Other parts of this series:
In the first blog in this series, we introduced several challenges facing modern risk management functions and the need for a new approach – Integrated Risk Management or IRM – to reap the benefits that are unlocked by making data and information across risk management activities abundantly available, using innovative technologies and shifting mindsets across the organization. In this blog, we’ll look at some of the steps that risk management teams need to take to realize these benefits.
We see six key initiatives that leading risk management functions should take to reap these benefits:
- Migrate to the cloud. Cloud is one of the most impactful innovations of our time, changing how businesses operate, compete, and create value for their stakeholders.
- Transition to data-driven risk management. Organizational risk management decisions are shifting from opinion-based logic to a hybrid of data-driven and opinion-based decision-making, enhanced by forward-thinking predictive capabilities using Artificial Intelligence (AI) and Machine Learning.
- Integrate risk management functions. Technology integration and a cohesive, data-sharing structure across an organization’s risk ecosystem is needed to realize the advantages provided by new and powerful technology solutions. Changes required for integration would be both virtual and physical, in most cases (e.g. reorganizing resources and functions, physical systems integration, revisiting access and entitlements to promote better sharing of information and data, consolidating / migrating to a common GRC platform).
- Continuously monitor organizational risk. Transitioning from a traditional, intermittent or periodic monitoring model to a continuous monitoring program has been challenging for many organizations historically. A cohesive data structure with mature, standardized risk processes and artificial intelligence capabilities can enable real-time monitoring, and response with little to no intervention.
- Implement a smart working model. The recent transition to primarily virtual and remote business operations has underscored a need for a new, better working model that is empowered by the latest technology. Use of secure mobile interfaces and remote capabilities are now required in mature risk management organizations, creating the flexibility that is needed to achieve business objectives in an ever-changing environment.
- Re-engineer existing enterprise platforms where it makes sense. Existing software may be able to support governance, risk, and compliance efforts without a complete IRM ecosystem overhaul. This would not apply to situations where a platform no longer meets the needs or strategy of an organization.
New Capabilities Needed
Changing the lens from the six areas above to the four, fundamental dimensions of people, processes, technology and data, there are also new capabilities that are required for achieving successful IRM:
People: User experience has become a critical success factor of any IRM program, driving adoption of both process and technology solutions. Adopters of IRM are increasingly demanding simple, intuitive interfaces that allow them to do their job quickly and effectively. Chatbot/mobile assistants and mobile capabilities are making it easier and enjoyable to perform activities from practically anywhere, thereby driving higher levels of engagement and passion for risk management.
Processes: Traditional risk management processes tend to be siloed, complicated and manually intensive, resulting in piecemeal risk management that leaves organizations exposed. Processes should be designed to allow for flexibility and configurability to accommodate changes in the business environment. Use of robotic process automation (RPA), technology solutions that provide configurable workflows and entitlements can facilitate cross-functional responsibility sharing, continuous monitoring capability and awareness across all risk management activities.
Technology: On-premise environments with embedded legacy applications, lack of integration, and high maintenance costs are all common technology hurdles. To solve this, organizations have been looking to free up physical and monetary resources by moving to the cloud and software-as-a-service (SaaS) models. Transitioning to IRM is mostly about business capability, but it also offers the benefit of allowing organizations to revisit their technology strategy. This is needed to assist in the use of latest and greatest technologies, which are typically built with open source and run on open architecture. Sometimes IRM also provides the opportunity to start with a clean slate when the current ecosystem is highly customized, complex, and may require significant effort to transition from.
Data: Data quality remains a paramount prerequisite for organizations and should be addressed as part of any IRM initiative. Additional challenges are presented by nonstandard data practices, inflexible data reporting and analytics capabilities, and siloed data. To achieve IRM, the new imperative requires normalization and centralization of data to enhance reporting and analytics capabilities and streamline business operations. Furthermore, integration that is a hallmark of IRM helps increased use of predictive and visual analytics, rules-based data normalization, and centralized data lakes and warehouses.
Taking the right organizational steps and putting needed capabilities in place creates the foundation for a dramatically different kind of risk management. In the next blog in this series, we will examine in more detail how the future of IRM might look.