Ever-changing business environments and technological innovations bring new challenges and risks to an enterprise, with regard to Information Communication Technology (ICT). Risk management encompasses physical, logical, hardware, software, network-related cyber security issues, suitability of the IT architecture, IT alignment with business goals, and IT service delivery issues such as confidentiality, integrity and availability of information system.

EMERGING IT RISKS

Emerging social networking tools, mobile platforms, and cloud computing technologies are available to IT professionals. Adoption of these frontier technologies has enormous benefits, but effective controls must be in place to secure interconnectivity and flow of data. When opting for energy-efficient, greener and cost-effective cloud computing services such as Software as a Service (SaaS), and Infrastructure as a Service (IaaS), enterprises must take abundant precaution to secure its ICT from unauthorised access.

There is no option for the IT professionals but to be proactive, vigilant and keep abreast with the emerging risks. The traditional, fragmented-silo approach to IT risk management should be done away with. Instead, comprehensive enterprise risk mitigation, integrating formal risk management and governance framework, should be adopted, along with some other key enterprise risks like credit risks, operational risks and market risks.

GREENER SOLUTIONS

Increasing energy consumption, generation of toxic e-wastes, emission of greenhouse gases, and overall costs, should put the focus on greening IT practices. ICT needs to be aligned with sustainability concerns and corporate social responsibility goals, and an appropriate Triple Bottom Line policy has to be adopted. Cloud computing, no doubt, will reduce energy costs relating to servers, switches, and storage, as well as critical infrastructure components such as power and cooling systems, provided security concerns are effectively addressed.

Best benchmarked industry practices and greener IT solutions reduce energy and water consumption, besides waste generation. The goal is to have a high level of ICT reliability, availability, and customer satisfaction by alignment with overall organisational sustainability efforts. Energy-efficient, industry processes and manufacturing technologies can be adopted. Proper planning, effective implementation, and continuous review will help in establishing greener, cost-effective ICT solutions.

RISK MANAGEMENT

Proactive enterprise risk management should involve IT professionals in designing and implementing effective technical, procedural and physical controls for ICT governance, keeping in view the fundamental goal of protecting the organisation's information assets against emerging threats. Specific controls are embedded in IT systems to address risks. Some of the best practices for information security management are ISO/TEC-2702 and 27k series standards. Professional bodies such as ISC, SANS, ISSA, ISF, and ISACA issue standards for best information security practices. Besides, government laws also regulate important IT security concerns involving electronic signatures, copyright, privacy, governance.

IT audit has a critical role, being an independent evaluation of an entity's Information and Communication Technologies. It is a challenging responsibility to form an opinion on the proper alignment of the ICT system with the strategic business goals, which is capable of providing accurate, complete, and reliable information to help in decision-making, while safeguarding assets and resources.

(The author is Director-General, CAG Office.)

Related Topics
comment COMMENT NOW