Updated: Apr 24
It’s nearly the 4th week of January 2017. We are all aiming to be positive and excited for taking our existing or expanding businesses to the next higher level. However, it’s all good to have big Million or Billion goals and action plans to boost sales, but let’s be practical and realistic that due to technological advancements, it has led to the evolving and increasingly difficult ways to track business risks and loss of profits.
Let’s be alert that business risks and cyber risks are also rising in speedy rates too. So, how do you ensure that your board and support teams across your whole business are protecting your organisation’s assets and bottom lines whilst rolling out your BIG Plans to meet your Board’s Huge Sales Revenue Targets in 2017?
For this month, I am going to share with you valuable insights on how your risk and audit role is continuously changing and expanding to support your key stakeholders in this 21st century.
You may ask - “Do I need to be concerned with my organisation as it has good managers and teams in all divisions across the business?”
Being in the internal audit, compliance and risk management industry, we often hear, see and deal with many bad and ugly stories of real case studies about poor ethics, non-compliance and fraud issues. This had included increasingly scary types and levels of cybercrimes due to technological advancements. “Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual, cause serious harm and pose very real threats to victims worldwide. ” New trends in cybercrime are emerging all the time, with estimated costs to the global economy running to billions of dollars.
Many of us noted that varied types of cybercriminals continue to seriously breach databases in global or even SME organizations in every industry and profession in private and public sectors. If your organisation has not been breached and if you haven't imposed the latest business risk controls and information security safeguards, your business may be at risk to a potential data breach in the near future.
Should your organization be proactive rather than reactive in designing a risk management strategy that includes effective business ethics, controls, policies and processes, internal audit management and security awareness plus data protection programs? Do you really want to protect your business and employees at all levels in terms of personally identifiable information (PII), company data, and other sensitive information and resources?
What is your job role?
Regardless of your job title, be it at ownership level, senior executive level, head of internal audit, risk management, fraud risk manager, compliance director or any operational team leader in the organisation, you must reinforce the risk message and publicize the magnitude of the negative impacts of data breaches and compromised records on organizations and specifically in their industry sectors.
Here is an extract of statistics from the recent Fraud Magazine:
“These three data breach cases, which rank in the top 15 in 2015 from the Privacy Rights Clearinghouse's (PRCH) Chronology of Data Breaches help to illustrate the severity of the problem.
In July 2015, a third-party contract employee hired by the National Guard unwittingly caused a data breach when the contractor mishandled a transfer of data to a non-accredited data center. The breach possibly exposed the Social Security numbers, home addresses and other personal information of approximately 850,000 current and former National Guard members — dating back to 2004.
In May 2015, CareFirst BlueCross BlueShield discovered a data breach in which external hackers invaded a database and compromised unencrypted names, birth dates, email addresses and subscriber information of 1.1 million members.
In February 2015, health insurer Anthem announced an embarrassing breach, which began in February 2014, that exposed an amazing 80 million patient and employee records including the unencrypted names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, income data and more. The firm said that member password encryption prevented the cybercriminals from gaining access to Social Security numbers, medical claims, employment, credit card and financial data.
What is the current trend of Audit and Risk Mitigation in Asia?
In the Asia Pacific region, many of us ask “Why Asia-Pacific Lags in Data Breach Detection?”
“Data breaches in Asia-Pacific also tend to stay under the radar because most nations in the region lack data breach notification laws, he points out. Companies breached in Asia-Pacific often fail to completely kick out attackers and its increased spending doesn't guarantee security.”
Many papers and researches have confirmed that “Organizations are not necessarily equipped with the right tools and detection methods to actually identify attacker behavior( source: Information Security Media Group ). It is mainly due to the data breach attackers becoming more and more advanced in the ways that they breach customers' networks.”
In my opinion, detecting data breaches is becoming just as important as trying to prevent them as part of the expanding role of internal auditors, risk managers and compliance managers through highly effective integrated Internal auditing and risk mitigation strategies across the organisation.
The national media outlets tend to report data breaches that only have affected major national corporations and government agencies, so the public is unaware that the data breach problem is much broader in scope. Data and Security breaches had probably happened in many SME’s and medium size organisations in different ways but stayed undetected or unreported.
The top 3 strategies to mitigate data breaches and financial losses
Organise an independent advisory review of your current risk and audit function at least once every 2 years, to assess the risk appetite of your organisation by an Asia Pacific Specialist who have hands on and management experience in the Asia region.
Develop a combination of an inhoused coaching program and external seminar attendance for your risk and audit team to ensure that they are up to date with the latest trends and tools to conduct an effective integrated internal audit and fraud risk control framework.
For busy executives and team leaders, they should register and attend an exclusive group mentoring programme that is facilitated and mentored by an Asia Pacific Specialist, who can share the real live case studies of do’s and don’ts to strengthen your current audit and risk management methodologies.
Let me reiterate one key message!
Please be alert that business risks and cyber risks are also rising in speedy rates too.
If you truly want to protect your organisation’s assets that include both tangible and non-tangible assets and most importantly, your Company BRAND and Sustainability, check out our Audit & Risk Integrated Audit & Fraud Risk Mentoring program here….