Managing IT risk to spark fresh hires

PUBLISHED : Friday, 15 June, 2012, 12:00am
UPDATED : Friday, 15 June, 2012, 12:00am


The development of the internet and its growing role in business increasingly expose enterprises to all kinds of threats. IT risk management, which tries to minimise, monitor and control the financial and business impact of unforeseen events, has been developing in leaps and bounds, surging at each important milestone such as the dotcom boom, Y2K (when computer programmes had to be upgraded before the year 2000), and September 11, when IT risk management was again closely examined as part of companies' business continuity plans.

Most recently, development has been legislation-led, influenced by the US Sarbanes-Oxley Act aimed at more stringent corporate accounting, and demand for better security and privacy of personal data in Hong Kong.

'The market is hot,' says Peter Koo, partner of enterprise risk management with Deloitte China. 'From 2012 onwards, we can foresee cloud computing kicking in and there will be another internet boom, with lots of opportunities to work on risk management as companies try to get everything centralised and virtualised. Security is the major reason why executives are hesitant to proceed with changing the infrastructure over to cloud computing. This may lead to high demand for security consulting.'

Deloitte has over 1,000 risk management consultants in the Greater China region, out of more than 10,000 risk management professionals around the world. Hong Kong and southern mainland China contribute 250 staff. The firm primarily serves the financial community and public sector because of their strict regulatory and compliance requirements.

Deloitte hires over 100 fresh graduates every year in the field of IT risk management in China, including Hong Kong. The three-year training schedule offers several options. Those skilled at accounting are trained up in those traditional skills, and receive IT training in their third year.

Others will start from scratch, receiving risk management foundation training including learning business consultancy and technology skills. In the third year, they can specialise in security, privacy or IT internal audit.

Cantonese, Putonghua and English are among the requirements as staff often work with companies or counterparts on the mainland.