A pervasive and forward-looking approach to risk management, supported by an agile and integrated technology infrastructure, are key to achieving superior risk performance in today's highly dynamic risk environment.Download a Insight
The risk environment is rapidly mutating, following global events such as Brexit, as well as political and regulatory uncertainty in the United States. These shifts are keeping the board and risk department on their toes, prompting them to adapt to the changing nature of risk, and develop a truly resilient organization.
Today’s risk management professionals have to be strong, agile, and ready for every possible eventuality, ranging from the evolution of technology, to regulatory reforms and political changes. They may not be able to predict future outcomes, but they have to be prepared for disruptive changes by strengthening their enterprise risk management practices.
For a long time, traditional risk management focused on a prescriptive approach rather than being a true business enabler. However, with rising threats, the scope of risk management is evolving to include cyber security risks, vendor risks, non-compliance risks, and others. The need of the hour is to adopt a proactive and cohesive approach to risk management, supported by a fully integrated technology infrastructure which can offer risk professionals a holistic view of risk across the organization, as well as better visibility into emerging risks.
A Simple Approach to Pervasive Risk Management
An effective risk management framework conforms to defined organizational objectives which clearly state what is to be achieved. There can be multiple risks in an organization arising from multiple complex products, processes, and external factors. All these risks need to be clearly defined in line with organizational goals and objectives. Moreover, risk data needs to be stored in a centralized risk library which provides the details of every risk relevant to the organization. Each of these risks should be assigned an owner responsible for managing and mitigating the risk by defining appropriate controls. He or she should also be responsible for evaluating these risks based on their monetary impact and likelihood of occurrence.
The above framework for risk management should be supported by a simple, yet effective technology platform that overcomes the chaos and challenges of traditional spreadsheets and legacy systems. This platform should support the consolidation of risks from across the enterprise, as well as a federated data model that helps users define many-to-many relationships among the risks.
Another important factor is flexibility - the platform should be flexible enough to support different risk calculation algorithms and methodologies, and then roll up the risk assessment results in line with the organizational hierarchy. It should also support an intuitive and personalized user experience, and drive effective decision-making by providing real-time risk insights through advanced risk analytics.
With these risk insights, management gains a better understanding of the organization’s risk profile. Better risk visibility also fosters a pervasive risk culture where each individual understands the risks involved in his or her respective business functions, as well as the impact of these risks on the achievement of organizational objectives. The Internet of Things (IoT) makes risk management even more pervasive by enabling risk professionals to manage and view risk information from their connected devices, thereby weaving risk management into the fabric of the organization.
Tenets of an Effective Risk Management System
1. USER EXPERIENCE
3. MOBILITY AND LAYERING
4. REPORTING AND ANALYTICS
- User Experience
As technology advances, risk management applications are becoming progressively more complex with an increasing number of features and functionalities. Consequently, user interfaces tend to get cluttered and inefficient. The design of a risk management application or system should be user-centric to ensure that any number of risk management tasks can be dealt with in a cohesive and efficient manner.
The system should also be built keeping in mind that no two users are the same - each one will have their own preferences and requirements, and each will have to be enabled to complete their respective tasks in the easiest and most intuitive way possible. This approach will not only ensure an engaging, personalized, and holistic user experience, but will also help the organization increase the adoption of the risk management system across multiple entities, regions, and business units.
The effectiveness of a risk management system depends not only on the business logic embedded in it, but also the ease with which it can be maintained and configured to meet the organization’s requirements. A truly robust system provides the flexibility to run on different operating systems and environments. At the same time, it enables new business functionalities to be added through Graphical User Interface (GUI) based tools and utilities.
These tools should be simple enough for business users to add new risk management forms and fields, modify the scoring and rating logic for risk calculations, configure embedded workflows, and create personalized risk management dashboards and reports. Such tools help ensure that the risk application meets the requirements of the organization, both in terms of functionality and end user experience/ preferences.
- Mobility And Layering
Today’s risk management professionals need to have access to risk data whenever they want, wherever they want, and however they want. Many of them no longer stick to a particular device, and are more likely to have their five-inch smartphones at hand rather than their laptops. The technology behind risk applications has to keep pace with this changing dynamic, and support a comprehensive multi-platform strategy.
Purpose-built risk management applications, which can be accessed through mobile devices with integrated GPS capabilities and cameras, can significantly improve the productivity of risk assessments. A portable device gives users the freedom to perform risk and control assessments across multiple locations, based on their own convenience. A truly multi-device enabled risk management system provides an intuitive and engaging user experience across devices, operating systems, and platforms. In doing so, it helps organizations embed a pervasive culture of risk management in their day-to-day operations.
- Reporting And Analytics
The sheer number of processes, risks, controls, tasks, and deliverables involved in risk management can be daunting for any organization. Often, many of these risks may not be readily visible, risk factors may not be easily understood, and emerging risks may not be easily identifiable. These limitations make it difficult for risk managers to gain an enterprise-wide view of risks, and develop an effective strategy to respond to those risks.
A risk management system with advanced analytical capabilities can help overcome these challenges by making it possible to measure, quantify, and predict risks with greater certainty than before. It can help collate risks from multiple areas of the organization, and set a uniform scale for risk managers to measure, view, assess, and mitigate these risks. This consistent and integrated approach to risk management enables the board to effectively incorporate risk considerations and factors into strategic decision-making.
The design and architecture of a risk management system should be integrated, yet modular to support both small-scale local implementations, as well as large and complex global transformations where a phase-wise implementation of modules optimizes deployment costs and timelines. The system should have a federated and centralized data model to help standardize the risk taxonomy across the enterprise. Implementing a single authoritative source for risk data helps ensure data integrity and accuracy - it forms the bedrock for meaningful risk reporting, and provides valuable risk insights.
A robust architecture helps ensure faster and better performance for risk professionals, while providing the security to guard against malicious attacks and vulnerabilities. It also offers a seamless experience across multiple operating systems and devices, and enables advanced integration with third-party applications to drive a holistic approach to risk management. In other words, an architecture that is faster, leaner, and ready for the future strengthens risk strategy and governance, and helps enhance the risk management culture across the organization.
As risks continue to emerge and evolve faster than ever, risk professionals have a two-fold responsibility - to guard the organization against taking excessive risks, while also enabling the organization to catalyze on opportunities. A pervasive and forward-looking approach to risk management, supported by an agile and integrated technology infrastructure, are key to achieving these objectives. Companies that have the tools to foster an intuitive, flexible, and mobile risk management process that provides the risk intelligence needed to support strategic decisions, are well-positioned to thrive and drive superior performance in the risk environments of today and tomorrow.