdean@deloitte.com.ng
Email: canholland@deloitte.co.za
12
Managing Risk in Digital Transformation
13
Managing Risk in Digital Transformation
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network
of member firms, and their related entities. DTTL (also referred to as “Deloitte Global”) and
each of its member firms are legally separate and independent entities. DTTL does not provide
services to clients. Please see www.deloitte.com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk
advisory, tax and related services. Our network of member firms in more than 150 countries
serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately
264,000 people make an impact that matters at www.deloitte.com.
This communication contains general information only, and none of Deloitte Touche Tohmatsu
Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by
means of this communication, rendering professional advice or services. Before making any
decision or taking any action that may affect your finances or your business, you should consult
a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any
loss whatsoever sustained by any person who relies on this communication.
14