Role of risk officer in for big changes
Source: Asia Insurance Review | Dec 2020
The coronavirus pandemic has spurred the work-from-home culture which, in turn, has increased the cyber vulnerabilities of organisations. This has led to a change in the perception of the role of a risk manager. A new way of working for risk management professionals is emerging.
Deloitte India national leader (cyber risk and security) Shree Parthasarathy told financial daily Business Line, “The whole gamut of controls have gone for a toss with the ‘work from anywhere’ landscape. Operating models have changed.”
He said, “The role of the chief risk officer (CRO) will assume huge importance in the new way of working and this will be a role quite different from the current one wherein the chief information officer (CIO) also doubles up as the CRO.”
Mr Parthasarathy said there will be four big changes in the role of CRO. These four would be - the employee, the facility, the technology and the process.
Monitoring technology in the remote way of working will have to be different as the old ways of providing access may not be adequate. Finally, the process and control too will change.
Mr Parthasarathy said, “If you look at the governance structures, the employee comes under the purview of the chief human resource officer, the second (facility) will come under the facilities head, the technology is the CIO’s department and the fourth could be the compliance officer’s responsibility.
“So either you have a CRO whose responsibility includes parts of all four, or you could have a committee overseeing risks. Different structures and models will emerge in different companies,” he said.
Mr Parthasarathy said a major issue is that in the event of a cyber attack, most employees do not know how to respond and who to call. A