Anna Daly: ‘Going freelance was a risk. It’s a scary world without the security of a regular salary!’
Anna Daly: ‘Going freelance was a risk. It’s a scary world without the security of...

Sarah Finnan

Here’s your guide to navigating perimenopause and menopause
Here’s your guide to navigating perimenopause and menopause

IMAGE

Biophilic kitchens: 8 steps to embracing nature indoors
Biophilic kitchens: 8 steps to embracing nature indoors

Kelly Edwards

December Guide: All the best events happening this month
December Guide: All the best events happening this month

Sarah Gill

Myrrh scents to gift and receive this Christmas
Myrrh scents to gift and receive this Christmas

Holly O'Neill

My Start-Up Story: One architect’s journey to independence
My Start-Up Story: One architect’s journey to independence

Leonie Corcoran

48 hours in Waterford city: A perfect winter weekend
48 hours in Waterford city: A perfect winter weekend

Megan Burns

Meet the Irish woman embracing change and diversity in tech
Meet the Irish woman embracing change and diversity in tech

Leonie Corcoran

Jill Taylor shares how busy professionals can stay fit without sacrificing time
Jill Taylor shares how busy professionals can stay fit without sacrificing time

Edaein OConnell

Sex, Stigma, and Social Media: Dr Caroline West on Ireland’s changing attitudes
Sex, Stigma, and Social Media: Dr Caroline West on Ireland’s changing attitudes

Edaein OConnell

Image / Agenda / Business
Sponsored

From data breaches to AI and cyber security, an IT Risk expert on why every business needs to look at how they use technology

Sponsored By

By Megan Burns
06th Mar 2023
Sponsored By
From data breaches to AI and cyber security, an IT Risk expert on why every business needs to look at how they use technology

Technology is essential to the smooth running of business today, but it can be tricky to keep on top of its potential pitfalls. Diane O’Regan, Senior Manager in IT Risk Assurance at PwC, explains why it’s so important.

As the technology we use every day becomes more and more complex, so too do the potential risks for those that rely on it for their businesses to run smoothly. The devastating impact of cyberattacks has hit headlines, data breaches are frequently flagged, while the rapid progress of artificial intelligence has equal potential to be useful and problematic.

*Want to learn more about cybercrime protection? Watch our virtual event on demand HERE*

Diane O’Regan, a Senior Manager in IT Risk Assurance at PwC, points out that there are very few companies that are not reliant on technology. “If you use one system for payroll, that’s really important – and even small businesses like taxi drivers and takeaways are now reliant on apps. Everyone is using some sort of technology, and everything is only becoming more digitalised.”

Those risks are what she and her team are always trying to stay ahead of and identify for their clients. “We’re looking for any type of risk that stems from the use of IT systems and technology that can impact your business,” she explains.

It’s an area that she says is fascinating for its breakneck speed of change, and she loves delving into the workings of each company to identify where problems might arise. She came to the role, however, almost by accident, with no IT experience.

“I actually studied accounting, and applied for a job in Financial Audit in PwC in Cork. Before I started, they asked if I would be interested in a split role between IT Audit and Financial Audit. Given that everything was becoming so digital, I thought, why not? I only lasted about a year in the split role before I asked to move into IT full-time – I just found it so interesting.”

She has upskilled over the years, while also learning on the job. As technology rapidly advances, there are always new developments to stay on top of. “It’s constantly evolving and changing,” Diane says. “When I started, we mostly focused on the systems that were driving everything, but over the last few years, there’s been a huge focus on cybersecurity. We’re seeing bots and artificial intelligence being used in a lot of businesses; you have to run to keep up with it. No two companies really face the exact same risks – they might use a lot of the same technologies, but in really different ways and can have very different control environments.”

A common problem she sees in companies is a struggle to keep up with the pace of change. “If you don’t have a good foundation of your basic IT general controls: your access management and your change management, things can very quickly get ahead of you. Cybersecurity attacks are getting more and more sophisticated; people are generally learning from what happens to other people and trying to implement changes as quickly as possible. But it’s not always a quick fix, especially when the technology is so heavily used day to day; IT teams are trying to keep the business going.”

She understands that it is difficult for small businesses especially to stay on top of these rapidly changing needs. “The size of the IT team is a huge factor –  bigger IT teams can separate out and manage what they’re doing a lot easier than smaller ones, where a couple of people, or even just one person is responsible for everything, and that brings its own risks.” She makes the point, however, that even simple changes can go a long way, so it is always worth asking experts like her team for their advice. 

“Sometimes the fixes we recommend are very simple, businesses can try and over-engineer things without doing the basics first, so some straightforward changes will make their life so much easier.”

Over the last few years, there’s been a huge focus on cybersecurity. We’re seeing bots and artificial intelligence being used in a lot of businesses; you have to run to keep up with it. No two companies really face the exact same risks – they might use a lot of the same technologies, but in really different ways.

Her advice for any business concerned about their IT security is to focus on their basic controls for whatever systems they use. “There’s a lot of legislation out there, but there’s a lot of overlap in it. If you get some of that foundational control right, it really makes it a lot easier to add bits and pieces as you go rather than running around trying to tackle them all in isolation.”

She also advocates planning ahead when implementing any changes to your IT systems. “Building in the kind of controls you’ll need early on is key. Generally, there is a lot of pressure on IT teams to get things done quickly, but by thinking about those things upfront, it can really help the speed of the whole process, rather than trying to come back to it later and figure out where you should have put controls in, and maybe need to reconfigure the system.”

With pressure to deliver high-quality work, as well as often working to strict audit deadlines, it’s a role that comes with a certain amount of pressure, but Diane says that over the years she has found that dealing with this is about good management.

“Managing people’s expectations, managing your team and your deadlines is hugely important,” she explains. “Everyone that I see in PwC who is really successful can manage other people well. Pretty much anyone can pick up the technical knowledge required, but it’s about being able to manage relationships well that separates the best people.” 

And although IT in general is still quite a male-dominated field, Diane says that she hasn’t found IT Risk to follow the same pattern. “I think it’s because there are so many different avenues – you don’t have to have studied IT. There are people with accounting, economics, and finance degrees – all of that merges into risk and control, so you have a bigger pool to choose from.” 

She would encourage any women who are considering the sector to pursue it, not only for its exciting pace of change, but also the ability to focus on what interests you. 

“You can specialise in certain industries, or work across lots of different ones. There are lots of different avenues you can go down. Even within PwC, in our Risk team we have people from so many backgrounds all doing different things. And it only gets more interesting as technology advances.”

Managing risk isn’t about responding to change. It’s about changing the way we see risk, shifting our perspective and considering different angles to anticipate and be agile. To find out how PwC can help your business, visit PwC.ie.

Photography: Kieran Harnett