Tag Archives: Boards of Directors

Institute of Risk Management East Africa Regional Group partners with Serianu Ltd to grow local cyber risk talent

The Institute of Risk Management’s (IRM) East Africa Regional Group (a member body of the IRM in the UK) and Serianu Ltd have agreed to work together on addressing the huge deficit of qualified risk managers in the region coupled with local public and private sector organisations needing critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed.

The collaboration is bidding to develop a fundamental home-grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.

Serianu Ltd is a pan-African cyber security consulting firm. The business has signed a Memorandum of Understanding (MoU) with the IRM that will engender collaboration on research, training, community out-reach and policy design.

IRMLogo

According to Dorothy Maseke, chair of the IRM’s East Africa Regional Group, Kenya especially needs 1,000 qualified risk management professionals annually, yet over the last three years the population has grown from just under 20 to around 120 today.

“Risk management is a relatively new field of professional practice yet, locally and globally, there’s a major shift by regulators to entrench high risk management standards,” explained Maseke. “Risk has become a core reporting requirement by management as well as a key responsibility of Boards of Directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters.”

New specialism

Maseke added that risk management had emerged as a new specialism as a result of changing business and public sector operating environments that have shone a spotlight on governance mechanisms. At the same time, the practice of risk management is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organisation from achieving its goals at any one time.

DorothyMasekeIRM

Dorothy Maseke

Threats and opportunities have been a standard in every organisation’s overall strategy for several decades, but now for the first time in corporate governance history, this is firmly set in the risk manager’s scope of work and monitored daily. Maseke noted that, in this way, organisations are also able to clearly assess and derive the benefits from investing in their systems and processes.

Carol Misiko, the East Africa Regional Group’s secretary, added that cyber risk is no longer a back-office IT team issue (although they clearly play a vital role). Misiko noted that today’s enterprise risk management function needs to be able to understand this constantly evolving risk, but also manage, monitor and report on this emerging risk.

Common interest

Speaking during the MoU signing ceremony, Serianu Ltd’s CEO William Makatiani observed that the two institutions have a common interest in growing the knowledge of Boards of Directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organisations.

“We’re collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” stated Makatiani. He added that, generally – and especially so in the public sector – the degree of compliance is still quite low and that many highly regulated private sector organisations are yet to get to cross the 50% mark.

Advertisements

Leave a comment

Filed under Risk Xtra

“Lack of strategic focus on technology at Board level” finds ICSA poll

A poll conducted by ICSA: The Governance Institute and recruitment specialist The Core Partnership reveals that just 51% of Boards of Directors understand the challenges and opportunities that data and technology present to their organisations. Some 29% of the company secretaries who took part in the survey think that their Boards do not fully understand and a further 20% could only attest to ‘maybe’.

A lack of knowledge is viewed as the main barrier that prevents Boards from engaging properly with technology at a strategic level. Some 58% of respondents consider this to be the main obstacle, with 22% alluding to another reason, 16% citing language as an impediment and 4% blaming the on-boarding process.

Some of the main issues raised are as follows:

*The speed at which technological advances move means key aspects of the technology journey may not be provided in a timely manner

*It’s hard to find time in busy agendas to focus on the technology aspects

*Most Boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology

*There has been a focus on the General Data Protection Regulation (GDPR) and cyber security, but that focuses on risks rather than opportunities

*Challenges arising from data management are more readily understood (eg the impact of poor data quality), but the real opportunities available to organisations through the effective use of data are less well considered (and especially through the ‘lens’ of commercial strategy)

Peter Swabey

Peter Swabey

Artificial Intelligence and automation

When asked if there were particular areas in which Boards needed to improve their understanding, a quarter of respondents chose Artificial Intelligence and automation. Other areas highlighted for potential improvement were using data effectively, the GDPR, cyber security and IT governance. Some 23% of respondents stated the belief that their Boards need to hone up on all of the areas mentioned.

Peter Swabey, policy and research director at ICSA, said: “The pace of change is such that new technology is emerging quicker now than at any time previously. This can be challenging for all Boards, but particularly so for those predominantly made up of people who are not ‘digital natives’. On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it’s incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what’s achievable given the part-time nature of the role.”

Swabey added: “It might be suitable for some organisations to have an IT specialist sit on the Board, but this wouldn’t be appropriate for all. Moreover, having one director with responsibility for technology might allow others to obviate their responsibilities, which is clearly not an option. As one respondent quite rightly said: ‘Technology is both an opportunity and a threat – Boards need to understand how it impacts the business both operationally and strategically’. This is a responsibility that all directors must share.”

Leave a comment

Filed under Risk Xtra

James Morris MP visits Advent IM to discuss EU’s GDPR and ‘The Future of Cyber Security in the Boardroom’

On Friday 20 January, Advent IM – the holistic security consultancy – played host to a visit from James Morris MP at its Birmingham headquarters.

2018 will see the adoption of the European Union’s General Data Protection Regulation (GDPR) in the UK. Given the GDPR’s increased accountability and level of financial penalty for failure, the implications for UK businesses are clear.

Advent IM has long felt that good data protection and security hygiene starts at the top of an organisation and needs to be handled strategically.

mikegillespieadventimweb

Advent IM’s Mike Gillespie

James Morris MP visited Advent IM’s offices and Training Centre in Halesowen to discuss the GDPR and Advent IM’s new training course for senior Board members and business leaders. The training is designed specifically for director-level individuals with little or no cyber security background. The course is to be delivered by director and cyber security expert, Mike Gillespie.

Having an insight into the convoluted world of cyber security, in addition to a firm grasp of the challenges it presents to senior Board members, Gillespie plans to bring the strategic skills of business leaders to bear on high quality cyber security planning and data protection practices in order to “raise the UK’s game” from the top down.

“James Morris has always taken a keen interest in cyber security and digital development in business and recognises the need for the UK to ensure its security posture is robust,” asserted Gillespie. “With the interconnected nature of business and the digital life of commerce, small and local businesses can be holding extremely valuable information assets. They need adequate protection through their lifecycle.”

Leave a comment

Filed under Risk UK News, Uncategorized