Governance and risk management is a designed strategy tactic that assists in aligning the IT responsibilities with a business’ corporate goals, efficiently mitigate risks and ensure staying up to date with compliance. Before, over 62% businesses experienced critical risk events in the last three years. This has changed, with almost all businesses experiencing risk in the past six months due to the pandemic.

Governance is simply a combination of approved procedures implemented by the operations and executive team that ensure all the organizational tasks are aligned and managed to support the company’s business goals. Risk management involves prediction and structured strategies to manage risks or opportunities which directly relate and affect the business. It aims to bring into effect a working strategy in uncertain situations which are all-inclusive, including IT risks and management functions. The effort of ensuring the organization adheres to mandated laws and regulations that affect the system is ‘Compliance’. Adhering to compliance means using IT controls and auditing to ensure operations function as proposed.

In recent, our disaster recovery planning was about the availability of technology resources. We assumed our teams would be available in one location or the other. During the lockdown, the situation was reversed. While our technological resources were in place, our teams were unavailable or could not reach the business operations location without risk of exposure to the COVID-19 virus. Governance, Risk and Compliance (GRC) is a mature practice in a financial institution, primarily looking at operational risks, regulatory compliance, and credit risk. GRC should be understood in terms of business performance relating to employee productivity, operational efficiency, employee safety, competitive differentiation, and organisation reputation. Effective GRC reduces cost, improves performance as well as productivity. As organisations mature, an integrated enterprise-wide reporting system, across all functions helps achieve the objectives of risk management. An internal audit team further works with each of the departments to identify key risk indicators and set a ranking the appetite monitoring the compliance.

We at NxtGen Technologies are a datacentre and cloud services provider, our availability and performance are critical to over 1,000 enterprises and some key government organisations including the Ministry of Health & Family Welfare, which was on-ground, front-facing the crisis, fighting this pandemic. As part of our future of businesses outlook, we strategized enterprise risk and set up a lean risk-management team three years ago which directly reported into me. Understanding that risk is an organisation-wide initiative, that touches every single department and it is ideally driven as a top-down agenda, the team had been looking at various aspects of technology, financial, operational, and strategic risks and had taken small but critical steps that allowed to come out unscathed during these tough times. Planning and having a risk-management team enabled us to effectively roll out an emergency plan enabling our technology operations team to work and deliver a seamless service remotely, from the safety of their homes.

As part of the agenda, our risk-management team has the following focus areas which are continually reviewed by the senior management as part of the business’ quarterly review. While our strategy focuses on identifying external threats to the business from the market like competition, it also including learning and adapting as per the customers evolving preferences and requirements. The quick technological changes present a constant rick including vendor dependencies which need to be immediately addressed. Employee performance, customer satisfaction and similar challenges are covered under operational risks while credit control, statutory compliance, insurance and legal are identified and managed under financial risks.

Governance establishes the understanding of the risk management context, identifying and quantifying the risk appetite which helps us to assess and prioritise risk management investments. A strong compliance process for monitoring and reviewing the risk environment and the strategies is critical for the success of enterprise risk management. With businesses constantly evolving today, our conversations with our customers today focus on enabling them to effectively address the crisis and maintain seamless operations in this new reality. With the increased awareness, organisations today need to be more agile with risk management, across Governance, Risk and Compliance (GRC). It is not only the business environment that has changed but perhaps there will be new regulations and permanent operational changes that will impact customers and employees as well.

Organisations have to prepare for new and emerging threats to the business, a strong commitment to a strategic GRC embedding helps organisations cope and surface stronger through difficult situations.


A S RajGopal