Risk Management Magazine (Aug 2023)
The growing importance of digital risk&governance
Abstract
The aim of the paper is to explain what is meant by Digital Risk&Governance. For this purpose, it is important to retrace the technological evolution that has affected the last few decades: from branches to Mobile Banking, from the digitalization of transactions to the creation of Fintech, from the first process automations to Artificial Intelligence. This evolutionary journey has not only involved and still involves the birth of new technologies, but also the possibility of seizing new business opportunities and therefore necessarily of facing new types of risk, which are not always intuitive and easy to fully understand and manage. In this context, the role of the Regulator is fundamental not only to make available to companies elements for a correct and complete understanding of Digital/ICT Risk, but also to provide guidelines that allow for the construction of an organizational and governance model suitable for gaining awareness risk and to assess, manage and monitor it. A fundamental role is played by the Digital Operational Resilience Act (DORA), which certainly better defines some aspects that until recently did not find a clear place, but - even more important - which allows these aspects to be included in an organic and holistic framework. Governance and organization are essential in this panorama, the only functions capable of spreading the risk culture necessary to overcome the silo mentality and to establish the cultural paradigm change essential for managing ICT Risk. Given the extension of the perimeter that is generally included under this risk, the paper goes on to underline the most relevant aspects and suggests in a practical way the components on which companies should concentrate in order to implement and make usable an all-round management framework: from the identification of critical functions to the importance of having tools capable of certifying the correctness, completeness and quality of the data. Another high-sounding and closely related theme, which therefore could not fail to be addressed in the paper, is represented by the cyberattack and its impacts on the market. The paper then closes with a theme which, in our opinion, plays an even more stately role than the creation of an overall framework can play: the Digital Strategy, consciously accessible only through a Digital Risk&Governance framework, but which represents the ultimate goal to which companies should aspire.
Keywords