We noted you are experiencing viewing problems
-
Check with your IT department that JWPlatform, JWPlayer and Amazon AWS & CloudFront are not being blocked by your network. The relevant domains are *.jwplatform.com, *.jwpsrv.com, *.jwpcdn.com, jwpltx.com, jwpsrv.a.ssl.fastly.net, *.amazonaws.com and *.cloudfront.net. The relevant ports are 80 and 443.
-
Check the following talk links to see which ones work correctly:
Auto Mode
HTTP Progressive Download Send us your results from the above test links at access@hstalks.com and we will contact you with further advice on troubleshooting your viewing problems. -
No luck yet? More tips for troubleshooting viewing issues
-
Contact HST Support access@hstalks.com
-
Please review our troubleshooting guide for tips and advice on resolving your viewing problems.
-
For additional help, please don't hesitate to contact HST support access@hstalks.com
We hope you have enjoyed this limited-length demo
This is a limited length demo talk; you may
login or
review methods of
obtaining more access.
Printable Handouts
Navigable Slide Index
This material is restricted to subscribers.
Topics Covered
- Value of risk management
- Risk scenarios
- Top-down and bottom-up approach to risk
- Risk factors
- Risk scenarios
Links
Series:
Categories:
Talk Citation
Barthel, A. (2025, May 29). The relationship between digital risk and operational risk [Video file]. In The Business & Management Collection, Henry Stewart Talks. Retrieved July 3, 2025, from https://doi.org/10.69645/SSRR3809.Export Citation (RIS)
Publication History
- Published on May 29, 2025
Other Talks in the Series: Digital Risk
Transcript
Please wait while the transcript is being prepared...
0:00
Hi. My name is Amalia Barthel.
I'm an advisor, consultant,
and educator in the
areas of digital risk,
digital data risks, privacy
compliance, and governance.
In this talk in the
digital risk series,
we will explore the
relationship between
the digital risk and
operational risk.
0:22
The post pandemic world has seen
an exponential increase in
startups and innovative hubs.
Organisations have new
competitors on a weekly basis.
One aspect in the survival of
any business is
operational resilience.
We will explore the
critical components of
digital risk that
impact operational risk
and we will look at some good
hygiene practices in this area.
In the NIST special
publication 800-39,
we saw the three layers where
risk needs to be addressed.
Organisational level
as the first layer,
mission/business process
is the second layer,
and finally, the third
layer the operations layer.
1:05
At the organisational layer,
the board and senior management
have to look holistically
at all the risks that will
impact the mission
of the organisation.
Risks such as financial,
environmental,
socio-economic, legal,
regulatory, and digital risk.
While all the risks must be
translated into policies,
strategic priorities
to take advantage of
certain opportunities
or avoid others,
the digital risk in
particular is the one
that further permeates
into the execution layers
and the day-to-day
operational layers.
The risk is further
defined through
risk tolerance and thresholds
converted into controls.
How to define these metrics
and acceptable levels
is the topic of our next talk,
but for now, we will focus on
the relationship between
digital risk and
operational risk.
An organisation needs to set up
various gatekeepers for
risk and that can be
achieved through
assessments of risk
throughout its business
and IT processes.
In operations, it is
IT and information
security that are most
likely to be responsible
for managing
the risk introduced by
the initiatives and the
projects of the business.
The enterprise risk management
group is considered to be
the second line of defense
against risk manifestation.
An IT risk council may be
established to consider
IT risk in more detail
and advise the ERM enterprise
risk management committee.
Committee members are usually
drawn from the board and
the CEO chairs the committee.
They need information about
the risks being addressed in
the operations and how
these risks are being
managed and monitored.
Senior management and governing
bodies collectively have
responsibility and
accountability for
setting the enterprise's
objectives,
defining strategies to
achieve those objectives,
and establishing
governance structures and
processes to best manage
the risk in accomplishing
those objectives.
As the first line of defense,
operational managers
own and manage risk.
They also are responsible
for implementing
corrective actions to address
process and control
deficiencies,
but in practice in small
and medium organisations,
the risk function may not
be adequately resourced,
so it is important for the
department managers to blend
in the various activities of
the risk function
within their own.
They have to encourage
the knowledge,
regarding risk identification
within their teams and
a risk and compliance
aware culture throughout,
including the proactive reporting
and escalation of risk.
This can be achieved
through training
their staff so they
can understand
the commercial reality of
the impact of risk and the
value of risk management.
It may include
competitive,
operational, regulatory,
and compliance requirements,
although there may be risk
common to a certain industry.
Each enterprise is
unique in terms of how
these risk items impact
specific enterprise objectives.
Risk management often involves