Platforms that provide a single view of enterprise risk, automating data collection and analysis, are fast becoming essential
Risk has never been so complicated. It can arise from almost every part of the business and involves anyone from the chief executive down to an intern with an itchy Twitter finger. What’s more, the rise of cloud services means third-party suppliers are now connected to vital systems and data.
Meanwhile the emergence of machine-learning, blockchain and other cutting-edge technologies, along with an increasingly volatile geopolitical situation, has introduced further complexity into the risk environment.
Next-generation governance, risk and compliance systems are more than capable of integrating data from across the business and automating day-to-day risk-monitoring, tracking and documentation
These risks are all interconnected and constantly evolving. If they’re not properly managed, they can easily snowball across multiple departments and geographies, wiping out confidence in the business, and potentially destroying it altogether. Yet many businesses still attempt to tackle these multifaceted risks with spreadsheets and annual risk assessment reviews.
“Many risk management platforms evolved from point solutions,” says Sergiu Cernautan, senior director for product strategy at ACL. “They’re built on legacy technology by vendors with antiquated approaches to software development. As a result, many companies manually and painstakingly cobble together a risk programme using spreadsheets, and those quickly become outdated and filled with errors.”
What might work for one department can also hinder data-sharing across the entire enterprise. “Departments like legal, compliance, internal audit or cybersecurity usually work in isolation from each other,” says Mr Cernautan. “They use different risk methodologies, scoring systems and tools. It can be difficult to get them aligned around a single approach in a single platform.”
A chief information officer needs to aim for developing a technology ecosystem that can handle the complexity of today’s risk environment. Systems that can pull in data from across the enterprise, providing the executive team with a bird’s‑eye view of the entire risk plain, are fast becoming essential. And ideally as much of this process as possible should be automated.
Thankfully next-generation governance, risk and compliance (GRC) systems are more than capable of integrating data from across the business and automating day-to-day risk-monitoring, tracking and documentation. Refinitiv’s Connected Risk platform, for example, features automated data gathering tools, and can easily integrate with legacy systems and draw information from third-party sources to create a single view of risk across the enterprise.
Solutions such as Tracker Networks’ Essential ERM (enterprise risk management) platform include functions that “cannot realistically be done properly without some form of automation”, says Jason Doel, executive vice president and chief operating officer of Tracker Networks Inc. For example, automated tools are used to help quantify a company’s risk appetite, how much risk a company wants to take in pursuit of its goals and risk thresholds, and provide reports to boards and executive teams to help them monitor the balance between risk and opportunity in day-to-day operations.
Other automated tools can track changes in important metrics such as interest rates or social media scores, notifying the relevant people when certain thresholds are exceeded. Automated reminders can also be sent to those responsible for a particular action item and escalated if it’s not resolved in a timely manner.
When it comes to the risk-voting process, gathering risk scores for elements of individual risks from business leaders and subject-matter experts across the organisation, many ERM and GRC solutions feature built-in voting functions that can automatically produce reports and tables.
Robotic process automation and machine-learning can help collate and analyse unstructured data, for example emails, presentations, videos and photographs, from across the enterprise. ACL’s GRC platform even comes with pre-built bots that can monitor IT user-access rights or perform regular financial reconciliations and kick off automated workflows when red flags are identified.
According to Mr Cernautan, automation can cut through the noise resulting from the massive amount of data many enterprises now generate. “It flags anomalies, outliers or issues that require human judgment or intervention,” he explains. “It removes subjectivity by assigning quantitative values to risk in real time. In turn, this helps risk professionals stay focused on the most pressing issues and make strategic, data-driven decisions at the speed of risk.”
Once data has been pulled in from across the enterprise, artificial intelligence (AI) and machine-learning tools can sift through it to identify patterns and relationships that a human may not even notice. However, Mark Turner, managing director of Emsity Limited and a certified risk manager with the Institute of Risk Management, notes: “Unconscious and conscious bias within the datasets used to train machine-learning algorithms are a critical challenge to risk management and have the potential to undermine the profession as it becomes more reliant on automation.”
Despite this challenge, automation and machine-learning tools are sure to play a big role in any risk management technology ecosystem of the future, both in terms of gathering data and analysing it. Indeed, 67 per cent of risk managers view AI as a foundational change within their profession, according to a 2017 study by the Global Association of Risk Professionals. Given that the risk environment seems to be growing more complex on a daily basis, it’s a change that can’t come soon enough for many firms.To find out more about the risk management technology ecosystem of the future, download Rethinking Risk Data Management.