Technology risk radar
2mQgADD
2mQgADD
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
22<br />
Energy and natural resources<br />
Nathan Cain<br />
Joshua Galvan<br />
1<br />
2<br />
3<br />
4<br />
Poor <strong>risk</strong> management alignment across<br />
organisation and process<br />
Dependence on inflexible and under<br />
supported legacy systems<br />
Poor cyber security, cyber-crime and<br />
unauthorised access<br />
Non-compliance with regulation and<br />
legislation, e.g. privacy<br />
7<br />
4<br />
1<br />
2<br />
5<br />
6<br />
However distinct the components of the energy and<br />
natural resources sector, with their very different processes<br />
and customers, we see them sharing various prevailing<br />
technology <strong>risk</strong>s today.<br />
Consider first the <strong>risk</strong> of data loss and theft, particularly with<br />
respect to a company’s most valuable assets. For oil and<br />
gas companies, this translates to engineering specifications,<br />
reserves and reservoir data, and technical solutions and<br />
processes for extraction, manufacturing and distribution. For<br />
utilities this includes customer data, with all the privacy and<br />
reputational implications this brings.<br />
5<br />
6<br />
7<br />
8<br />
9<br />
Lack of IT strategy and lack of board<br />
representation<br />
Inadequate data quality and lack of<br />
capability to leverage data to manage <strong>risk</strong><br />
Inability to deploy and exploit<br />
emerging technology<br />
Failure to deliver programmes and to<br />
build in control, resilience and security<br />
Reliance on, and poor security and<br />
control in, vendors/third parties<br />
HIGHEST<br />
RISK<br />
11<br />
3<br />
9<br />
10 9 8 7 6 5 4 3 2 1<br />
8<br />
10<br />
12<br />
LOWEST<br />
RISK<br />
ENR businesses can be incredibly complex and so another<br />
<strong>risk</strong> is that of shadow IT – solutions implemented, configured<br />
and managed by a non-IT competency in a business unit.<br />
Shadow IT introduces various <strong>risk</strong>s such as security, integrity,<br />
software licensing obligations and unnecessary IT systems<br />
landscape and operations complexity.<br />
The aging computer platforms so common in the industry<br />
introduce <strong>risk</strong> in the platforms themselves and more<br />
often in their replacement. Too often the associated<br />
large projects aren’t well managed and the full remit of<br />
business and technology requirements are not properly<br />
understood. We have seen many problems with related<br />
system implementations causing significant operational and<br />
customer-facing issues.<br />
10<br />
11<br />
12<br />
Ineffective service management<br />
and delivery<br />
Ineffective IT asset management<br />
Inadequate resilience and disaster<br />
recovery capability<br />
The root causes are several and interlinked. To start, many<br />
companies in the sector have an increasingly complex<br />
footprint. International oil and gas companies, for example,<br />
can have more than 10,000 applications in production.<br />
Companies find it increasingly difficult to manage this<br />
footprint with sufficiently high standards that provide the<br />
needed continuity of performance, security and availability.<br />
© 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.