As with any technological advance, it has taken many years for reality to catch up with the vision. Today’s executives can at last call on a suite of products that begin to use this concept to shape the future; but it is not the chief executive or the IT manager that holds the key – it is the chief risk officer (CRO).
“Risk is at the heart of the modern business,” explain Philip White, executive director at Thomson Reuters, the global information company. “The CRO has three key roles: to run the business at a day-to-day level, to protect it from loss and to drive it forward, ensuring good-quality strategic decisions that increase revenue, reduce costs and improve customer experience.”
It is a far cry from the days when the job of a risk officer was to compute individual dangers, whether on a single product or a single market. Now the biggest challenge to corporate development is non-financial risk, whether from cybercrime, regulatory failure, damage to reputation or even logistics disasters, such as the recent failures at fast food chain KFC, which saw hundreds of outlets temporarily close after it switched its chicken supplier from Bidvest to DHL.
“The job of the CRO is evolving and the greatest challenge is trying to keep a handle on the company’s risk profile across a broad range of risk groups,” says Mr White.
To get the best possible value and strategic decisions, today’s risk and compliance executives want more real-time information, via plug-and-play platforms that work seamlessly with existing IT, according to a recent survey of financial institutions by consultants Celent. Its report, Achieving integrated GRC in an interconnected age, found that an increasingly complex world was shining a spotlight on any shortcomings in corporate risk defences.
“Many firms are facing challenges in moving towards the future,” according to the report’s authors Cubillas Ding and Neil Katkov. “Risk operations are having trouble developing agile capabilities and continue to be hampered by inflexible technology.”
Instead of acting as the company “brain”, technology is often disjointed and inefficient at capturing and analysing the information required to make strategic decisions. CROs understand only too well that technologies, such as robotic process automation or artificial intelligence, could transform the business (and are transforming their competitors), but cost pressures and legacy systems can be a barrier to implementation.
According to one interviewee, head of operational risk management at a European subsidiary for a global bank: “The biggest challenge is to get integrated reporting quickly, breaking it down to the many businesses to track ongoing trends. With an organisation of our size, the question is how do we do it most efficiently?”
Connected Risk enables users to pick and choose among a suite of flexible risk management solutions
Thomson Reuters believes the answer lies in its unique platform approach used by its next-generation, integrated risk management software application Connected Risk. Instead of a new-broom approach, Connected Risk enables users to pick and choose among a suite of flexible risk management solutions, which can be easily integrated with your existing systems to create a powerful holistic view of your organisation’s risk profile.
“A CRO has to be able to reassure all the stakeholders – the board, the shareholders, the regulators – that the range of risks are all being covered,” says Mr White.
So, for example, a company may feel that audit and compliance are sufficiently covered under existing systems, but in today’s global world feel exposed in terms of regulatory intelligence. One of the modules available with Connected Risk pulls in data from 913 regulatory authorities across the world, alerting the CRO to speeches, deadlines and information that can then be processed and analysed to suit the specifics of a particular company.
Alternatively, if you want to use risk modelling as a driver of corporate strategy, overlaying potential risks to determine best or worst case scenarios, Connected Risk can draw together strands from all corners of your business, breaking down siloed data and enabling the C-suite to take a clearer look at the future.
That ability to integrate is high on the wish-list of risk and compliance executives, according to Celent, which reported that “the disjunction between the potential of digital technologies and agile approaches on the one hand, and the current reality of entrenched operations and slow technology on the other is increasingly clear”.
Celent identified shortcomings in the standard “three lines of defence” approach for governance, risk and compliance (GRC). It found that the proliferation of regulation, blurred governance responsibilities and ineffective management information reporting were all contributing to poor GRC outcomes. Companies were struggling with a hodgepodge of metrics that ended up being of little use. According to one interviewee: “Our data is relatively siloed. This… encourages decision-makers to commit to decisions based on gut feel or… singular dimensions of value.”
Add to this the skills shortages that continue to plague the risk function; a 2017 report from consultants Accenture found “since 2009, talent has been a key barrier to risk management effectiveness”. The best risk management system in the world is of no use if staff cannot understand it and increasingly personnel are being called upon to play a much higher role than previously. No longer back-office number crunchers, Celent notes that operational risk personnel “need to understand the business and move beyond merely the ‘people with the risk tools, techniques and methodologies’ to ‘strategic partners who know my business and can add value to my decisions’”.
Platforms such as Connected Risk can transform staff from adder-upper of spreadsheets to effective business partner.
Mr White concludes: “We can provide professional services to help you unpack it, but you can take it out of the box and use it. You can customise it to suit your needs; you add other modules at a later date. It’s perhaps the easiest system to build and maintain on the market today. Platforms such as Connected Risk, which operate on intuitive drag-and-drop principles, can speed up the move from manual, disconnected desktop approaches to an integrated central network of risk information.”
Find out how Thomson Reuters Connected Risk platform can help you adapt to evolving integrated risk management needs: risk.tr.com/connected-risk