Managing Digital Risk with David Bauer

The following insights come from David Bauer, Managing Partner at Sand Hill East LLC.

 What is your background in managing risk? 

In my 30+ year career I’ve been a Chief Information Security Officer, COO, CTO and Chief Privacy Officer for major companies.  Every one of these companies has unique business value, and I need to protect the company, so they are protected against risks.   

What are the areas I am interested in when assessing risks? Strategic objectives, risks associated with failure, why are these risks important to me, and how do I mitigate failure. In some areas, risk are well known – in security and business controls there are international standards that you can build a framework around. This is not the case with digital transformation and digital strategy.  Last year I put together a risk framework to evaluate a digital strategy. 

What are some of the dimensions of risk that need to be evaluated?  

Every company has a digital strategy, but the question is are they successful in implementing their objectives? Most companies have some sort of web presence and in a lot of cases this is the primary means for interacting with the customer. What they measure, such as the number of website visitors, doesn’t necessarily mean it’s important to the business.   

For instance, was the system that supports the website designed for online commerce? Amazon does this very well. Many legacy companies are challenged in not having a system designed for digital commerce. Sometimes there is no interfaceavailable that enables a partner to plug in and make the digital experience good for the user.    

What are some examples of poor digital strategy?

We looked at one company and inventory counts were not available in real time for online ordering in the application, and when you buy something it might say there are ten in stock and you order two – then you get a message later saying the item is out of stock. This is a poor digital experience. Systems need to be designed and thought about with the right kind of APIs. 

People have worries about channel conflict – if people can buy my product through my application and through another interface like Amazon or Walmart or Continental if it’s a travel app – then I’ve now allowed others to be an interface to my product. That’s exactly what the digital world is. You need to build your digital strategy so that the widest range of possible companies can connect to your product. And that’s just one example.

How do you assess risks to a digital strategy?  

When we do a digital strategy risk assessment we look at 15 different categories and asses an organization risks to success against those 15 categories. There are many categories that are not technology related. For example, how well does a digital strategy make use of customer preferences and habits and make use of that? Is it using that kind of information thoughtfully, with some design that’s backed up with data in order to drive that experience.  

Cross business and brand integration is another area that’s not directly related to technology. We’ve all had situations where your digital experience doesn’t translate across different parts of a brand.  Or the social media response which is a big part of digital strategy. I think most companies don’t do this very well. If people are making comments about your organization on social media, is the organization prepared to respond appropriately?  

What are some approaches to assess the effectiveness of something like a social media strategy?  

First the strategy has too look at whether you are monitoring social media, whether you have the ability to respond to complaints. You can apply traditional call center types of responses, like how quickly a complaint can be resolved, and whether an incident can be turned into a conversation with follow up and feedback. 

What are some key best practices in digital transformation?  

It’s hard to have digital transformation when your main communication is emailing PowerPoints to each other. This is very common, when a workforce has not evolved their own working style to translate to a broader digital transformation with customers. Another key practice is around data centrality – ensuring that all the parts of the business that need to can access clean, consistent data in real time. This is difficult of legacy companies, and Chief Data Offices and Data Architects are very important. Another key area is disintermediation risk – how to expose data and services to provide the best experience.