Information Technology (IT) has enabled energy companies to enhance operations through solutions that provide, among others, near real-time visibility, data-driven analysis and decision making, and mobility. While these advances have supported and informed a shift in business models across the value chain, they also increase exposures and require improved IT risk management (ITRM) processes.
Highlights from the report include the following:
• Energy companies face increasing IT risk complexities and regulatory challenges, calling for strategic investment in end-to-end ITRM operating models.
• An energy company’s ITRM function must address a prioritized IT risk profile and better integrate with IT operations in order to stay ahead of the evolving risk curve.
• A robust ITRM function manages and optimizes related processes and tools with a goal of improving risk awareness, operations effectiveness, and financial efficiency.
• Energy companies should establish their overall risk appetite, evaluate the risk inventory on a continual basis, and accordingly tune related strategies to throttle the amount of risk that will or will not be taken.
• Energy companies should involve business and IT leadership to define a line-of-defense model that integrates risk functions to adjust risk appetite over time, maintain the “control blanket,” and share risk information for timely responses and operating model enhancements that stick.
• Now is the time for energy companies to design and operate end-to-end, sustainable ITRM operations that enhance business prospects and are scaled to a company’s risk appetite.
About the authors
Joshua Galvan is a principal with KPMG in the US leading efforts in KPMG's Emerging Technology Risk practice.
Chris McDonald is a director with KPMG in the US and assists clients in establishing and improving their IT operational processes, IT internal controls, and IT governance structures.