1.
Dermawan
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean
massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam
felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.
Enterprise Risk Management for the Digital
Transformation Age
Session: 2447
Jem Pagán - Presenter

2.
Participants will exit this Seminar with the following
knowledge:
1. The market growth and opportunities in enterprise risk
management
2. The skills necessary to take advantage of risk management
career opportunities
3. The applicable areas for enterprise risk management
4. The importance of addressing enterprise risk management in all
digital transformation initiatives
5. New innovations in enterprise risk management that will provide
new career opportunities for STEM professionals
Seminar Title: Enterprise Risk
Management for the Digital
Transformation Age

3.
How would you define risk?
How is risk managed in your organization?
Have you ever experienced a risk incident?
How important in MTTR (mean-time-to-recovery)?
Let’s Level Set on Risk

4.
TITLE
Seminar Title: Enterprise Risk Management for the Digital
Transformation Age
Seminar participants will collaborate and explore the emerging new use
cases for enterprise risk management that addresses the need to better
understand how to leverage critical data to predict and understand how
data analytics can support risk management and mitigation in an
increasingly data-dependent workforce environment.
Enterprise risk management has become a vital component to cyber
security, logistics management, asset management and supply chain
management. As organizations continue to rely on data to drive
workforce automation, Industrial IoT and process automation, it is
becoming necessary to analyze data to discover risk before it occurs and
implement effective remediation practices and processes.

5.
Enterprise Risk Management
Goals and Drivers

6.
RiskManagement Defined
Enterprise Risk Management Terms and definitions
Risk management is the process of identifying, quantifying,
and managing the risks that an organization faces. As the
outcomes of business activities are uncertain, they are said
to have some element of risk.

7.
A cost-based assessment to operational and cyber risk was provided by
the Ponemon Institute, (the tech industry’s gold-standard benchmark
research), to gain an accurate perspective of the level of risk in terms of
cost and operational deficiencies.
The 2018 ‘13th Annual Cost of a Data Breach’ independent study,
conducted by the Ponemon Institute, reports the global average cost of a
data breach is up 6.4 percent over the previous year to $3.86 million.
The average cost for each lost or stolen record containing sensitive and
confidential information also increased by 4.8 percent year over year to
$148.
The Cost of Risk

8.
July 2018 “Cost of a Data Breach Study: Impact of 22 factors on the per capita cost of data breach” - Ponemon Institute

9.
Extending The Skills Of The Risk Professional Is The Next Big Challenge In Risk
Management
Ref: Skill Set Challenges in Risk Management- Forbes
1. Global Risk Management Study that risk managers worldwide have gained a
respected voice of influence and a “seat at the table” with their boards and top
management;
2. that they have made progress in the integration of the risk management
function, not only with finance, but with their firms’ lines of business;
3. and that innovative technologies such as artificial intelligence (AI), robotic process
automation (RPA), big data and analytics, machine learning and blockchain are
increasingly becoming part of the solution set to both help cut costs and importantly
manage vastly larger and more diverse data volumes.
4. The lack of needed skills, which has always been an issue in risk management, continues to
be a challenge – but with a different twist. There are seasoned people with risk
management expertise, as well as people in large scale financial institutions with technical
savvy in areas ranging from data science to AI.
5. However, finding and/or developing people who combine those skills in one package is
extremely difficult. Firms are trying to strike the right balance between risk experience and
disciplines on the one hand, and a deep understanding of current digital, data and
technology tools on the other. This is not easy.

10.
Most Common Risk Management Disciplines
IT Risk Management is the application of risk management methods to information
technology in order to manage IT risk, i.e.: The business risk associated with the use,
ownership, operation, involvement, influence and adoption of IT within an enterprise or
organization.
Business Continuity Management (BCM) is a framework for identifying an
organization's risk of exposure to internal and external threats. ... BCM includes disaster
recovery, business recovery, crisis management, incident management,
emergency management and contingency planning.
Vendor Risk Management (VRM) is a process that deals with the management and
planning of third-party products and services. This ensures that the use of third-party
products, IT suppliers and service providers does not result in a potential business
disruption or in any negative impact on business performance.
Event Log Management. The collection, storage, and reporting of log data from
firewalls, routers, servers, applications, operating systems and devices in near real-time
for compliance and risk mitigation.
Legal Risk Management. By definition, the CCO is responsible for identifying,
prioritizing, and mitigating sources of legal and regulatory risk through effective internal
controls and business processes. ... Here again, CLOs may consider these functions
and risk areas to be part of their scope of responsibilities.
The term Operational Risk Management (ORM) is defined as a continual cyclic
process which includes risk assessment, risk decision making, and
implementation of risk controls, which results in acceptance, mitigation, or
avoidance of risk. ORM is the oversight of operational risk, including the risk of
loss resulting from inadequate or failed internal processes and systems; human
factors; or external events. Unlike other type of risks (market risk, credit risk,
etc.) operational risk had rarely been considered strategically significant by
senior management

11.
Market Drivers for Integrated Risk and Cyber Solutions
The World Economic Forum (WEF) identifies technological risks, in the
form of data fraud and cyber attacks, among the top 10 risks in terms of
likelihood, while critical information infrastructure breakdown is among its
top ten risks in terms of impact.
These identified risks are not mutually exclusive. The primary driver for
global enterprises in terms of risk management is to transition from a post-
mortem remediation process to a proactive risk mitigation and management
state, to reduce or mitigate brand exposure, clean-up costs and business
disruption.
Enterprises of all sizes realize that cooperation within its key business units
is an essential starting point to mitigate cyber attacks or data breaches.
These coordinated efforts must be platform driven, to provide a ‘single
source of truth’ for preemptive and coordinated responses (in-the-moment)
to enterprise-wide risks.
Opportunities in Integrated Risk
Management

12.
• Smart technologies such as RPA (Robotic Process Automation)
• Machine learning, big data and analytics and AI is leading to greater
efficiency and productivity in the risk function.
• Adopting these technologies can lower costs, and provide greater
accuracy and control, increased agility, and improved risk analysis
and insights.
• At this stage, only a minority of respondents say they are highly
proficient at incorporating these technologies into the risk
management functions, and they are impeded by obstacles such as
legacy technologies within the risk function (cited by 69% of
respondents) and the increased velocity, variety and volume of data
(named by 73%).
Ref: Skill Set Challenges in Risk Management- Forbes
The Digital Transformation Challenge?

13.
Ref: Gartner - Risk Management Programs
1. Risks are derived from business goals and objectives
2. A risk framework guides a common approach across the
enterprise
3. Risks are communicated in terms of their impact on the business
4. There is operational support for risk management and
accountable ownership of risks
5. There is a business process approach to risk management
technology
(5) Characteristics of a Foundational
Risk Management Program

14.
1. Risk managers must have an appetite for knowledge and should continually
ask questions about all aspects of the company.
2. Risk managers should seize every opportunity to learn, but at the same time
must be generalists due to the volume of their responsibilities.
3. Meeting and working with employees is an excellent way to learn. Risk
managers should be willing to roll up their sleeves and hit the trenches.
4. Risk managers must be willing to learn about the challenges employees
encounter to increase their understanding of what really makes a business
work.
5. Risk managers benefit from direct experience. This is often more valuable
than being taught.
6. A successful risk management career stems from understanding the value of
colleagues and learning from their knowledge.
Ref: Risk Manager Skill Set Development
Developing Risk Management Skills

15.
Thank You
Jem Pagán, President
BluSky Consulting