Managing Risks


With high sunk costs and unpredictable returns, risk is a critical issue for the film industry, both creatively and economically. Movies are subject to highly uncertain demand, and film producers must address the consumption risk even while projects are still in their development phase.

The film industry has a wide range of risk management practices to minimise exposure to demand uncertainty, balancing them with strategies for capitalising on upside potential.

ISCA similarly monitors external risks in the fast-changing economy. While we cannot predict the future, ISCA has risk management and sustainability initiatives that prepare our members and the Institute to face unforeseen challenges.

Staying Member-Focused

Disruptive technologies are changing the way we live and work, and industry leaders are leveraging technology to maintain a competitive advantage in a crowded market. The accountancy sector needs to be agile to stay relevant, and proactive when it comes to digital transformation by embracing and investing in technology. ISCA is doing its part in working with stakeholders in the accountancy sector to explore opportunities for the profession to innovate and grow in the digital era.

The accountancy profession has seen some dramatic technology-led changes over the past few years, including the automation of routine accounting functions, cloud accounting and the development of AI, and this trend is set to accelerate.

To be relevant in the digital age, ISCA encourages continuous learning and upskilling among our members.

We have developed learning roadmaps for professional accountants in business and those in SMPs. We continue to support accountancy professionals in their development of soft skills, such as creative thinking, emotional intelligence and collaboration, which are crucial in Industry 4.0.

Apart from our classes and seminars, we also provide over 400 e-courses in our CPE e-learning library for our members to acquire new skills at their own time and convenience so that they are equipped for the digital economy.

Cyber and Data Security

In today’s digital landscape, cyber and data security are paramount. Data breaches come with immense monetary and reputational costs. ISCA faces the same cyber risks that now confront most businesses – increased global cybersecurity vulnerabilities, threats, and more sophisticated and targeted cyberattacks, which pose a risk to the security of systems and networks, and the confidentiality, availability and integrity of data.

ISCA has procedures and policies in place that account for the most prominent risks and implements a holistic cybersecurity strategy to ensure data security and privacy. Among them are access-restricted systems and an encrypted database. We also conduct regular reviews and enhancement of our policies and internal processes to mitigate risks associated with data breaches, as well as monthly vulnerability scanning, and annual penetration testing on our applications, networks and servers.

The Institute has also enhanced our perimeter security using advanced automated threat detection and response against a variety of threats, including malware and ransomware, with 24 by 7 managed services to detect possible threats, and protecting our user access control with multiple factor authentication.

The Institute also provides the latest cyber information and known data breaches or threats to all staff, and ensures all members of our ICT team undergo security training. To promote a culture of vigilance when handling personal data, we hold regular briefings to our employees on the policies related to the Personal Data Protection Act (PDPA). Our employees have attended training courses related to the PDPA. We also send email reminders to employees about our personal data protection policies, such as encrypting and securing files containing personal data.

We encourage good password hygiene among our staff as a simple but consequential way to prevent data breaches, and to remain vigilant against phishing scams and other malicious communications that invite devastating ransomware attacks.

Attracting and Retaining Talent

Attracting and retaining motivated, passionate and dedicated staff is crucial to the growth and success of the Institute, and thus a strategic issue for ISCA.

Workforce planning and ensuring a sustainable talent pipeline is part of our comprehensive talent management strategy.

We recognise that if individuals are to remain valuable to our team, they need to continue to strengthen their skills and acquire new ones to be futureready. Hence, ISCA continually focuses on training and developing our staff for long-term success, and supports each individual’s career aspirations, as appropriate. We take steps to retain critical and top talent, and ensure that each member of our team is recognised for their achievements, treated with dignity, and has a healthy work-life balance.

Managing Reputational Risk

Reputation is one of the Institute’s most valuable assets. The perception of ISCA in the minds of our members, regulators and other stakeholders is vital to our success and the trust and relationships we have built with them.

Managing this strategically starts with building an accurate picture of our strengths and weaknesses to quantify the impact of identified risks on our reputation and to create a baseline for measurement and improvement.

ISCA has in place a continuous process for detecting and managing issues that can affect our corporate identity and reputation. We also manage, protect, and improve our reputation through sound corporate values and robust policies and processes to identify, assess and respond to risks in a manner that is consistent with the Institute’s culture.