As organisations reimagine their approach to risk to be fit for today’s complex, interconnected risk environment, embracing the power of technology, and in particular tech-driven data and analytics, is a key advantage.
Technology is a vital line of risk prediction and defence. Good governance, risk and compliance (GRC) technology can provide the foundations for robust data collection, analysis and reporting. Organisations will also need to ensure their technological measures include safeguards to process data ethically and protect against increased exposure to malicious activity.
Organisations need to be able to collect data from multiple sources – such as customers, suppliers, Internet of Things, and business departments (finance, marketing, HR etc.) – and bring it together on one integrated platform, serving as a ‘single source of truth’.
This data needs to help leadership to see expected and unexpected risks in real time, to help drive more informed strategic decisions.
Data in today’s business world is ubiquitous – but quality, robust data filtered through clear frameworks is rare.
To get the most out of data for identifying and predicting risk, the governance underpinning the collection and analysis of data is vital.
Quality data not only helps organisations to see risks, but enables them to easily provide risk or compliance-related information to regulators.
This quality data can be used to help organisations be on the ‘offensive’ when it comes to risk management – which is much more effective than the traditional ‘retrospective’ or ‘reactive’ approach.
Being on the offensive means having useful, reliable data that shows up known and potential risks early, and can be used to help make decisions that protect the organisation.
These early insights can help drive better decision-making for the business, resulting in superior outcomes for customers and employees.
Data needs to be accurate, reliable, standardised and ethical – in other words – as free from bias as possible.
Customer outcomes improve … a core benefit of having an offensive data strategy
Customers today are savvy in terms of how organisations collect and use data – they want their data used to ensure they are getting more tailored services.
Key to capitalising on this is gathering and analysing data on customer sentiment and efficacy. Gathering data on every interaction with the customer across all points in the lifecycle means risks can be spotted, and decisions can be made to enhance the customer experience which in turn means a happier, more satisfied customer.
For example, if customer data is analysed through a risk lens, it may highlight an increasing churn rate – a potential threat to sustainability. This early insight can be turned into an opportunity to find out what is causing the churn, and to implement solutions to turn things around.
... And so do employee benefits
Employees can also benefit from an offensive approach to data. By bringing in new technology and data and analytics capabilities, risk teams can become strategic partners to the business, freeing up employees’ time to add deeper value to the organisation in other ways.
Change management is critical when bringing new tools and techniques into the business,. As much as technology and data are vital, so too are people, and employees need to be taken on the change journey.
It must be noted that as organisations engage with data to help prevent risk – they can also be exposed to additional risks. Since 2018, there has been an alarming increase in data breaches, from small organisations through to the large data-centric organisations we trust in every day. Most notably, sensitive data relating to 50 million Facebook users was used to build fake psychological profiles to influence their political voting preferences by Cambridge Analytica.
As we shift to an environment where data is fast becoming an intangible asset, organisations will need to take technical measures to integrate preventative controls to safeguard data, raise awareness across all levels of an organisation and ensure a data strategy is adaptable to the privacy challenges ahead.
Volume and speed also adds risks elements. Every time data is moved from point A to B – cyber risk exposure is possible.
When an organisation wants to embrace data for risk, it helps to assess its current level of data sophistication, and to map out the steps to data maturity.
KPMG can help establish where an organisation sits on this data maturity curve. As a starting point this could mean identification of disparate sources of data and truth or systems that are not ‘talking to each other’ to provide any real value or insights.
We can help progress the business to develop robust, ethical, and integrated data that can be used to get on the offensive with risk.
Organisations can quickly start generating benefits of effective data for risk management – not only for their own security and compliance – but to ensure they are acting in their customers’ and employees best interests.
KPMG works closely with organisations to build robust frameworks that help mitigate the risks inherent in data. We can link these risk mitigation factors to the appropriate executive accountability. We also apply our better practice Data Management and Privacy methodology to identify the grey areas in data uses.
There is often a mismatch between the perceived maturity of privacy compliance and the operational reality. Without good data governance, data collected remains at risk without any ability to detect or manage a potential privacy breach.