Thanks to the advancement of digital technology, Risk Management functions and corporations have gained many benefits. The burden on Risk Managers is largely lifted by diverse types of risk solutions that enable them to monitor risk and assurance activities across different business units and processes in their organisation.
The business landscape is continuously changing and in order to stay relevant, risk professionals have to envision how their role will look like in the future: How can we further develop and generate the maximum benefit from the use of technology within Risk Management?
As risk professionals gradually reposition the role of Enterprise Risk Management in the organisation, the use of cutting-edge technologies and techniques will accelerate, particularly on the following corridors:
1. Understanding of risks
Organisations ideally would need a set of technologies to do real-time analysis of trends. We are blessed with an abundance of information on the World Wide Web which can provide us with ideas about signals of change. External data will become essential to continuously identify signals of change that can be considered as a risk or opportunity in the midst of an increasingly complex and fast-changing environment. As such, Big Data and Machine Learning will enable us to analyse global publically available news, blogs, and research papers.
Strong Risk Management practices should be backed up by a comprehensive Risk Universe, which helps organisations identify trends that may not be on the radar of management. Technology will enable organisations to keep their Risk Universe up to date, at any given time.
The decision making process must embed techniques to quantify both outcomes and probabilities to better understand the uncertainties involved. Quantification means that the uncertainty is expressed in a (monetary) value. Such techniques provide a strong basis to make strategic decisions and choices, and (equally important) to question them. For example, does the organisation really wants to invest a certain amount to mitigate the risk if the actual value at risk is lower than that amount.
Quantification of risk would help organisations to draw the size and monitor the risk trends they are facing. It is also useful to assess the organisations' capability to remain resilient in times of crisis.
2. Managing risk
Due to the new focus areas and developments, Risk Managers will have less time available to manage the internal and compliance-related risks. However, this does not mean these risks can be ignored by the business. In some organisations the Risk Management department can allocate these tasks to an Internal Control or Compliance team. However, if this is not possible the Risk Managers need to be able to increase the efficiency of their traditional tasks.
The aim of control automation is efficiency, whilst maintaining control effectiveness. Automated control execution provides greater certainty, because the more data is analysed the more controls can be executed consistently. Cost effective automation of routine control and compliance activities will equip the first line to take ownership of the quality of their processes and controls. This would enable Risk Managers to free up time to focus on strategic and emerging risks.
Continuous monitoring provides management with information on key performance metrics in (close to) real-time. This allows for better insight into issues as they arise, thereby improving their ability to manage risks and opportunities.
Continuous monitoring is typically embedded in modules of GRC solutions available in the market. By automating control execution, Risk Managers can reduce manual efforts and increase quality. Improved management and monitoring of controls through clear data & analytics dashboards allow Risk Managers to show stakeholders within the organisation how to obtain real-time compliance and process insights. This will ultimately lift the burden off the second and third line, reducing the extent to which detailed testing of controls is required and allowing the organisation to better focus on setting risk policies and tolerances that match their business model and changing economic conditions.