A New Governance Approach to Manage Risk in the Digital World

Data has become the beating heart of enterprises from Nike to Novartis, as they transform their business and its functions – from manufacturing to marketing. While the customer, of course, is still flesh and bone, everything else is or will be, digital.




The age of digital convergence is here, and with it comes new risks that require a consistent assessment to ensure stability.


It has become a cliché to say that we live in a data-driven world. Data has become the beating heart of enterprises from Nike to Novartis, as they transform their business and its functions – from manufacturing to marketing. While the customer, of course, is still flesh and bone, everything else is or will be, digital.

The opportunities of digital convergence are a major focus across all industries be it retail or aerospace. Convergence is multi-faceted. It requires investment in an ongoing change to processes, people, infrastructure, and systems. Similar to the earlier IT revolution, industries look to niche and specialised skills in data analytics, machine learning, intelligent automation, artificial intelligence, and cybersecurity for their digital transformation.

Digital technologies evolve rapidly, requiring speed and agility that is often better represented in specialised third parties. Consequently, these third parties have come to play a large role in the everyday operations and success of digital transformation efforts. 


Don’t Ignore Risk while Pursuing Value

This reliance on third parties comes with risks. Your entire sourcing chain is not merely a source of value; it is also a source of significant business risk. As enterprises aggressively innovate and co-create with third parties, they must be just as aggressive with tools to measure and track risk identification, controls, compliance, and governance. In today’s rapid design, test, and implement cycles, enterprises must establish sophisticated governance protocols so that they are not blindsided by third-party risk vectors.

With the Regulatory sector is catching up, enhanced governance to test enterprise compliance capabilities and diligence is critical. For example, New York Department of Financial Services’ (DFS) cybersecurity regulation now expects DFS-regulated entities to have a cybersecurity program in place, which also includes protections of data at third-party providers. 

Regulations such as General Data Protection Regulation (GDPR), Consumer Credit Protection Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and The Common Rule, also known as the Federal Policy for the Protection of Human Subjects, are cross-industry challenges. No one along your sourcing chain is immune.

“In today’s rapid design, test, and implement cycles, enterprises must establish sophisticated governance protocols so that they are not blindsided by third-party risk vectors.”



In order to navigate the risk-filled digital world, one must adopt continuous risk monitoring. 


Enhance Your Governance with Continuous Risk Monitoring

Whether it is a new application, system, or the enhancement of an existing platform, changes are occurring at a faster pace. However, enterprises are still saddled with tried and true episodic Risk Assessments. Periodic governance audits and assessments are no longer sufficient. These traditional all-encompassing assessments, which often include 1,000 or more questions, place a very expensive demand on both the service user and provider.

Real-time, continuous, multi-category, risk intelligence for both third parties and operating locations is the alternative. Such continuous risk monitoring also adds teeth to governance protocols, allowing enterprises to focus on specific areas of third party risk that concern them – governance, financial, compliance, cybersecurity, etc. Industry-leading enterprises use our Continuous Risk Monitoring and Intelligence Solution, Supply Wisdom, as a critical component of their governance and third-party risk management programs.

Continuous risk monitoring enables enterprises to maximise Risk Assessment cycles and cadence, by using changes in behaviour to identify specific areas for review and avoid the time and expense of one-off risk assessments. More effective and efficient use of Risk resources and budgets is a universal goal. Solutions like Supply Wisdom will help you reach that goal.


Contribution by:

John Bree a Partner & SVP at NeoGroup. He is also a financial industry professional with a proven track record in developing and managing AML/CTF, KYC, Anti-Fraud and Vendor & Third-Party Risk Management programs.