Risk management strategy vital to e-business : KPMG

Without a wholistic risk management strategy that assesses an organisation's technology quality as much as its planning skills, e-business projects will fail.

According to KPMG's national e-business and e-assurances services leader Ted Surette, companies which embrace a fully integrated, company-wide, risk management strategy are likely to increase their value in the e-space faster and protect their brand, revenue channels and customer retention rate more than those with a piece-meal approach.

Surette said the four greatest risks in e-business are security, integrity of data, systems integration and privacy.

"These are the areas were organisations are failing because they do not address these holes early in e-business projects. They focus more on spending IT dollars for the sake of spending instead of managing risk," he said.

In back-end ERP systems management, Surette said the integrity of data offered to external parties was "dodgy", causing huge concern on an operational level.

"If your customer's looking at stock availability online, you're opening your back-end operation systems to them, so you've got to provide clean, accurate data," he said.

Security was also a top concern for companies ever wary of the threat of hackers from outside and within.

However, because Surette sees security risk management as a cultural issue, he says new forms of technology like digital certificates or smartcards need cultural acceptance in a company before being seen as necessary.

With more companies outsourcing their Web infrastructure and key enterprise applications to service providers, businesses are also realising the need to manage the outsourcing "well", he said.

"I know of projects where the management of ISVs has been weak. Because customers are keen to get the cheapest price, vendors are cutting back on the scope of projects agreed to from the outset," Surette said.

KPMG recommends a six-point risk management framework to manage e-business projects including an integrated strategy backed by all levels of management and the appointment of a dedicated executive to own the risk element of the project.

"A project manager with a solid understanding of a project's business drivers is essential; and while this task always raises operational versus strategic thinking issues, technical people are not necessarily the right leaders as business skills are more important," Surette said.

Join the newsletter!

Error: Please check your email address.

More about KPMG

Show Comments

Market Place