International Finance
Event Insights Magazine May - June 2018

Enhancing enterprise risk management capabilities in business

Ahead of the ERM Middle East Conference, John Meakin, Group Chief Information Security Officer at GlaxoSmithKline discusses why risk is one of the biggest challenges in companies worldwide and the way ahead is to expand enterprise risk management capabilities

Risk is a constant consideration for any organisation. Both an obstacle and an enabler, a pitfall and an opportunity at different times, the concept of risk, and how best to understand it, remains one of the most pressing challenges facing all manner of companies in practically every major industry across the world. However, with the advent of dramatic, iterative change being ushered in by emerging technologies, combined with an increasingly complex and fast-moving social, economic and political global landscape, anticipating risk has become more important than ever.

To achieve this vital and constantly updating objective, organisations of every size, scale and industry are expanding their ERM (Enterprise Risk Management) capabilities. By preparing themselves to leverage new opportunities and avoid or at least mitigate the impact of potential threats, such organisations will gain the kind of resilience and flexibility necessary to survive and thrive in today’s rapidly evolving risk landscape.

Why is ERM such an important part of business today?
Business has always involved taking balanced risk decisions, but the number and pace of change of risks facing global businesses today is great than it ever has been. Technology-driven risks are a great example of this. Therefore, a rigorous and holistic approach to managing enterprise risks is essential.

With the advent of technology in major businesses, what are the biggest challenges of effective implementation of risk management?
The challenge for enterprise risk practitioners is to be able to identify, track and quantify the various risks and to assess them for remediation or acceptance. Technology-driven risks (such as cyber security) exacerbate this problem, as their identification of risks within systems requires significant specialist expertise. Nevertheless, technology can also be an enabler for the risk practitioners, as GRC systems have been developed as tools.

How can blockchain address the risks of data management?
Blockchain presents us with an opportunity to both manage a particular set of risks of fraud and abuse of business documentation recording transactions, as well as to use blockchain to provide trust and reliability in risk definition and treatment registers managed in a large, distributed government or business environment.

Can you explain the need for stronger security architecture today in business?
Cyber risks have multiplied over the past few years and the number and skills of external “threat actors” with motivation and malicious intent to do damage to business have grown similarly. This was well illustrated by the Wannacry and NotPetya incidents of summer 2017. Therefore, it is essential for any significant business to take a joined-up approach to security, fitting together the wide variety of tools, processes and educated staff in coherent architecture. Only this way do we stand a chance of mitigating cyber risks on a broad front.

How can a CRO enhance their role in an organisation?
The CRO’s role is to be the leader of a conversation with all peers across the business about all sorts of business risks and provide a common “language” for that conversation, so that the risks can be (semi) quantified in a consistent way and balanced risk decisions made collectively by business leadership. Therefore, the best tactic for a CRO is to be engaging, advisory, helpful and, above all, respected for their knowledge and ability to explain risks in applicable business terms.

About John Meakin:

Ranked as one of the top 100 CISOs globally, John is a specialist in information security with more than twenty years’ experience. He has previously been responsible for leading systems security in Standard Chartered Bank, Reuters, the Royal Bank of Scotland and Dresdner Bank. More recently he was Chief Info Security Officer at BP Plc for three years and led Deutsche Bank’s development of a new security strategy and innovative security solutions to meet the latest threats. Since April 2014 he has been Chief Security Officer for the leading international luxury goods company like Burberry and Richemont, supporting the varying needs of such renowned brands as Cartier, Montblanc and Chloe.

John Meakin will be speaking at the ERM Middle East Conference, organised by IQPC, from September 25-27, 2018 in Dubai, visit for more information.

Special 10% discount for International Finance subscribers to attend this event, quote ‘29502.001_IFP’ to to register.


Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.