Other parts of this series:
The current business environment has exposed the need for firms to prioritize and implement significant changes in the way they think about and manage risk. This blog represents the first in a series that would focus on how firms can raise the bar on their risk management programs to seek better, holistic, integrated risk management (IRM).
If you haven’t taken a close look at your risk management program within the last few years, it’s likely insufficient to meet today’s needs. Risk management has evolved and matured dramatically over the last decade, but even more so in recent years with the proliferation of newer and better technology solutions to establish more effective risk management and regulatory compliance. One of the key factors in this maturation is an ongoing push towards Integrated Risk Management (IRM), driven by both internal and external factors.
At the heart of (IRM) is a shift in mindset, supported by the enhancement of current technologies as well as a new breed of solutions. These new solutions are generally cloud based solutions that promote interoperability and faster, agile risk management.
The new concept of IRM is focused on data and its use to provide greater visibility into risk and facilitate better decision-making. Every risk domain is affected – enterprise, operational, financial, compliance, to name a few
Along with rapid technological evolution, a number of internal and external factors are driving organizations to evaluate and upgrade their IRM ecosystems, including, in no particular order:
- Regulatory scrutiny. Regulatory change and complexity creates a need for better risk management technologies to improve compliance.
- Business change and complexity. Ever-changing business environments recombine people, process, and technology, creating a maze for effective risk technology.
- Integrated risk framework. There is increased understanding of the need to make risk-informed and risk-based decisions across the business.
- Future-proofing. Organizations with legacy and/or custom-built platforms may need greater flexibility and re-alignment to business objectives.
- Cost reduction. There is greater pressure to improve profitability while strengthening risk management and controls through innovation such as automation and analytics.
- Customer–centric models. End-user experience and feedback creates the need for a more engaging user interface.
Together, these drivers are impacting organizations in a number of ways. Firms are being forced to adopt more robust risk monitoring and measurement, stress testing and reporting. They need solutions that are both user-friendly and secure in flexible work environments: the business needs to prioritize strategy to consolidate and harmonize systems and data. They need more cost-effective technology solutions that are aligned with the organization’s business objectives and with its risk appetite. They need to both mobility and the flexibility necessary for improved engagement and personalization. These are just a few examples.
The new concept of Integrated Risk Management focuses on data to provide greater visibility into risk and facilitate better decision-making.
The Challenges in Realizing IRM Technology Benefits
Given the challenges presented by the current business environment, perhaps it’s not surprising that many organizations are struggling to realize true IRM and the benefits that it brings. Tellingly, 72 percent of financial services risk managers surveyed by Accenture say that complex, interconnected new risks are emerging at a more rapid pace than ever before (source: https://www.accenture.com/us-en/insights/financial-services/global-risk-study). There are complexities and obstacles that span people and culture, processes, technology, and data. Some of the many challenges include:
- People: The small percentage of organizations reporting success in building a data-centric and data-literate culture, have a fluid workforce equipped with the right skills. The lack of an enterprise strategy and C-level sponsorship for IRM can amplify these problems.
- Process: Companies have standardized processes across many risk functions, but many have not yet addressed implementing the technology to support these processes. Non-standardized risk processes with one-off customizations can result in difficult implementations of capabilities such as machine learning.
- Technology: Outmoded legacy tools from the GRC era have made it difficult to implement IRM across an entire risk organization. An additional complication is that risk organizations have historically operated in silos, with different technology solutions supporting individual risk functions. The resulting ecosystem looks more like a maze than a coherent blueprint.
- Data: Poor data quality results in only a third of firms trusting their data enough to use it effectively and derive value from it. Companies also find it hard to control and manage data at scale, inhibiting their ability to operationalize and use it for strategic purposes.
In the next blog in this series, we’ll examine how firms are taking needed steps to reap the benefits of today’s Integrated Risk Management capabilities.