Managing IT Risks
Jean-Roch Sibille, Chief Risk Officer, Allianz Life Insurance Company of North America
Before going into the details of managing IT risks we need to establish what the role of the risk management function is and what it means for a company to establish a risk strategy. Firstly, what is the role of risk management? Essentially, the objective of the risk function is to secure a sustainable future for the company. This means to protect the company on the one hand (e.g., to keep it away from bankruptcy), and to support the success of the company on the other hand (e.g., to ensure it is profitable in the long term). The former is the traditional role people associate with risk management while the latter is also critical, and often more complex. It means that the risk function has to help the company to taker manageable and controlled risks. More precisely, it has to ensure that the levels of risk are acceptable and fit within the company risk appetite. To enable this, one critical dimension is to regularly assess the risks and to communicate the results to the leaders of the organization, typically the Board of Management (BoM). The BoM will then have the responsibility to set a level of risk appetite for the reported risks, consistent with the available resources and targets of the company.