Seizing opportunities and mitigating risks from digital transformation

Industry experts from RSM, Stone Forest IT, Rajah & Tann and Microsoft shared insights on how businesses can seize opportunities from their digital transformation journey, while mitigating risks relating to cybersecurity and non-compliance with data protection regulations that come with it at our inaugural CIO2SME seminar on 21 September 2018.

Eileen Tan, Executive Director of Stone Forest IT, explained the process of progressing towards digital transformation, the effect of adopting digital technologies to impact all aspects of an organisation, including processes, competencies and the business model. “Businesses need to get into the mindset of embracing a cycle of change, as it will allow them to respond quickly and dynamically and make changes to their system or technology plan to support their operations,” she said. “Technology should be used to change the business model, instead of just converting manual or paper formats to digital formats, as this will significantly enhance business value.”

She said that the digital transformation journey starts with defining the vision and mission of the digital transformation plan, followed by identification of change agents who will advocate such transformation within the organisation. Next, the business goes through the six stages of digital transformation, the last of which is a periodic review of the digital transformation plan to ensure faster adaptation to changes. It should also invest in relevant, scalable and sustainable tools to help in different stages of the digital transformation.

Independent consultant, Tham Kok Wing, stressed the importance of cyber crisis management at a time when the rising popularity and adoption of mobile devices is expected to turn websites, apps and other channels, especially social media platforms, into a major cybersecurity battleground.

“Companies need to identify early warning signs of a possible breach through monitoring and tracking. Have a clear action plan with an integrated approach for an appropriate and timely response, while activating assets for support and recovery,” he said.

Hoi Wai Khin, Director of Risk Advisory at RSM, explained how an organisation’s technology risk programme can balance security and resilience requirements with strategic objectives and risk appetite.

“Companies need to identify their ‘crown jewels’, or most important assets, and assess all risks relating to those assets,” he said, adding that cybersecurity insurance can help to mitigate the costs of addressing cybersecurity incidents.

Auditors also play a crucial role in cybersecurity as they help to identify and reduce vulnerabilities, as well as lower the risk of non-compliance with regulations that could result in hefty financial penalties.

“What oil used to be for countries is what data is now for organisations,” said Steve Tan, Partner & Deputy Head of Technology, Media & Telecommunications at Rajah & Tann. “One key concept is the Internet of Things, which is essentially machines talking to one another and the common thing among them is data.”

Such proliferation means that much is at stake today, ranging from corporate and customer data to trade secrets and employee details. Data breaches may also happen due to human error, not just cyberattacks, and result in legal liabilities such as regulatory non-compliance and failure to perform contractual obligations. It is therefore important for businesses to seek assistance from the right data security specialist and train staff adequately in compliance with the Personal Data Protection Act, Steve said.

Adrian Tan, Partner & Industry Lead for Technology, Media & Telecommunications at RSM, shared his views on data analytics for SMEs. “Data analytics is the extraction of actionable insights from the organisation’s vast pool of data,” he said. “The ability to embed data analytics into businesses and processes is necessary regardless of industry or size.”

However, he noted that such integration is challenging for many firms as they lack a digital strategy, perceive complexity in the process and do not know where to start. Adrian added that RSM’s data analytics team developed a five-step framework to address this issue. It starts with clarifying business needs, followed by listing data requirements, extracting actionable insights, adopting agile solutions, and replicating and scaling up practices that work for the organisation across different business units.

He also shared actual cases of how data analytics can be applied in any one of four categories — classification, visualisation, detection and prediction.

For classification, machine learning is used to classify online customer reviews into topics and sentiments.

Visualisation techniques are used to translate data into actionable insights. “Well-designed dashboards can be very powerful and many business intelligence tools can be easily integrated into systems,” Adrian said. For example, an F&B restaurant chain may use an interactive heat map that shows total revenue by outlet and time of day, facilitating data analysis and identification of unusual phenomena.

Applications of detection include identification of duplicate vendor payments, possible split purchases to circumvent approval limits and fraudulent or excessive employee claims.

Data analytics can also be used to predict future sales, frauds before they snowball and customers’ buying behaviours. “If the assumptions and models used are appropriate, there will usually be high predictive accuracy,” Adrian said. “The process of turning data into insights is, first and foremost, about embracing transformation.”

CIO2SME 2018 was held at Lifelong Learning Institute with the theme, “Continuity, Compliance and Cloud Technologies for Successful Digital Transformation”. The event ended with a panel-cum-Q&A session.