Network Security

The Power of Human-Centric Risk Assurance: A Journey to Success

Jenny Tan, President, ISACA SG Chapter

By Business OutstandersPUBLISHED: May 17, 17:57
Jenny Tan, President, ISACA SG Chapter
Jenny Tan, President, ISACA SG Chapter

As the leader of a global internal audit practice, including IT audit, at a leading real estate and fund management MNC, I, Jenny Tan, have dedicated my career to promoting technology awareness and adoption among business and IT professionals. Her achievements have been recognized through numerous awards, including the Top Woman in Security (SG & Asean) in 2022, Women Program of the Year Award (Asia) in 2022, Women in IT Outstanding Contribution Award (Asia) in 2021, and SG 100 Women in Tech recipient in 2021.

In today's rapidly evolving digital landscape, it is imperative that human-centric risk assurance takes center stage. As I have witnessed firsthand, relying solely on technology and automation to manage risk is insufficient. In this article, I will share my insights on the importance of human-centric risk assurance and offer practical recommendations for organizations to enhance their risk management practices.

The Importance of Human-Centric Risk Assurance

While technology can complement risk management efforts, it is not a substitute for human oversight. Human resources design, develop, implement, and use digital and technological solutions, which can lead to biases and ethical concerns. Therefore, it is essential to acknowledge that human-centric risk-based controls cannot be ignored. Processes are initiated and executed by human resources, making it crucial to consider the role of human error in risk management.

Key Components of Human-Centric Risk Assurance

I have identified several key components of human-centric risk assurance that organizations should prioritize:

Developers: Ensure that developers receive training on technology risks and incorporate security by design principles into their projects.

Testers: Ensure that testers are properly trained and that test plans are comprehensive, including user-designed test cases.

Users: Educate internal users on data protection and ensure that vendors and external users are aware of your organization's data usage and protection policies.

Governors: Incorporate risk management as a strategy that goes hand-in-hand with business strategies, and ensure that Boards and Management Teams acknowledge their risk management knowledge and responsibilities.

Recommendations for Implementing Human-Centric Risk Assurance

To achieve human-centric risk assurance, I recommend the following:

* Establish a project governance process across all business units.

* Ensure mandatory project training, including targeted ethics and security training.

* Establish a policy about information security that prohibits the use of approved freeware for corporate projects.

* Conduct crisis management simulation and training for internal users.

* Verify external users' control environmental strengths periodically.


In conclusion, human-centric risk assurance is critical in today's digital landscape. By prioritizing human-centric risk assurance, organizations can mitigate risks, ensure compliance, and foster a culture of transparency and accountability. As we continue to navigate the complexities of technology adoption, it is essential to remember that human resources are the backbone of any organization. By investing in human-centric risk assurance, we can create a resilient and sustainable organization that thrives in an ever-evolving world.izing the energy drink industry.


Subscribe to our Newsletter