Risk management - as we knew it - is finished. Here’s why.
5 August 2020 - By Maeva Charles (Datamaran) and Tonny Dekker (EY)
Maeva Charles (VP of Partnerships and Client Solutions, Datamaran) and Tonny Dekker (Global Client Service Partner and Global Enterprise Risk Leader, EY) are in charge of the collaboration between EY and Datamaran, with a joint NextGen Risk Management offering. Contact them here.
Every business is rethinking their strategy and reframing their future in light of the COVID-19 pandemic – currently the biggest external risk to organizations around the world. The shock factor was significant: in a matter of weeks, the novel Coronavirus turned into something so ubiquitous that it tested the resilience of every business.
At the start of July 2020, the World Economic Forum shared the results of a report on the biggest risks businesses will face in the coming 18 months. Unsurprisingly, at the top of the list is the prolonged recession of the global economy.
But the external risks go beyond the fallout of the pandemic, and should raise severe concern. Ten economic risks, nine societal, six geopolitical, four technological and two environmental risks. These ESG risks are not expressed using financial metrics, but they can have very concrete financial consequences. We see this today with social unrest across the globe and physical disasters caused by climate change.
The risk landscape is changing significantly, and at a fast pace. The health, economic, social, and environmental crises the world is facing today mean that there is a critical need for businesses to step back and:
Monitoring external risks: why leaders should care
As one positive impact of the COVID-19 pandemic, boardrooms are coerced to place external risks at the top of the agenda, and highlight the serious gaps that exist in effectively monitoring the changing landscape.
In late 2019, before the start of the pandemic, an EY Global Board Risk Survey of 500 board directors and CEOs revealed that only 21% of boards were “very satisfied” with their effectiveness in overseeing changes to the risk landscape and adjusting their organization’s risk appetite accordingly.
More recently, in April 2020, the Survey showed that less than 20% of board members were “extremely confident” in risk reporting from management on a range of significant issues.
This signals to the fact that traditional risk management approaches need to change - and institutions are taking notice. The World Economic Forum shared highlights from a paper co-authored with Harvard on integrated governance, reinforcing the need for companies to better engage with stakeholders, in order to more effectively manage risk.
One of their six recommendations, to “Internalize material ESG&D factors in enterprise risk management,” states: “Boards must gain more in-depth understanding of rapidly evolving environmental, social, governance and data stewardship (ESG&D) risks.”
Furthermore, during recent months, COSO launched a report that focuses on a key part of the ERM framework, the Risk Appetite Framework. The report focused on enabling businesses “to anticipate and understand their risk when change happens and to better embrace change and be more agile in challenging conditions”.
Why? In the absence of a clear overview of risks, including those seen through the eyes of a broad range of internal and external stakeholders, the company will not be equipped to sufficiently establish external risk management processes. Nor will the company gain the trust by these stakeholders in the company. Risk management is not just about protecting shareholder interest; it’s about understanding, anticipating and meeting the needs of society at large.
The shortcomings of traditional risk management
Another finding of the EY global board risk survey was that almost 80% of board members felt unprepared for a major risk event like the COVID-19 pandemic.
One of the reasons could be the blind spots left by traditional approaches to risk management: only 40% of board directors and CEOs said, in the same survey, that their enterprise risk management was effective in managing atypical and emerging risks.This is partially due to data, and ways to capture that data. Most risk management processes have become obsolete and cannot handle the wealth of data continuously being generated. Big data and unstructured data are very powerful when it comes to shaping strategic decision making. But if the risk management process cannot handle the data, its insights will not be extracted, let alone applied.
Indeed, about half of finance leaders say, they “spend more time gathering and processing data than they do analyzing it.” And this does not even mention the decision making process, which should follow after completing the analysis.
Yet, having a constant stream of meaningful and up-to-date information is important for gaining buy-in at the executive and board levels. With comprehensive and unbiased insights on emerging trends, and detailed information on how stakeholders’ priorities are changing, boards can fulfill their oversight role in the best way possible while making structural improvements. This is further validated by the Institute of Internal Auditors, whose recent publication in July 2020 on the Three Lines Model emphasized the role of the “governing body” and their oversight accountability towards stakeholders.
It is essential for boards to have these insights now, or they risk financial losses by not integrating ESG into their core strategic discussions.
How technology removes blind spots
The challenge here is matching up the need with the capability. In today’s complex external risk environment, companies are more exposed to broader, complex, often indirect risks that are not simple to monitor. Effective risk management requires data-driven approaches that enable companies to monitor the external landscape and prioritize the risks that matter most. These insights supplement leaders’ judgement and enable dynamic decision making.
The first step is to reinstate risk governance and internal controls, while also assessing where changes are needed. With that foundation in place, technology can provide the coverage and efficiency needed to turn vast amounts of data into viable information. To unlock the full potential, this requires sophisticated AI technology.
An estimated 2.5 quintillion bytes of data are created every day. Big data is noisy. The systematic use of AI in external risk management enables companies to capture weak signals, helping companies cut through that noise and have reliable data to inform decision-making.
For example, when the pandemic hit, Datamaran clients needed a way to understand how regulators and companies were responding specifically to Covid-19. While Datamaran already tracked regulatory and corporate responses to pandemics more broadly, it applied its AI engine to analyze Covid-19 specific responses in real-time (some of these insights are available in a public, online micro-site).
By reducing the manual input required for analysis, AI also supports continuous monitoring, which gives companies an opportunity to structure risks as they identify them. This enables them to generate a complete picture of their external risks and act on them fast.
Embracing a data-driven approach to risk management
A proactive, data-driven approach, like this, is exactly what’s needed for businesses to be resilient – especially when the biggest risks we’re seeing can appear as if from out of nowhere. However, with the right processes and technologies, companies can better prepare for and deal with even the biggest risks, like the Covid-19 pandemic.
Subjective judgments are not enough in today’s world. Risk management is a core business process, which provides the foundation of other key business processes. By adjusting the approach to risk management, these other processes also become more robust, responsive and data-driven:
With data and information from a variety of reliable internal and external sources, decision-making is accelerated and improved. The process is made defensible: when data feeds into decision making, it becomes more robust, thereby increasing confidence in the review of the process.
Informing better board-level decision-making
The sheer volume of available data requires technology. As a Datamaran user from a major US stock exchange commented: “you can’t be both timely and accurate in producing this information without the very latest technology. You need a defensible, technology-driven process to back that up and to monitor the risk landscape as it evolves.”
Companies that use Datamaran are able to cut through the noise of big data to gather insights and stakeholder views, as well as capture emerging risks for informing better board-level decision making. EY collaborates with Datamaran - the only AI-powered software on the market to support a data-driven process for identifying and monitoring external risks - to offer more holistic risk intelligence that helps build a better working world in its ecosystems (see below graphic for an overview of how this process works).
As we look past lockdown to the rest of 2020 and beyond, this is going to be increasingly vital for building resilient businesses and improving the trust of their stakeholders.
See how Datamaran can help you
Datamaran is the only software analytics platform in the world that identifies and monitors external risks, including ESG. Trusted by blue-chip companies and top tier partners, it brings a data-driven business process for external risk and materiality analysis. In house - at any time.
Datamaran’s patented and award-winning technology offers real-time analytics on strategic, regulatory and reputational risks, specific to your business and value chain.
Fill the form on the right to get your complimentary demo of Datamaran.