10 Commandments for Achieving Operational ExcellenceMitch Ackles
This white paper is intended to provide a useful framework and guide for all Investment Management Firms.
Over the past 20 years the investment management industry, and specifically hedge funds, has achieved tremendous growth. As assets under management increased, so did diversification in strategies and investments. During that time investors have become very sophisticated in their selection of investments as well as the operational due diligence process. This growth and sophistication has reinforced the critical role of operational executives, and their teams’ responsibility to effectively manage the operational infrastructure. These are the people, functions and technology that are an integral part of keeping these firms thriving.
I have been on the operational side of the hedge fund business for 23 years, holding various senior positions. The first 8 years I had the privilege of being at Tiger Management, one of the premier firms at that time. The people I worked with were brilliant, the standards were high, the positive energy was contagious, and I felt honored to be a part of it. My background includes leading Global Operations for Tiger Management and Highbridge Capital, as well as having several COO positions for emerging managers.
I’ve witnessed and participated in the evolution of the operational side of hedge funds. In the early years hedge funds launched with mainly portfolio managers and traders, and relied heavily on their prime brokers to fulfill their back office needs. As assets grew so did the investment process, and subsequently, it was imperative to start building out an “operations group” within a hedge fund. Expansion from U.S. to foreign investments began, as well as diversifying from only equities and bonds to now including all types of derivatives and over the counter contracts. Also happening was the addition of multiple prime brokers to meet their “shorting” requirements. All these changes were occurring simultaneously.
The investment side of the business was growing so rapidly that the operations side had to quickly adapt to meet the challenge. As this expansion was happening the prime brokers were not as equipped to take on these new investments since their early model was built principally to support equity investments. Additionally, with hedge funds now engaging with multiple prime brokers, supporting them was even more challenging. Therefore, hedge fund operations, especially the larger firms, were taking back some of these functions from prime brokers to manage them more closely.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
10 Commandments for Achieving Operational ExcellenceMitch Ackles
This white paper is intended to provide a useful framework and guide for all Investment Management Firms.
Over the past 20 years the investment management industry, and specifically hedge funds, has achieved tremendous growth. As assets under management increased, so did diversification in strategies and investments. During that time investors have become very sophisticated in their selection of investments as well as the operational due diligence process. This growth and sophistication has reinforced the critical role of operational executives, and their teams’ responsibility to effectively manage the operational infrastructure. These are the people, functions and technology that are an integral part of keeping these firms thriving.
I have been on the operational side of the hedge fund business for 23 years, holding various senior positions. The first 8 years I had the privilege of being at Tiger Management, one of the premier firms at that time. The people I worked with were brilliant, the standards were high, the positive energy was contagious, and I felt honored to be a part of it. My background includes leading Global Operations for Tiger Management and Highbridge Capital, as well as having several COO positions for emerging managers.
I’ve witnessed and participated in the evolution of the operational side of hedge funds. In the early years hedge funds launched with mainly portfolio managers and traders, and relied heavily on their prime brokers to fulfill their back office needs. As assets grew so did the investment process, and subsequently, it was imperative to start building out an “operations group” within a hedge fund. Expansion from U.S. to foreign investments began, as well as diversifying from only equities and bonds to now including all types of derivatives and over the counter contracts. Also happening was the addition of multiple prime brokers to meet their “shorting” requirements. All these changes were occurring simultaneously.
The investment side of the business was growing so rapidly that the operations side had to quickly adapt to meet the challenge. As this expansion was happening the prime brokers were not as equipped to take on these new investments since their early model was built principally to support equity investments. Additionally, with hedge funds now engaging with multiple prime brokers, supporting them was even more challenging. Therefore, hedge fund operations, especially the larger firms, were taking back some of these functions from prime brokers to manage them more closely.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
This was presented at the AISA national seminar day. It is a helicopter view on how to implement a security strategy that is aligned with the business.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...XEventsHospitality
By Dhananjay Rokde, CISO, Cox & Kings Group
Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes.
He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’.
He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group.
He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
Business case for enterprise continuity planningWilliam Godwin
Executive brief outline for business continuity planning. This presentation also outlines the high-level steps to complete business continuity within your organization
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
There are three main factors that influence how information security is dealt with these days – (1) the presumed risk if we don’t do it (or do it badly), (2) the pace at which technologies and business styles change and (3) the lack of a structure behind any infosec activities.
It’s clear to me that these are just some of the challenges infosec teams must deal with nowadays. This talk will open the floor to a discussion of blockers, challenges and drivers discussing the evolution of the roles associated with infosec and later merging best practice recommendations with an infosec strategy to dealing with risks. Finally, once a strategy is adopted, the presentation will present some ideas on how to gauge progress– such that efforts to improve are both meaningful and measurable.
Overcoming Hidden Risks in a Shared Security ModelOnRamp
Risk management, compliance, and security are a shared burden between your organization and your vendors. Standards such as NIST (Publication 500-292) and regulations like HIPAA and PCI-DSS provide considerations for compliance and security but do not account for the nuances of your unique business or your infrastructure. Guidelines are written as though one party is responsible for compliance and security, but you rely on multiple vendors. Outsourcing can lead to ambiguous delegation of compliance responsibilities, lack of data governance and security practices, and difficulty in achieving data protection—ultimately risking non-compliance and leaving your infrastructure vulnerable.
Join our expert panel as they share insights into closing the gap on who’s responsible for what in data security and best practices for improving your security posture.
Takeaways:
Who owns the responsibility of compliance and security?
How to find and mitigate hidden risks in a 3rd party ecosystem
How to map your requirements to owners, policies, and controls
Expert recommendations for PCI, HIPAA, FERPA, FISMA and more.
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
This was presented at the AISA national seminar day. It is a helicopter view on how to implement a security strategy that is aligned with the business.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...XEventsHospitality
By Dhananjay Rokde, CISO, Cox & Kings Group
Dhananjay has an enhanced ability at managing global information security programs for large enterprises, with experience of Governance Risk & Compliance (GRC) unification & implementation programmes.
He has received the ‘Top 100 CISO Award’, ‘Future CIO Award’ and the ‘CIO Masters Award for excellence in Information Security’.
He is presently in-charge of the overall information & infrastructure security operations, risk management and compliance of the entire group.
He also has an advanced diploma in IT Cyber Laws & Data Privacy from the Asian School of Cyber Laws.
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
Business case for enterprise continuity planningWilliam Godwin
Executive brief outline for business continuity planning. This presentation also outlines the high-level steps to complete business continuity within your organization
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
There are three main factors that influence how information security is dealt with these days – (1) the presumed risk if we don’t do it (or do it badly), (2) the pace at which technologies and business styles change and (3) the lack of a structure behind any infosec activities.
It’s clear to me that these are just some of the challenges infosec teams must deal with nowadays. This talk will open the floor to a discussion of blockers, challenges and drivers discussing the evolution of the roles associated with infosec and later merging best practice recommendations with an infosec strategy to dealing with risks. Finally, once a strategy is adopted, the presentation will present some ideas on how to gauge progress– such that efforts to improve are both meaningful and measurable.
Overcoming Hidden Risks in a Shared Security ModelOnRamp
Risk management, compliance, and security are a shared burden between your organization and your vendors. Standards such as NIST (Publication 500-292) and regulations like HIPAA and PCI-DSS provide considerations for compliance and security but do not account for the nuances of your unique business or your infrastructure. Guidelines are written as though one party is responsible for compliance and security, but you rely on multiple vendors. Outsourcing can lead to ambiguous delegation of compliance responsibilities, lack of data governance and security practices, and difficulty in achieving data protection—ultimately risking non-compliance and leaving your infrastructure vulnerable.
Join our expert panel as they share insights into closing the gap on who’s responsible for what in data security and best practices for improving your security posture.
Takeaways:
Who owns the responsibility of compliance and security?
How to find and mitigate hidden risks in a 3rd party ecosystem
How to map your requirements to owners, policies, and controls
Expert recommendations for PCI, HIPAA, FERPA, FISMA and more.
Data Analytics Ethics Issues and Questions
Presented at the University of Chicago Booth Big Data & Analytics Roundtable, April 2018
Presenter:
Arnie Aronoff, Ph.D.
Instructor, MScA in Data Analytics
Instructor, School of Social Services Administration
The University of Chicago
Group Concept OD
Organizational Development and Training
(312) 259-4544
aaronoff33@gmail.com
Presented by
Records Managers within Law Firms have a tough job, providing and enforcing policies, building out defensible procedures and overseeing an information lifecycle program. Over the years process has changed, regulations have been tightened and expectations have heightened.
In this presentation, understand how Information Governance (IG) is playing a major role in the evolution of Records Management within Law Firms. Information Governance is a term being thrown around and many (or at least those brave enough to admit it) are unsure of what it really means. IG relies on automation, systems, tools and compliance to succeed. With records managers focus on risk avoidance, join us to better understand the new expectations of records managers to protect your firm as well as steps to implementing an IG Program.
Role of AI Safety Institutes in Trustworthy AI.pdfBob Marcus
Describes possible role of AI Safety Institutes collaborating to enable trustworthy AI. The key areas are External Red Team Testing and Incident Tracking Databases
The third edition of the BoardMatters Quarterly explores how big data and analytics emerge as game-changers for business. This edition also explores how we can tackle corruption, boosting internal control mechanisms.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Building Digital Trust: The role of data ethics in the digital ageAccenture Technology
Data is the biggest risk that is unaccounted for by businesses today. In the past, the scope for digital risk was limited to cybersecurity threats but leading organizations must now also recognize risks from lackluster ethical data practices. Mitigating these internal threats is critical for every player in the digital economy, and cannot be addressed with strong cybersecurity alone.
Another survey conducted in 2021 by the International Association of Privacy Professionals (IAPP) found that compliance with data protection laws such as GDPR and CCPA is the top privacy-related concern for organizations.
Three big questions about AI in financial servicesWhite & Case
To ride the rising wave of AI, financial services companies will have to navigate evolving standards, regulations and risk dynamics—particularly regarding data rights, algorithmic accountability and cybersecurity.
Opentext Managed XDR paves the way for CyberResilienceMarc St-Pierre
With damages from cyberattacks estimated to grow to 10.5 trillion dollars annually by 2025, organizations are looking to address:
- Proliferation of cyber attacks
- Increased pressure from regulation
- talent gaps and resource shortages
Learn more how OpenText can help. Quickly view now our Managed XDR infographic | OpenText.
With the proliferation of cyberattacks in recent years, it is essential to have a robust cyber security posture. Our Security Health Check helps you understand what improvements are needed to keep your data safe.
Our expert team conducts a thorough assessment of your organization's cyber maturity using industry recognized frameworks like NIST, identifies vulnerabilities, and makes recommendations to strengthen your cybersecurity defenses.
Our Incident Response Simulation equips your organization through a tabletop exercise with a strategic and rapid response plan for cyber incidents.
In today's climate, where government regulations are tightening and the need for compliance is paramount, having a rehearsed response plan is not a nice-to-have – it’s a necessity.
Ensuring cyber resilience presents different risk points and many challenges. Not all organizations possess the internal capabilities and expertise necessary to strategize, execute, and safeguard their attack surface. By identifying vulnerabilities, deploying tools, and educating users, cybersecurity services can make the digital environment safer for all.
Our Cyber Resilience FasTrak provides three flexible options for personalized
protection. Select the service that is right for your organization:
- Improve cyber defenses with a Security Health Check
- Uncover hidden threats with AI powered Threat Hunting Service
- Don’t be scared, be prepared with Incident Response Simulation
The OpenText™ Cyber Resilience Program (CRP) helps customers effectively reduce risk, preserve trust, and minimize disruption. From prevention, detection, and response to recovery, investigation, and compliance, we help organizations build cyber resilience. The OpenText holistic security portfolio of smarter and simple solutions can be tailored for individual needs.
Easy, pre-paid access to OpenText Cybersecurity Services to advise, guide, and assist.
MITRE ATT&CK framework and Managed XDR Position PaperMarc St-Pierre
Cyber attack surface has increased immensely with digital transformation and hybrid cloud adoption. Many Managed Security Services are only alert services, where 75 percent of businesses waste as much time on false positive alerts as they spend on legitimate attacks.
Everyone could benefit from an approach that ensures threat-informed detections cut through the noise to know what is actually on their network, endpoints, the cloud and beyond.
Everyone could benefit from OpenText MxDR.
https://www.opentext.com/solutions/managed-extended-detection-and-response
OpenText AI & Analytics Services and Solutions CatalogMarc St-Pierre
OpenText Professional Services team leverages more than 25 years of experience delivering solutions that meet customer expectations to unlock growth through business insight, transformation and additional customer value.
Our Certified OpenText consultants incorporate best practices and accelerates time to value with flexible customer solutions tailored to individual project requirements and broader business initiatives.
This catalog showcases AI and Analytics solutions that deliver value and business growth.
Cyber attackers are compromising enterprise IT environments with ever more advanced tools and sophisticated tactics. More than one billion malware varieties exist and the average enterprise encounters thousands of alerts every day. Security teams spend most of their time dealing with false alerts while real threats go undetected. Proactively hunting for threats that may have already penetrated requires resources they don’t have. It can take more than 200 days to identify and contain a data breach using conventional methods.
With the possibility of a security incident or breach, immediate decision making is required. It's imperative that organizations kick off immediately their IR Plan and bring all functions together.
The Incident Response Decision Tree can help you build your IR Plan or ensure that you have all decision makers ready.
Time is of the essence in an incident or breach. OpenText Risk & Compliance Advisory and DFIR Teams are available to help organization in their response. For more information on OpenText Security Consulting, visit: https://www.opentext.com/services/security
US Medical University trust OpenText to guard against cyber threats-en.pdfMarc St-Pierre
Healthcare, government and education institutions have become popular targets of cybercrimes, such as ransomware attacks.
Ransomware infiltrates a network and encrypts critical files. Attackers then demand a ransom payment to restore access to the data—averaging $812,000 per incident in 2021. Patient data makes a valuable hostage, so healthcare organizations are frequently targeted.
A major Medical University trusts OpenText to ensure its Cyber Resilience with multiple engagements with OT's Security Consulting Services: https://www.opentext.com/products-and-solutions/services/consulting-services/security-services.
OpenText offers Risk & Compliance Advisory, Managed Security Services (MSSP) and Digital Forensics & Incident Response (DFIR).
OpenText Managed Extended Detection and Response (MxDR)Marc St-Pierre
Uncover hidden risks and unknown threats in minutes, not days. A Managed Service that empowers your Security Operations with behavioral analytics that improves your Cyber Resilience. Features ability to ingest telemetry from endpoints, networks, clouds and other sources. Service that is 97% noise free, and simply not another altering service, by providing you with access to Threat Hunters, Incident Responders and Digital Forensic Investigators.
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
Managed detection and response (MDR) solutions benefit from investigative capabilities, particularly as derived and evolved from the digital forensic community. Buyers should thus include investigative experience as a selection factor when reviewing MDR offerings.
Whitepaper from TAG Cyber and OpenText on Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor.
Opentext Translation and Localization ServicesMarc St-Pierre
Communicate with customers, employees and vendors in more than one language
OpenText meets organizations’ translation and localization needs efficiently and with the utmost quality, regardless of the type, size, language or volume of translation needed.
Communicate with customers, employees and vendors in more than one language.
OpenText meets organizations’ translation and localization needs efficiently and with the utmost quality, regardless of the type, size, language or volume of translation needed.
In today’s increasingly competitive world, accelerated speed to identifying relevant and hidden knowledge, internal expertise and experience is critical to meeting client demands, securing new clients and cases, reviewing precedents and outcomes and leveraging collective IP for the strategic advantage. OpenText Decisiv instantly finds, organizes, and helps gain insights from your data for the competitive advantage. To learn more, email salt@opentext.com
There are many enterprise applications that can use taxonomies covering categories like enterprise content, web content management, e-commerce catalogs, directories, spend and procurement, product lifecycle management, digital asset management, behavioral targeting, enterprise search, and more. Discover, navigate, and manage content using metadata in an OpenText solution like Content Server, Documentum, eDOCS, Media Management, Search+ and others by organizing and identifying information with a tailored taxonomy.
The Professional Services Linguistic Consulting team is composed of talented computational linguists, translators and lexicographers who work with customers to help them organize content in a way that is logical, cohesive, comprehensive, and usable.
See the breath of taxonomies and services that OpenText can provide your organization. For more information, email salt@opentext.com.
The best enterprise information security solutions provide deep visibility into digital security and investigation of potential risk across all endpoints and devices as they emerge. They also allow for greater automation and contextualization of security events for faster triage, more informed decision-making, data loss prevention and effective remediation. To deliver the best, OpenText Professional Services provides consulting services in the areas of:
- Product Readiness
- Risk and Compliance
- Digital Forensic and Incident Response
- Managed Security Services
Seamless end-to-end solutions to address challenging legal content management, litigation, investigations and compliance matters with confidence and speed
Simply: Speed up the migration of information by classifying content and facilitating richer and more accurate migration process, thus minimizing the risks of delay and error.
In 30 days, OpenText will convert your idea into insight, using OpenText™ Magellan™ machine-learning and text-mining algorithms to unlock the hidden information in your data.
- Gain insight into your top business question
- Advance your business with machine learning
- Map your path to further explore your business challenges
1. 1/3
Digital Ethical
Risk Assessment
Cost effective review of ethical risks resulting from
largescale data collection and deployment of digital
solutions.
Service overview
Organizations are often being investigated by regulators and
can be the objects of lawsuits for mishandling personal data.
At the same time, they are deploying and developing artificial
intelligence (AI) as part of digital transformations to survive and
remain competitive. The result is increased reputational, legal,
and regulatory risks. The regulatory environment for digital
information is evolving and organizations should implement
risk-based governance processes that focus on digital ethics in
preparation for increased regulation of data collection, storage
and use.
A Capgemini report found that 70% of customers expect organizations to provide AI
interactions that are transparent and fair.1
Important questions to be considered:
• How much time and resources does it take to respond to a regulatory investigation?
• How many millions of dollars are spent paying a fine if found guilty or negligent of
violating regulations and laws?
• How many hundreds of millions of dollars does an organization needs to rebuild trust?
• How to attract sought-after talent that takes ethics seriously?
Identify digital
ethical risks and
sources
Prioritize risk
mitigation tactics
Get
recommendations
for efficient
adoption of
strategies
1
https://www.capgemini.com/news/ai-and-ethics-2020-report
2. 2/3
Digital Ethical Risk Assessment
OpenText’s Digital Ethical Risk Assessment systematically and exhaustively addresses
ethical risks that can lead to regulatory investigations and fines, lawsuits, and a damaged
brand. Areas to be explored in this service include evaluating the following risk categories,
all of which define key elements of a robust digital ethical risk program.
Identify digital ethical risks and sources
Potential ethical threats range from physical and mental harm to denying services such as
loans and mortgages to those deserving of them, to gathering people’s personal data and
using it in ways to which they did not consent to deploying discriminatory machine learning
algorithms. A company that is not organizationally aware of these compounding risks and
where they come from, cannot address them.
Prioritize risk mitigation tactics
Some ethical risks are greater than others. It is important not only that organizations under-
stand what their vulnerabilities are, but also which vulnerabilities risk near-term loss and
which risk great losses, and the intersection of those two categories so that appropriate
risk reduction measures can be taken immediately.
Be well-positioned to create a digital ethical risk program
Organizations need digital ethical risk programs to systematically and exhaustively identify and
mitigate their digital ethical risks. The program should not only cover IT, product developers,
and data scientists, but also HR, marketing, and more. Upon completion of this risk assessment
organizations are well positioned to take a systematic approach to protecting themselves
from losses arising from digital ethical risks.
While many organizations are struggling to define AI ethics let alone operationalize it,
OpenText has developed a clear methodology informed not only by those in cybersecurity
and governance, risk and compliance, but also by team members that have deep expertise
in ethics and digital ethics in particular. The OpenText teams have deep familiarity with, and
contribute to, the most cutting edge research and best practices in data and AI ethics. No
other organization has the experience in ethics combined with a cross-disciplinary approach.
Related services:
• Building and Implementing an AI Ethics Framework
• AI Ethics Advisory Services
• Privacy Capabilities Assessment
• GDPR Discovery and Analysis Service
Risk categories
Case study
A large retail organization with vast
amounts of data employed a large
team of data scientists and engineers.
There was a data governance program
in place, including a data governance
board, which owned the data risks of
the organization, including regulatory
and cyber risks. However, several ethical
challenges had presented themselves
and the board found themselves without
a way to structure or document their
deliberations and decisions.
OpenText worked with them to create
an AI Ethics framework that included
standards, methods of documentation,
an articulation of role-specific
responsibilities to maintain those
standards, and established KPIs to
track the scaling and sustainability of
the framework.
RISK CATEGORIES
AI ethics
guidelines and
leadership
Infrastructure
and process
Data
governance
Algorithm design
and selection
Transparency
Client and
partner buy-in