The 5 As of Innovation – Keeping MetricStream Ahead of the GRC GameRisk Management | 5 Min Read |15 July 21|by Pat McParland
One of the exciting things I’ve noticed since joining MetricStream recently is the high degree of what I think of as “ions”: Collaboration, Adaptation, Acceleration, Motivation.
We listen to customers, we flex fast to meet their needs, and we work hard together.
Above all, to belabor the “ion” metaphor, I’ve been struck by the degree of Innovation. Here are five areas of innovation that are driving risk management and GRC overall, and where MetricStream is taking a fast-forward lead. Let’s take a closer look.
APIs – Addressing Interconnected Risks Through Integration
If there is one word that describes risk management and GRC today, it’s “interconnected.” (I guess I should have said “intersection,” to stay with our theme, but you get the point!)
Risks and regulations are coming at us more quickly than ever, and they’re completely connected. As just one example, think of your third parties. We may think of “third-party risk,” but those third parties pose cyber, compliance, and reputational risks. New regulations drive policy. Policy drives compliance. And compliance drives corporate culture and behavior.
Enterprise risk and GRC is a sprawling web of interlinked risks and data – and managing it is, to say the least, a challenge.
That’s where APIs come in. They’re not a new concept – many of us were working with Application Programming Interfaces to connect applications 20 years ago. But today’s APIs enable you to seamlessly integrate and connect your internal and external data to see connections and link risks.
Connect your risk management application such as MetricStream to your internal data sources, applications, and relevant external content (such as security risk ratings, financial data, and much more) for the complete picture. You might even call that a… revelation.
Uncover Patterns With Artificial Intelligence and Machine Learning
Remember “big data” from a decade or so ago? It was quite the “sensation!” (I am on this roll now – I’d like to apologize, but it’s too fun.) In all seriousness, big data has only gotten bigger – apparently, we create 1.145 trillion megabytes of data a day, according to the internet. I don’t know how to visualize that, but we all know: it’s a lot.
Now imagine sifting through all that data to make risk decisions. Compliance with new regulations. Observations submitted by frontline employees. Third-party questionnaires. Even if it were possible manually, is that how you want to spend your time? Luckily, artificial intelligence and machine learning – which have also been on our collective radars for quite some time now – are coming of age and realizing their promises of intelligence, effectiveness, and efficiency.
AI and ML can quickly:
- Deal with large amounts of unstructured data. Picture comments and questionnaires, for example. How could you possibly examine them? AI and ML can quickly categorize, sort, and sift through them for answers and patterns.
- Apply learning analytics. AI can apply models and make predictions, just as a traditional risk model could – but more importantly, it can learn and change with the inputs, making the outputs highly predictive.
- Make recommendations. We’re all familiar with recommendations in our personal lives, like Amazon’s “you might also like…” AI can work similarly in risk management, running scenarios, and making recommendations based on your organization’s risk tolerance and behavior.
The full promise of AI, ML, natural language processing, and other neural techniques are just unfolding – but they’re starting to change the game in risk management. Stay tuned.
Adoption – The Power of Intuition
Wow, an “ion” twofer! However, we know it’s true – a product is only as good as its adoption. It will only be used if it’s intuitive, easy to use, and easy to roll out.
That comes down to a friendly user experience, onscreen and off – and at MetricStream, it’s one of the key themes we hear about. Today, risk management and compliance are what we call “team sports.” They stretch across the enterprise and involve employees from risk management and audit to the board – and on the frontlines. Without being able to easily implement and adopt a product, the ability to manage and control risk is severely compromised.
At MetricStream, we pride ourselves on providing a complete customer experience – from when you first sign up through implementation to an easy-to-use, modern, cloud-based interface. Whatever product you use, adoption is key. Look for a smooth experience – easy to buy, adopt, and use.
Agility – Move Fast and Iterate
One of my favorite movies is “Ferris Bueller’s Day Off.” Do you remember Ferris’s big quote?
“Life moves pretty fast. If you don’t stop and looking around once in a while you could miss it.”
Of course, he wasn’t talking about risk management (though he was clearly a master of it!) but he just as well could have been talking about GRC and risk management today. The speed of change, regulation, and risk is dizzying. Each ransomware and cyberattack we hear is more alarming than the last, from Colonial Pipeline to Kaseya Software. Governments are fast upping the ante on legislation and compliance. Suppliers and third parties are multiplying.
The only way to keep up with such change is to stay ahead and stay agile. The “As” and “ions” I’ve mentioned so far all add up to a fast approach – easy to adopt, integrate and use AI – but risk management as a thought process also needs to be agile. Policies need to be stored, managed, and rolled out in ways that adapt to new situations. (How did your work at home policy fare with COVID-19?)
Agility is a theme not just for software development but building a culture of risk management. We need to stay fast, flexible – and open to change.
Analytics – Apply Intelligence and Predict
Finally, let’s close with a theme we hear about daily – the importance of analytics. Once again, analytics in risk and GRC aren’t new. Most of us have probably been using credit risk models or algorithms for years. But today’s analytics are something else – powerful, adaptive, predictive.
- Where are your most risky suppliers?
- How can you analyze and model cybersecurity threats and vulnerabilities?
- How can you quantify your risk – whether cyber or enterprise?
Analytics, combined with data integration and AI, equip you to act on true insight – rather than spending your time gathering and trying to understand data. They elevate risk management to the strategic art and science it is – and provide you the visibility you need to make informed, risk-aware decisions.
I hope you’ve enjoyed our tour of GRC innovation – please reach out to see how MetricStream can help you address any or all of them with a personalized demo. Thank you!