Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Headline Verdana BoldDigital RiskPlan. Design. Implement.
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 2
Digital Transformation has gone mainstream in the Industry and certain challenges are emerging
5.5
Million
Number of new devices connected daily to the enterprise platforms
$400
Million
Average global annual fines levied for non compliance with Risk standards
70%
Cross Functional teams leading Business Transformation activities in Digitally Mature organizations
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 3
In the Digital ecosystem, Enterprises have a larger threat surface to protect
Traditional vs Futuristic view of Risk
Risk Scenariosin Digital
Environment
Old Risks in a new
lens
Reputation
• High customer expectations
• Mistakes go viral
Business Environment
• Increased competition
• Changing regulatory landscape
Third party
• New Types of relationships
• Greater Dependencies
• Less oversight
People
• New skillset
• New mindset
• Employee presence in social media
Fraud
• Fraudsters have access to more data
• Need for Frictionless Authentication
Continuity
• Higher Interconnected dependencies coupled with lower controls
Traditional View
1. Organization-Centric
2. Status Quo accepted in Design
3. Risk seen as a hurdle
4. Approval when fully built
5. Not agile friendly
6. Risk as a constraint
Futuristic View
1. Customer-centric
2. Solutions targeting specific risk scenarios
3. Risk management drives growth
4. Integrated control design
5. Plug and play approach
6. Challenge to perceived boundaries
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 4
Digitalization means
different things for different
stakeholders
For an effective digital environment to meet the desired
objective, it is critical to consider risk areas beyond traditional risk.
Strategy and Vision
• Define a digital vision and strategy
• Conduct a feasibility assessment of the initiatives which can undergo digital transformation
Implementation
• Transforming the tools and capabilities used to deliver services
• Identify the key stakeholders in the ecosystem aiding the digital transformation
Program Management
• Focus on timely and cost effective implementation of the digital initiative, for the respective business teams.
Risk ViewContextual Risk
• Adequacy of selection of digital enablers of the digital program, in the context of the business objectives.
• Setting the tone of risk management at the design stage of the digital program.
• Prioritization of initiatives ensuring minimal impact or disruption of service.
Implementation Risk
• Risk based architecture for the digital enablers w.r.t technology, operations, vendors, compliance, security and resiliency.
• Right digital technologies for different business processes.
• Culture of a digital mindset and a secure usage of the digital components.
Governance Risk
• Focus on timely and cost effective implementation of the digital initiative, for the respective business teams.
Enterprise View
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 5
Creating an opportunity to undertake enterprise wide Digital Risk Management
with a view to +
Improving Reducing Assuring Buildingcustomer experience through Digital Governance
cycle time for operational and compliance/ regulatory processes
mitigation of security, privacy and compliance risks in Digital implementations
a culture to integrate risk as part of digital DNA
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 6
+
Understanding and managing Digital Risk is key to growth for the modern enterprise.
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 7
En
terp
ris
eExte
nd
ed
En
terp
ris
eR
isk A
reasAdditive
Mfg. Cloud
Horizontal and vertical system integration
Industrial Internet of things
Augmented Reality
Autonomous Robots
Strategic
Resilience
Privacy
Cyber
Operations
Technology
Third-Party
Data Leakage
Regulatory
Forensics
Digital Governance Customer Experience
Employee Lifecycle
Data Lifecycle
Asset Lifecycle
Customer Lifecycle
Big Data Analytics
Simulation
Cyber Security & Risk
Holistic Approach to Digital Risk
Mitigation
Risk areas spread across different digital ‘touch-
points’ to be considered for effective digital governance
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 8
OUR CURRENT OFFERINGS FOR MANAGING DIGITAL RISK From Roadmap to Monitoring
Strategy & Maturity
• Design/optimize the digital roadmap factoring in Digital Risk scenarios
• Assess maturity and define roadmap for increasing maturity level
+
Digital Risk Integration
• Integrate risks in the digital journey
• Managing program risks in large digital implementations
Digital Risk Assessment
• Risk based review and design of privacy and compliance controls in digital projects
• Technical security assessment of implemented advanced technologies
Risk and Reputation Monitoring
• Devise strategy for monitoring reputation risk at enterprise digital touchpoints
• Build culture and mindset of digital risk with proactive periodic interventions for all internal and external stakeholders
Centre of Excellence
• Establish a CoE for identifying, analyzing and embedding risks in digital program
• Extend support for providing thought leadership, trainings, specialized assessments on digital security
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 9
DISCOVERAligned to the organization’s
Digital vision, study the selection of digital enablers, and analyze the risk so as to
assess the digital footprint and its impact.
MONITOREmbed a continuous review
process that evolves in response to disruption and new developments across the digital
estate, legal and regulatory requirements.
DEVELOPBased on Deloitte’s Digital Risk Framework, develop a risk based digital architecture customized to the organization’s digital needs and operating environment.
IMPLEMENTIn the context of business, implement the risk based digital architecture for the selected digital enablers supported by an overall risk governance.
Navigating Digital Risks
+
Design a strategic roadmap for Digital Risk
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 10
Digital Risk Maturity Model
Deloitte’s Digital Risk Maturity Model aims to assess and disclose current and desirable risk management maturity levels for an
organization undergoing digital transformation. This maturity model can be used as a diagnostic tool for an ‘as-is’ assessment of an
organization's digital risk management capabilities and practices whilst on its road to digital. The intention here, is to detect and
eliminate inadequate risk management practices and map the way for continual improvement.
Levels of Maturity Benefits of the Digital Risk Maturity Model
Enables organizations across sectors to derive maximum benefits from digitalization by inculcating a consistent risk based approach to digitalization
Helps organizations to improve on their capability to adopt digitalization and consistently deliver products/ services in line with customer demands
Provides a competitive advantage to organizations in the market by enabling enhanced risk management practices & opportunities for self improvement
Enables earlier and more effective error/ incident detection, reducing large amount of costs associated with remediation
Provides a framework to standardize an organization’s risk management practices, ensuring that leading industry practices are considered, shared & adopted
The organization has not taken any steps towards digital or digital risk management.
The organization has is taking initial steps towards digitalization.
Digital Risk Practices are
ad-hoc and not considered during design phase.
The organization's digital initiatives & risk management capabilities are being integrated
across the organization to support end-to-end capabilities.
The organization is breaking new ground and advancing the state of the practice in digitalization & digital risk
management.
Non Existent
Developing
Defined
Advanced
Leading
Desired Level of Maturity
The organization's digital initiatives & risk management capabilities are being fine-tuned and
used to increase performance.
1
2
3
4
5
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 11
SampleScreenshots
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 12
STRATEGY AND MATURITY
Assess the maturity levels of your Risk Management of Digital Initiatives with our Maturity Assessment Tool. We classify Risk preparedness of Digital initiatives into five levels
+
01 Lagging
Digital risk processes are not
defined, not considered
during design.
02 Reactionary
Digital Risk Practices are developed
based on the situation and not
considered during design phase.
03 Emerging
Digital risk areas and or associated
controls are partially implemented
04 Proactive
Digital risk processes and controls
are implemented and measured
periodically
05 Optimized
Digital risk processes and controls
are continuously optimized
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 13
DesignIntegrate Risk Management in the design phase of your digital transformation strategy
BuildEstablish digital risk management process controls for the program
OptimizeEvolve the digital risk
framework with changing ecosystem and identification of
new risk vectors
RunManaging program
risks in large digital implementations.
Digital Risk Integration
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 14
Center of Excellence
+
Setting up a Center of Excellence for identifying, analyzing and embedding risks in digital program
Future Proof Build specialized solutions for the
organization considering evolving
threat vectors
Thought Leadership
Develop thought leadership on key
domains and processes of Digital Risk
Proactive Intervention
Continuous monitoring and
update the Digital Risk Framework
Awareness Create awareness
amongst stakeholders to identify and manage
risk in your digital initiatives
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 15
+Reputation Monitoring:
Leverage analytics to monitor and identify risks to the brand reputation from internal and external stakeholders at various digital touchpoints
Risk and Reputation Monitoring
Proactive Intervention:
Identify evolving threat vectors and integrate risk management for ongoing monitoring
Digital Risk Reputation Training and Workshops:
Build culture and mindset of digital risk with proactive periodic interventions for all internal and external stakeholders.
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 16
Unauthorized access to
original content
Intellectual property
infringement
Breaches in technology
security
Breach of privacy
Inventories and asset
impairment
Theft of personal data
Attack on internet
connected IT
infrastructure
Large scale hacking
Threat Vectors
Dependence on third
parties
Brand dilution
Goodwill impairment
Financial loss
Distrust of sponsors
Decrease in listeners
and viewership
Risks AssociatedCurrent Landscape of Original Content across Media
Companies
Content Lifecycle
1. Collect
2. Create
3. Distribute
4. Monetize
5. Archive
Advanced Technologies
Mobile Devices
Internet of Things
Social Media
Cloud
Web
Digital Content Security Assessment
Media companies need to build a holistic, business-focused digital defense approach.
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 17
Digital Identity
Having an effective authentication & authorization mechanism across all digital enablers
Blockchain
Leveraging Blockchainarchitecture to secure against internal and external threats
RPA
Enabling a secure RPA implementation and leveraging of RPA for Cybersecurity & Risk management
IoT
Designing a risk-based IoT architecture for data collection and management of remote systems
OT (SCADA)
Protecting the OT infrastructure through secure integration with enterprise technology eco-system
Digital Payments
Secure digital payment offerings using a structured risk based approach
Cyber Analytics
Analytics based risk and compliance monitoring supported by advanced technologies
Digitalization of RM
Enabling the risk management leveraging digital technologies
Digital Risk Strategy
Our service line offerings factor in
the new digital enablers
+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 18
+
Case Studies Digital Risk
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 19
Risks Roadmap for Digital customer centricity initiative for leading automobile manufacturer
Key R
isks
Business Functions
Impacted
Productivity Efficiency Effectiveness
Failed driver assistance equipment such as Blind-spot marking, collision warning, brake-assist that are digitally embedded in the vehicle causing poor vehicle performance/ breakdown/ fatalities.
Failed onboard diagnostics that account for incompatibility between systems such as mobile applications, smart sensors leading to incorrect metrics captured for the vehicle thus impacting performance.
Higher complexity of devices running autonomous vehicles with advanced software and equipment leading to more production time and testing periods
Failure to collaborate with CSPs, OEMs, financial firms, etc. to enable digital drivers services such as In-Car content, Payment models, communication links, etc.
Loss of customer data captured from vehicle leading to privacy issues and customer identification which can result in lawsuits, penalties, loss of customer trust or faulty servicing.
Inability of car engines to receive over-the-air updates just like apps and software are updated leading to vehicle malfunctioning or breakdown.
IT Service Sales
IT Service Sales
IT Supply Chain Sales
IT Service
IT Sales
IT Service Sales
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 20
Deloitte’s Digital Risk Roadmap helps large financial services player identify risks in branch customer lifecycle management
D
Branch visit
Onboard
Service & Resolve
Optimize
Service catalogue management (Brand and Reputation)
Customer onboarding compliance (KYC regulations)
Service fulfillment and assurance (SLA)
Analytics based process optimization
A Analytics
Digital Enablers
• IOT enabled ambience
monitoring, network
monitoring
• Digital Identity
• Secure Digital Payments
• Data privacy
Digital
• KYC compliance
• Supporting processes
• Compliance reporting
• Payments and receipts
• Customer Credit
Management
Bot
• Regulatory Risk
• Process Optimization
• Branch Operations –
Service KPIs
• Network performance
• Cyber Analytics
Analytics
Monitoring of:
• Branch environment
metrics
• Technical connectivity
• Security monitoring
• System monitoring
CIC
Key areas enabling digital risk identification and management
BotB
Digital RiskD
CICC
DB
A
D AB
CC AA DD
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 21
Assessment of risks in key Digital initiatives for a leading manufacturing company in India
Objective of the EngagementThe client engaged Deloitte to help them identify risks that respective functional teams would be required to manage / mitigate whilst adopting digital initiatives to achieve their stated objectives. As part of the engagement, the client expected to have an independent assessment to perform a study on their Digital Transformation initiative from a contextual and governance risk perspective.
Existing Environment • The client had a vision of becoming a digital leader
in the manufacturing sector. To achieve this vision, a core team was constituted to identify and oversee major digital implementations across all its business units/ functions.
• There were 60+ digital initiatives that were identified and categorized using a staging process. These projects were primarily focused on increasing EBIDTA. Implementation of these projects is being facilitated and overseen by Digital Service Providers, chosen from the client’s key business functions.
Activities Performed As part of the engagement, Deloitte performed the following activities:• Developed an understanding of the digital
program by conducting discussions with relevant teams involved in implementing digital initiatives;
• Studied the existing digital program and digital initiatives undertaken by other departments, from a coverage and completeness perspective w.r.t the client’s strategic intent;
• Leveraged leading practices across the manufacturing industry to ascertain if any additional areas/ ideas could be considered for digital;
• Evaluated coverage/ contextual risks in accordance with the identified digital practices across the manufacturing industry;
• Discussed recommendations with the digital team, on feasibility of implementation to manage the risks identified.
Key Recommendations • Manage risks in implementation of digital
initiatives right from the ideation stage;• Develop a talent pool on digital technologies; • Ensure cross-functional representation and
involvement in the digital program;• Create a ‘Digital-First’ mindset among all
employees;• Define a detailed reference framework of ‘digital’
w.r.t. applicable digital enablers (e.g. IoT, RPA, Analytics, Block chain, AI, Machine Learning), which will be considered for meeting improvement objectives.
Value Delivered • Embedding a culture of ‘pro-digital’ across all business functions of the client by extending support in understanding a common definition for Digital;• Creation of a risk view for sampled digital initiatives at all levels (ideation to execution);• Assistance in increasing the current maturity of digital implementation;• Governance support for smooth execution of digital projects undertaken.
22 | Copyright © 2015 Deloitte Development LLC. All rights reserved.
Risk assessment and Risk
Treatment Plan
Performed risk assessment and developed risk treatment plans for 28 in-scope departments such
as brand solutions, distribution, marketing, media planning, commercial, syndication, brand
strategy, sales strategy, advance sales, programming, and scheduling) based on ISO 27001,
Indian IT Act, and industry leading practices.
Configuration reviewPerformed configuration reviews (console and checklist based) on operating system and databases
for Hyperion, OnAir, ERP, SAP, and PeopleSoft to identify data leakage related risks.
Third Party Risk Management Assisted in improving third party risk management and security management practices (For
example, vendors and business partners).
Digital content security assessment for a major TV network
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 23
Why Deloitte for Digital Risk?
Close collaboration with
Deloitte Digital and Digital
Studio
Partnerships with large Digital Platform Organizations to bring the best in Digital and Risk to the customers
Marquee credentials
Deloitte Risk Advisory consultants have worked with some of the largest enterprises in India to develop comprehensive Risk Management strategies
Key differentiators
Strong Digital Risk Framework
Digital Risk framework to identify and manage evolving business transformation scenarios in India
Sector-focused Risk Advisory Practice
Drawing on in-depth sector experience and Risk Management knowledge on engagements
State of the art labs for areas like Cyber Security, IoT and RPA
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 24
Assessing your Digital Risk Readiness
+
“An approach to digital risk management should begin with an understanding of the organization's digital foot print and creating a register of digital risks”
1Ownership: Do you
know what digital activity
you own and how others
use your brand online? 2Alignment: Is your
digital activity aligned
with your business
objectives?
3Operations: Have you set
the rules of engagement
with digital through
appropriate policies and
procedures? 4Assurance: Do you
regularly monitor the
performance and
compliance aspects of
your digital footprint?
Evaluate digital risk readiness by asking questions based on these dimensions+
© 2018 Deloitte Touche Tohmatsu India LLP Digital Risk 25
Let’s get started on
your Digital Risk Journey
+2 hour
workshop
Engage with our Digital Risk team on a 2 hour hands on workshop, to understand your key
Digital touch points and how to identify the key
drivers.
2 day strategy session
Co-create your high level strategic roadmap with experienced Digital
Risk consultants. Identify key areas of
Digital Risk and establish controls to
mitigate them.
1 week digital risk assessment
Create a enterprise wide Digital Risk
assessment report. Use this report as a blue print to drive your
Digital Risk initiatives.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.
This material has been prepared by Deloitte Touche Tohmatsu India LLP (DTTI LLP), a member of Deloitte Touche Tohmatsu Limited, on a specific request from you and contains proprietary and confidential information. This material may contain information sourced from publicly available information or other third party sources. DTTI LLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. The information contained in this material is intended solely for you. Any disclosure, copying or further distribution of this material or its contents is strictly prohibited.
Nothing in this material creates any contractual relationship between DTTI LLP and you. Any mutually binding legal obligations or rights may only be created between you and DTTI LLP upon execution of a legally binding contract. By using this material and any information contained in it, the user accepts this entire notice and terms of use.
©2018 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited