Do a Technology Risk Assessment to Protect Your Shop

The road to protecting your shop’s information starts with a technology risk assessment that identifies areas to protect and areas to consider public knowledge.


Facebook Share Icon LinkedIn Share Icon Twitter Share Icon Share by EMail icon Print Icon

State-sponsored hackers, ransomware agents, corporate spies and corporate espionage campaigns are attacking today’s manufacturing technology environments. In most cases, the bad actors never announce themselves. They gain unauthorized access to systems through well-hidden malware, quietly sitting on network devices, watching and recording traffic, data and information to steal or provide them a competitive advantage. In some cases, systems are being used to stage attacks on other organizations or store data for future use. How can a mold shop protect itself from becoming a victim?

With the ever-evolving and diverse range of technology within today’s mold shops, threats to your information are already in place or can be introduced at any time. Executives and company leaders must consider the implications of technology reliance on the organization. They must ensure their organization and customer data is protected and stays confidential, with the integrity intact, while also remaining accessible within the organization.

Three key issues molds should evaluate during a technology risk assessment:

  1. Ability to control cybersecurity.
  2. Ability to upgrade or replace systems. As shops look to stay relevant, they will need to assess their current systems to ensure they are providing an optimized solution. Shops need to upgrade old and outdated systems to newer versions and technology.
  3. Ability to align operations with technology. Today’s business technology needs are quickly outpacing a mold shop’s information technology functions. Executives need to ensure their organization meets the demands of their technology user base to ensure sustained levels of productivity.

Mold shops must not only assess their needs but their technology risk. Without assessing the risk associated with that technology, they may be unaware of potential financial and reputation damage. Privacy issues and cybersecurity breaches often become highly publicized incidents, which can affect your shop’s perceived integrity. Therefore, it is vital that the appropriate controls are in place to protect the confidentiality and accessibility of private information. 

Mold shops must not only assess their needs but their technology risk.


Risk Management Essentials

The risk management cycle is continuous and iterative. It begins with a shop identifying the risk universe by reviewing its broadest risk areas. Once they identify the root causes, they can develop action plans to mitigate these issues.

The basic steps of the risk management process include:

1. Identify the opportunities for risk within the shop.

2. Prioritize and filter the universe to quantify the impact, probability and risk tolerance.

3. Evaluate the prioritized risk items within the universe to determine remediation or mitigation strategies. During this evaluation:

  • Develop a corrective action plan to eliminate or mitigate the risk.
  • Determine steps to reduce risk to an acceptable level.
  • Determine whether to transfer the risk to another lower-priority process.
  • Determine whether management has a plan to accept the risk.

4. Monitor each identified risk item in the universe for events or prompts that indicate a change in the risk environment or control infrastructure.

5. Revalidate risk for changes or additions in the risk universe.


Technology Risk Assessment Timing

A shop can perform a technology risk assessment at any time, but there are certain indicators for the most appropriate time. Here are some suggestions:

  • Annually to support the development of a multi-year, risk-based technology audit plan.
  • When new technology risks or challenges are introduced into the business or technology environment.
  • When organizational changes occur.
  • Along with strategic actions such as mergers, acquisitions, outsourcing or off-shoring.
  • During operational initiatives including organizational restructuring, changes in technology use and new applications of technology.
  • When market condition changes such as growth, globalization, downsizing or stagnation.
  • When the use of technology is reactive and is not keeping pace with business demands.
  • When new or updated mandates are introduced (Sarbanes-Oxley, privacy, cybersecurity or internal controls regulations or industry standards).

A shop can also use a risk assessment for technology optimization, process improvement, resource focus, valuation services and due diligence reviews.


If your business has not performed a technology risk assessment, or if an existing assessment is more than a year old, now is a good time to contact your advisor.


Without a technology risk assessment and the corresponding remediation or mitigation actions, a shop may be vulnerable to an increasing range of threats that may result in legal liability, financial impact, regulatory non-compliance (state, federal, international), reputation damage, diminished resiliency, reduced reliability or lack of integrity.

The vulnerabilities uncovered by a technology risk assessment if not mitigated could also result in a decrease in your tool shop’s valuation, impacting stock value, equity, borrowing power, liquidity or a potential merger or acquisition. Vulnerabilities could also disrupt strategic alliances, joint ventures or result in a loss of client revenues.

Technology risk assessments are key components of risk management, and they are essential to identifying the danger zones in your business and effectively control these risks. Regularly scheduled technology risk assessments should be used to update risk management plans and programs and to monitor the progress of the organization’s overall technology risk management program.

If your business has not performed a technology risk assessment, or if an existing assessment is more than a year old, now is a good time to contact your advisor.

About the Author

Timothy M. Grace, CIA, CISA, CISM, CRISC, is the director of technology risk advisory services for Mueller Prost. Michael J. Devereux II, CPA, CMP, is a partner and director of manufacturing, distribution and plastics industry services.



For More Information


Mueller Prost