Risk assessment vital for corporate governance

The Star, In-Tech
April 15, 2003 - KUALA LUMPUR: Malaysian companies and government agencies wanting to stay ahead and bring corporate governance to a higher level should consider performing risk assessments on their information systems.

Risk assessment is an essential part of an overall risk management programme, Secure Tangent Sdn Bhd chief executive officer Beh Swan Swan said at a Know Your Risks seminar conducted by her company recently.

Shareholders and potential investors are constantly looking for company information that is easy to understand, analyse, complete, accurate and trustworthy in order to make decisions.

Thus it is important that organisations have a comprehensive, integrated and unbiased approach to assessing and addressing risk, she said.

Organisations must take a broader view of risk assessment and management. "Determining risk exposure should precede decisions on how to manage risks," said Beh.

"A comprehensive risk assessment that takes information systems into account will ensure a more complete identification of the risks involved and the potential losses that will be incurred if nothing is done about it," she said.

Proper risk assessment would help organisations determine whether they should reduce, transfer, or accept the risk.

By definition, risk is the possibility of loss. In most cases, risk is evaluated by two criteria: The probability, and the severity, of potential loss.

"Information systems are one of the critical risk areas which are often overlooked by the management. We have come across organisations that have been in business for years, and after a risk assessment on their core information systems, realised how exposed they were to one of their critical assets' potential loss," claimed Beh.

Risk assessment can be carried internally or by external parties. Its success will depend on management involvement and commitment level.

<< Back to SecureTangent Press Releases