Where Is Your Data? Who Has Your Data? Part 2
Last month, we discussed the first three priority risks for 2019 according to the latest Gartner research. The risk areas include: 1) Cybersecurity Preparedness; 2) Data Governance; 3) Third Parties; 4) Data Privacy; and 5) Ethics and Integrity.
Most organizations have the ability to mitigate these risks, reduce the likelihood of their occurrence, and reduce the impact if the risk does occur. Has your organization taken steps in this direction? If not, what are the road blocks, and how can you get over the bumps in the road and past the walls?
This month we will continue discussing the steps to mitigate the last two risks.
Data Privacy
It is common practice for organizations to hold consumers private data to support their operations. Data breaches have increased 44.7% from 2017 to 2018 and show no signs of decreasing. Data privacy has become a competitive edge and important for the survival of an organization. Consumer trust is on the decline. In the US, only 25% of consumers believe that companies handle sensitive data responsibly. The following are steps an organization can take to reduce data privacy risks.
- Organizations subject to General Data Protection Regulation (GDPR) should comply with the regulatory requirements since noncompliance carries the potential risk in the areas of fines and reputation.
- It is important that organizations view data privacy and security as a competitive advantage. This needs to come from the top down involving senior management and the board. Develop strategies to improve consumer confidence in your organization’s ability to handle their data responsibly.
- Share your data security policies with consumers, be transparent about any data breaches, and allow consumers to self-manage their data.
Now is the time to build consumer confidence in your organization’s ability to safeguard their data.
Ethics and Integrity
Social media has changed the ability for organizations to keep ethical infractions out of the public spotlight. Seventy-seven percent of Americans want organizations to speak out when organizational values are threatened. Trust is an important factor in job satisfaction for 89% of employees. The actual and perceived ethics and integrity of an organization is a risk that should be addressed at the board and senior management levels. Some key areas where risks are high include gender and racial bias, and digital ethics. Digital ethics risks are increasing as organizations rapidly develop analytical and artificial intelligence based automation that interacts with consumers. The following are some steps to reduce risks in these areas.
- Assess the equity of pay and promotions across employees performing similar job duties and take steps to correct any inequities.
- Require all employees and board members to attend annual ethics and sexual harassment training. Include a process to assess the employee’s knowledge and understanding of right and wrong.
- Complete an independent assessment of the organization’s ethical culture. Is what is in writing and conveyed in the media the same as the tone at the top? Are these ethical values apparent in all levels and silos of the organization?
- Require consideration of ethical implications during the development and use of data analytics and artificial intelligence. Does the available data result in bias? Does the use of consumer’s data infringe upon their privacy rights?
The ethical culture of an organization has a large impact on the level of risk within an organization. The first line of defense is your employees. Their daily interaction with the public, consumers, vendors, and other stakeholders impacts the risk level within the organization. Taking steps to create and maintain an ethical culture is a key risk mitigation strategy.
In Conclusion
We have discussed the top five areas of risk for 2019 as identified by Gartner. Does your internal audit department have the skill sets to assess and report on inherent and residual risk in all of these areas? Are all of these areas on the senior management and board’s radar? Now is the time to be proactive and address these risks within your organization.
If you have any questions regarding this article, please contact Elaine Nissley, Principal at McKonly & Asbury at enissley@macpas.com.
About the Author
Elaine is a Director with McKonly & Asbury. Her primary responsibilities include management of the Internal Audit Services group. Elaine handles client relationships and is accountable for the delivery of high quality and timely d… Read more