Cloud technology: Governing it and managing risks in business
Many businesses worldwide have embraced cloud technology as an essential component of their digital transformation journey. In Bangladesh, most leading organisations have started migrating and implementing their enterprise resource planning (ERP) applications on cloud infrastructure and storing many of their business documents on cloud storage.
These new practices symbolise progress towards building a digital enterprise and help organisations drive new business models and create value for their stakeholders. However, business leaders of these leading organisations must be mindful of a critical component of this transformation journey - managing risks and compliance.
Inadequate focus on risk management while transforming the business may lead to severe consequences, including cyberattacks, interruption of business operations, regulatory non- compliance and cost overrun. Each can be impactful enough to erode all the business benefits envisaged through adoption.
It should be noted that all organisations that have adopted cloud technology are not necessarily cloud-powered.
A cloud-powered organisation understands and acknowledges that its transformation journey will likely create new business risks. So, it revises its risk management plan and implements it accordingly. According to a PwC analysis, cloud technology can impact risks and controls in several ways. There should be a multi-pronged approach to address risk management while running cloud adoption programs.
First, a cloud-powered organisation should implement a mature cloud governance framework. PwC's analysis found a direct correlation between an organisation's cloud maturity and its risk management maturity. The cloud-powered organisations are likely to assess their cloud controls more regularly than non-cloud-powered organisations. Moreover, these organisations are likely to develop more formal controls which are relevant to cloud operations. They are also likely to define the responsibilities of various functions internally and externally, including those of the cloud service providers.
For example, one of the critical risks of cloud adoption may be unallocated costs. A cloud-powered organisation involves its finance function to prepare and implement the cost allocation model and regularly reviews it through the governance framework. Next, a cloud-powered organisation must understand the importance of collaboration in managing its risks and incorporate risk management into its cloud strategy.
While a PwC analysis recommended organisations start planning their risk mitigation strategy at an early stage, more than half of the organisations surveyed did not begin their risk management processes early enough.
Remediation at a later stage of the transformation will likely be more costly and may lead to delays in the value-creation process. Therefore, it is essential to collaborate and work together through the transformation process.
For many organisations in Bangladesh, CEOs make key transformation decisions. They must be actively involved in revising and reviewing the risk management plan along with the organisation's risk management leader and transformation leader.
Finally, a cloud-powered organisation should be aware of the regulatory landscape and the impact of the changing regulations on the business. The rules around cloud technologies will likely remain ambiguous and mutually overlapping soon. Multiple regulators are also likely to control the risks of cloud technology through various measures.
Though essential, relatively newer regulations, such as those on data protection and data privacy, are likely to create hindrances in the cloud adoption journey if they are not understood and complied with. Bangladesh's organisations have made significant progress in cloud adoption over the last few years. The time has come for business leaders to plan and implement robust cloud governance frameworks and leverage them to create value for their stakeholders. Arijit Chakraborti is a Partner with PwC.