Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

Cyber Risks and Controls Through the COSO Lens

June 26, 2018 2-min. read

CIO Operational Priorities

IT leadership priorities are shifting as a result of the extreme political, economic and technology changes in recent years. 2017 brought back a focus on IT performance stability, a change from recent years. The top two increases and decreases of CIO operational priorities are in the table below to illustrate the current focus of Chief Information Officers.

    Change in IT Leadership   Priorities
 
    Largest Increases:
 		     Increase Over Previous Year:
 
    Delivering   consistent and stable IT performance
 		     21%
 
    Developing   innovating new products/services
 		     21%
 
    Largest Decreases:
 		     Decrease Over Previous Year:
 
    Reputation   management via social media technology  
 		     -29%
 
    Better   engagement with customers/prospects
 		     -18%
 

When it comes to adapting company technology to the aforementioned changes, the single most popular response by IT leaders was to create a nimbler technology platform. However, unpredictability tends to throw a wrench in the budget planning for technology and makes it more difficult to drive further investments in cyber security. Finding a way to work with these restricted budgets is becoming a main approach for smaller organizations that don’t have the proper resources to address rapid unpredictability.

Another point should be made: over-optimism is still rampant among the IT industry. Survey respondents feel that the responsibility for project failure rests primarily with “weak ownership.”

People, Skills, Talent

The women occupying IT leadership roles remained the same in 2017 and still occurs more frequently in larger and mid-size organizations than in smaller organizations. There was a 3% increase in senior female IT leaders, those holding positions such as CIO, CTO and COO, from 2015 to 2016. This transitions into the point that diversity initiatives are only present in one-third of organizations.

The types of demanded skills for technology are big data/analytics and business analysis. However, enterprise architecture grew over 7% in 2017 as a result of new digital innovations making a more complex portfolio landscape. The results imply that many organizations are in the process of re-architecting their enterprise.

Dealing with Digital

Cultural resistance to change has been a recurring problem for IT leaders and this was reflected again in 2017. Easily implementing new technologies is also an impediment worth mentioning because IT leaders feel that it is difficult enough to innovate without also having to surmount obstacles of the new technology.

Managing the Technology Function

An interesting change in investment motivation comes with cloud technology. Respondents investing in it now are doing it less to save money, and more because IT leaders value its’ reliability, agility and responsiveness. Also, confidence in cyber security has steadily declined over recent year as the number of serious attacks increases. However, boards are showing much more support for IT leaders finding difficulty in IT and data security.

CIO Careers

The job satisfaction of CIO’s is becoming an increasing concern because of the many risks, environment changes and exposures that must be considered concurrently. Respondent indicated a 2% increase in a “very fulfilling” response to their current CIO role from 2016 to 2017. 

Click the link to download the presentation.

Citation: “COSO IN THE CYBER AGE” Deloitte. June 26, 2018.

More From Enterprise Risk Management Initiative

How do you effectively communicate risk insights to a board of directors?

Approaches to Communicating Risk Insights
cover fo 2024 global risk oversight

2024 Global State of Risk Oversight: Managing the Rapidly Evolving Landscape
photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks