Cybersecurity risk has been the top risk in the Chartered IIA’s Risk in Focus report for many years. It is a familiar risk to Chief Audit Executives (CAEs). You know the controls. But what about disruption? Like cybersecurity risk, disruption risk is inevitable and comes in many guises. We live in an age of uncertainty which leads often to disruption.
Like cybersecurity, disruption risk it is not about if but when. Your organisation’s response will determine success when the risk materialises. And it will materialise despite well managed controls.
This article looks at how organisations can start to take back control of disruption risk, and how you, as a CAE, can start to think about assurance as to how the risk is being managed.
Wondering why the photo of a lizard?
Let’s begin by looking at nature for inspiration.
The green anole lizard, when caught by a predator, can lose its tail and then grow it back. Within its tail are receptors that are switched on enabling it to disengage and then regrow. Its DNA includes a control mechanism that enables it to manage extreme risk and not only survive but to regrow.
Taking control of disruption risk
Years of evolution have taught the green anole that a long tail can be a weakness (risk) within an otherwise sound body (business model). Deploying a timely response to danger (disruption) is the difference between life and death for the green anole.
The same is true in the boardroom. Timely responses were required in March 2020 when the first lockdown was introduced to curb the spread of coronavirus. Likewise, when ransomware strikes, a hurricane blows through or wildfires draw near.
According to research by Accenture, 71% of organisations were either impacted or expecting to be impacted by disruption in 2018. Since…