Vidya Phalke, CTO at MetricStream, says stakeholders are increasingly holding corporate leadership to a higher standard when it comes to managing risks of all kinds — systemic risk, geopolitical risk, credit risk, cyber risk, macroeconomic risk, technology risk, and more.
While great strides have been made, and many crises have been averted, we continue to see the front-page stories play out about those risks that weren’t adequately understood or managed. Alongside this, the news media and popular culture has shaped our thinking around risk as something to be avoided — as the inevitable evil of doing business.
However, those organizations that are leading the charge on effective risk management are taking a radically different view of risk — rather than viewing risk as a negative that must be avoided, they view risk as opportunity. If you know what your risks are, you are in a better position to make decisions that drive better business performance. This refreshing view of risk is being led at the top – in the boardroom – where many business leaders are re-thinking, re-imagining, and re-shaping the conversation about risk.
Enabled by new technologies such as the Cloud, IoT, rising mobility, prolific social media usage, and the rise of big data, and amidst the backdrop of the 2008 financial crash, we’re starting to see risk management shape more and more major boardroom conversations and decisions today, and with positive results. The assurance community has long advocated for risk to be embraced and openly discussed in the enterprise and boardroom, as a starting point to, as well as a means of achieving its strategic goals. The problem is so often that, when people hear the word “risk,” they do not immediately recognise that it goes hand in hand with opportunity.
Take Cloud Computing for instance. Let’s say that Company A looked only at the security risks associated with hosting their data in the cloud, and the board and senior management discussed how those risks might impact the organization. Compare this to Company B which evaluated both the risks involved as well as the opportunities. The right approach requires a consideration of the risks at hand, as well as the opportunities and benefits that can be gained.
For Company B, an ideal outcome might have included adopting a few of the very best elements of cloud computing, and also designing a more focused risk management and monitoring program. This kind of approach and understanding of risk would give Company B a significant competitive advantage over Company A. We’ve witnessed how many organizations have benefitted from the cloud’s faster time-to-value, lower total-cost-of-ownership and higher reliability, helping them lead – or even revolutionize – their respective industry.
Another example is Social media. There are a handful of companies that embraced Social media from the beginning, recognizing its power, and are using it to communicate with their customers and the masses alike. On the other hand, there are companies, who a decade later, are still wary of its instant nature. Indeed, a bad customer review or a post with an unfortunately placed typo can spread quickly, but businesses shouldn’t let certain risks deter them from using a powerful tool that is now ingrained in our day-to-day personal and professional life. An appropriate investment in a risk monitoring and mitigation tool would ensure risk is managed appropriately.
Going forward, the role of technology in risk management can’t be understated. We live in a mobile, social, and digital world where data from almost anything can potentially impact a decision as well as its repercussions. It’s no longer sufficient to simply think that ‘doing X will result in Y.’ Businesses must think non-linearly, they must consider a broader set of factors, and they must question everything.
As such, more organizations are benefiting from investing in tools which empower them to collect data from a number of sources to understand potential scenarios. Take the Bank of England example from earlier this year. It was revealed to be researching the financial risks of the UK leaving the EU. This is a perfect example of the kind of risk analysis entities should be doing on an on-going basis to understand and manage their risks. This kind of analysis, followed by appropriate risk mitigation, ensures decision-making is done in a calculated manner and is in the best interest of all the stakeholders.
Going forward, as cloud computing, social media, and mobility become more pervasive within digital enterprises, technology will too, play a fundamental role in enterprise risk management. As digital enterprises seek new customers and serve existing ones robustly, they will need to analyse vast amount of information sources in a non-linear fashion. The enterprise will also need to consider new factors, such as user experience across channels, business continuity across service offerings, and information and personal data security across the enterprise as key risk management factors. All of this will require a strategic top down vision enforced by the board to make enterprises more accountable for such emerging risks and more responsive in proactively managing them. The digital enterprise of tomorrow will need to put real time mitigation mechanisms for strategic risks which are possible only with the aid of technology.
Surprisingly perhaps, an organization’s enterprise risk management program has become a leading indicator of management’s ability to execute its business objectives, regardless of what they are. With so much rapid change, volatility, and transformation, I know one thing to be true; as technology becomes embedded deeper within the organizational fabric, helping to make businesses smarter and more responsive, boards will continue to take a deeper interest in ensuring that risk management programs are being planned and executed long term.
As part of the board’s oversight, they have, and will continue to ask for sophisticated and proactive risk measurement and mitigation measures — this includes subscribing to a more “what-if” approach. While boards are not overly prescriptive, their oversight will lead the organization to consider and adopt new investments, including technology that utilizes Artificial Intelligence, as well as emerging IT DevOps transformational models.
Vidya Phalke, CTO at MetricStream