The growing importance of digital risk&governance

Risk Management Magazine Pub Date : 2023-08-29 DOI:10.47473/2020rmm0126

Valerio Begozzi, Matteo Oldani, Francesca Terrizzano

{"title":"The growing importance of digital risk&governance","authors":"Valerio Begozzi, Matteo Oldani, Francesca Terrizzano","doi":"10.47473/2020rmm0126","DOIUrl":null,"url":null,"abstract":"The aim of the paper is to explain what is meant by Digital Risk&Governance. For this purpose, it is important to retrace the technological evolution that has affected the last few decades: from branches to Mobile Banking, from the digitalization of transactions to the creation of Fintech, from the first process automations to Artificial Intelligence. This evolutionary journey has not only involved and still involves the birth of new technologies, but also the possibility of seizing new business opportunities and therefore necessarily of facing new types of risk, which are not always intuitive and easy to fully understand and manage. In this context, the role of the Regulator is fundamental not only to make available to companies elements for a correct and complete understanding of Digital/ICT Risk, but also to provide guidelines that allow for the construction of an organizational and governance model suitable for gaining awareness risk and to assess, manage and monitor it. A fundamental role is played by the Digital Operational Resilience Act (DORA), which certainly better defines some aspects that until recently did not find a clear place, but - even more important - which allows these aspects to be included in an organic and holistic framework. Governance and organization are essential in this panorama, the only functions capable of spreading the risk culture necessary to overcome the silo mentality and to establish the cultural paradigm change essential for managing ICT Risk. Given the extension of the perimeter that is generally included under this risk, the paper goes on to underline the most relevant aspects and suggests in a practical way the components on which companies should concentrate in order to implement and make usable an all-round management framework: from the identification of critical functions to the importance of having tools capable of certifying the correctness, completeness and quality of the data. Another high-sounding and closely related theme, which therefore could not fail to be addressed in the paper, is represented by the cyberattack and its impacts on the market. The paper then closes with a theme which, in our opinion, plays an even more stately role than the creation of an overall framework can play: the Digital Strategy, consciously accessible only through a Digital Risk&Governance framework, but which represents the ultimate goal to which companies should aspire.","PeriodicalId":296057,"journal":{"name":"Risk Management Magazine","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Risk Management Magazine","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47473/2020rmm0126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The aim of the paper is to explain what is meant by Digital Risk&Governance. For this purpose, it is important to retrace the technological evolution that has affected the last few decades: from branches to Mobile Banking, from the digitalization of transactions to the creation of Fintech, from the first process automations to Artificial Intelligence. This evolutionary journey has not only involved and still involves the birth of new technologies, but also the possibility of seizing new business opportunities and therefore necessarily of facing new types of risk, which are not always intuitive and easy to fully understand and manage. In this context, the role of the Regulator is fundamental not only to make available to companies elements for a correct and complete understanding of Digital/ICT Risk, but also to provide guidelines that allow for the construction of an organizational and governance model suitable for gaining awareness risk and to assess, manage and monitor it. A fundamental role is played by the Digital Operational Resilience Act (DORA), which certainly better defines some aspects that until recently did not find a clear place, but - even more important - which allows these aspects to be included in an organic and holistic framework. Governance and organization are essential in this panorama, the only functions capable of spreading the risk culture necessary to overcome the silo mentality and to establish the cultural paradigm change essential for managing ICT Risk. Given the extension of the perimeter that is generally included under this risk, the paper goes on to underline the most relevant aspects and suggests in a practical way the components on which companies should concentrate in order to implement and make usable an all-round management framework: from the identification of critical functions to the importance of having tools capable of certifying the correctness, completeness and quality of the data. Another high-sounding and closely related theme, which therefore could not fail to be addressed in the paper, is represented by the cyberattack and its impacts on the market. The paper then closes with a theme which, in our opinion, plays an even more stately role than the creation of an overall framework can play: the Digital Strategy, consciously accessible only through a Digital Risk&Governance framework, but which represents the ultimate goal to which companies should aspire.

查看原文本刊更多论文

数字风险与治理日益重要

本文的目的是解释数字风险与治理的含义。为此，重要的是追溯影响过去几十年的技术演变:从分支机构到移动银行，从交易数字化到金融科技的创建，从第一个流程自动化到人工智能。这一进化之旅不仅涉及到新技术的诞生，而且还涉及到抓住新商机的可能性，因此也必然面临新的风险类型，这些风险并不总是直观的，也不容易完全理解和管理。在这种情况下，监管机构的作用是至关重要的，不仅要为公司提供正确和完整地理解数字/ICT风险的要素，还要提供指导方针，允许构建适合于获得风险意识并评估、管理和监控风险的组织和治理模型。《数字操作弹性法案》(Digital Operational Resilience Act, DORA)扮演了一个基本的角色，它当然更好地定义了一些直到最近还没有找到明确位置的方面，但更重要的是，它允许将这些方面包含在一个有机的整体框架中。治理和组织在这个全景中是必不可少的，它们是传播风险文化的唯一功能，这是克服筒仓心态和建立管理ICT风险所必需的文化范式变革所必需的。考虑到通常包含在此风险下的周界的扩展，本文继续强调最相关的方面，并以实用的方式建议公司应该集中精力实施和使用全方位管理框架的组件:从关键功能的识别到拥有能够证明数据正确性，完整性和质量的工具的重要性。另一个冠冕堂皇和密切相关的主题，因此在论文中不能不提到，就是网络攻击及其对市场的影响。论文最后以一个主题结束，在我们看来，这个主题比创建一个整体框架所能发挥的作用更加庄严:数字战略，只有通过数字风险与治理框架才能有意识地实现，但它代表了公司应该追求的最终目标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Risk Management Magazine

自引率

0.00%

发文量