The level of preparation in India for regulatory and technological risks

17 September 2018 Consultancy.in

As regulatory and technological risks become an increasing part of daily organisational life, a number of businesses in India remain unprepared for the upcoming disruption in these domains. Global professional services firm Deloitte reports that two-thirds of the senior management in Indian businesses feel that their risk management systems are inadequate.

Disruption is coming at Indian businesses from all directions. Digital disruption has now become a pertinent reality for most across the world, although the disruptive qualities in India are accentuated by its position as a global hub for IT services. The world is also currently contending with regulatory disruptions, as data protection regulations become increasingly stringent.

Despite being a European legislation, the General Data Protection Regulation is set to have a tangible impact on businesses in India as well, particularly those that manage data for international clients, in addition to multinational corporations with operations in India. The compromise of information for a host of Indian clients in the sustained Deloitte hack that took place last year is an example of why the act has been extended beyond only European firms.

Top three current risks

The incident also brought to light another major form of disruption that most firms will have to contend with in the near future – cyber risks. As firms across India digitalise at a rapid rate, the cybersecurity frameworks do not necessarily develop at the same pace, which has left many firms vulnerable to attacks in the digital domain.

Given the fact that GDPR was enforced only in May this year, regulatory disruption is currently viewed as the biggest threat amongst Indian firms, followed by cyber security and subsequently technological disruption. This scenario looks set to change over the next three years, however, as cyber risks will take centre stage, followed by disruption form technology, while regulatory disruption will become less relevant as organisations settle into GDPR compliance.

The combination of digital and regulatory disruption poses a huge risk to organisations in India, and most appear to be underprepared in this regard. Big Four accounting and advisory firm Deloitte has attempted to enumerate the precise indicators of organisational preparedness, based on which it has evaluated the risk scenario in Indian businesses.

Frequency of meetings with CROs

According to the firm, there are four key organisational changes that indicate preparedness to face risk. The most important of these – reiterated on many occasions throughout Deloitte’s report – is the involvement of the senior management and the board in risk management processes.

To have such procedures in place, a firm must have talent at its disposal that is specialised in risk management, which is Deloitte’s second recommendation. The last two recommendations are interconnected, in that they speak of specialised teams for risk management, and the allocation of sufficient funds to build the same.

Based on this assessment criteria, Deloitte found Indian businesses to be severely unprepared for risk management. 64% the of senior executives surveyed indicated that their organisation lacked the mechanisms to introduce such measures. Nevertheless, most organisations appeared to have a Chief Risk Officer (CRO) in place, and 61% of these incorporated the position into their senior management levels.

Frequency of risk management policy reviews

The problem appears to lie in the communication channels between these CROs and the senior management of an organisation, specifically the CEOs and the Board. Most firms surveyed lacked scheduled meeting times between CROs and the senior management. Of those who did, quarterly meetings were the most frequent schedules, followed by annual updates – an inadequate scenario given the constant nature of cyber and digital risks.

Most organisations also lack the mechanisms to improve on their risk management policies. More than half the firms surveyed review their overall risk management framework only once a year, while 37% do so annually. A meager 5% conduct a monthly review of their policies, and 7% have never conducted such a review.

However, there are promising indications as well, given that nearly 70% of the organisations review their risk management reports on a quarterly basis, and nearly half evaluate the effectiveness of their risk management strategy every quarter as well. The corporate culture of risk management, however, is reviewed primarily on an annual basis. 

More on: Deloitte
India
Company profile
Deloitte
Deloitte is not a India partner of Consultancy.org
Partnership information »
Partnership information

Consultancy.org works with three partnership levels: Local, Regional and Global.

Deloitte is a Local partner of Consultancy.org in Middle East, Netherlands.

Upgrade or more information? Get in touch with our team for details.

Send
Deloitte launches AI Advantage for CFOs solution
United States
Deloitte launches AI Advantage for CFOs solution Big Four accountancy Deloitte has launched AI Advantage for CFOs, an analytics and insights platform built in collaboration with AWS and Anthropic.
25 March 2025
Deloitte Canada acquires Vancouver-based Pocketed
Canada
Deloitte Canada acquires Vancouver-based Pocketed Deloitte Canada has acquired Pocketed, a Vancouver-based technology platform that helps businesses secure government funding.
14 March 2025
Deloitte appoints Suresh Kanwar to lead UK financial services business
United Kingdom
Deloitte appoints Suresh Kanwar to lead UK financial services business Suresh Kanwar has been promoted to head up Deloitte’s UK financial services wing. He also joins the executive committee, having first joined the firm nine years ago.
12 March 2025
Deloitte’s Belinda Willis named talent acquisition leader of the year
Australia
Deloitte’s Belinda Willis named talent acquisition leader of the year Employment platform SEEK has issued its latest annual HR awards, with Deloitte’s Belinda Willis named overall talent acquisition leader of the year.
11 March 2025
Deloitte launches Amplify internship program for graduates in Southeast Asia
Asia
Deloitte launches Amplify internship program for graduates in Southeast Asia Global audit and advisory firm Deloitte has launched a new internship program for graduates in Southeast Asia.
05 March 2025
Deloitte executive rejig complete as Joanne Gorton takes CEO reins
Australia
Deloitte executive rejig complete as Joanne Gorton takes CEO reins The Australian wing of professional services firm Deloitte has now completed its CEO handover to Joanne Gorton, with a number of its senior executives moving into new roles in the process.
04 March 2025
Currys and Deloitte partner for tech recycling push
United Kingdom
Currys and Deloitte partner for tech recycling push Currys is supporting Deloitte’s new ‘Recycle for Good’ launch. The partnership will empower Deloitte’s 25,000 UK staff to recycle their old tech and electricals at Currys stores.
27 February 2025
Thailand-based product innovation consultancy Appsynth acquired by Deloitte
Asia
Thailand-based product innovation consultancy Appsynth acquired by Deloitte Appsynth, a digital consultancy in Thailand, has been purchased by Deloitte, which has integrated the acquisition within its Deloitte Digital outfit.
27 February 2025

Risk & Compliance news

Risk & Compliance consulting firms Risk & Compliance consulting services