What does Digitising Enterprise Risk Management mean?
Digitisation has transformed many industries – media, transportation and retail, to name a few. Most organisations have accelerated their digitisation capabilities, being aware that if they do not, they will not survive. But this may not be enough for the New Normal; indeed, organisations which want to succeed in the Next Normal will have to take their current levels of digitisation to the next level. If this is on the cards, then Enterprise Risk Management will need to be digitised as well. But what does this entail? “Organisations are increasingly talking about going digital but digitisation is not the same as automation,” remarked Ramesh Pillai, Group Managing Director of Friday Concepts (International), at the outset of his presentation at the recent IERP® International Conference 2020.
Although a lot of functions will be automated in a digitised environment, there will still be many “known unknowns” and even more unknown unknowns. As confusing as this may sound, clarity may be gained by understanding what “digital’ actually means. Any organisation looking at digitisation will have to consider seven areas: process and workflow automation; advanced analytics and decision automation; cohesive, timely and flexible infrastructure that require human intervention; smart visualisation and interfaces such as customised dashboards and other tools; external ecosystems that necessitate partnering with outside parties; and talent and culture.
They will need to look at data management – overall data management and its quality; data processes, and how workflow processes can be automated, including streamlining and standardising machines to execute routine tasks. Advanced analytics and decision automation will help managers extract insights, make better predictions and choose more helpful interventions. Cohesive, timely, flexible infrastructure is necessary for seamless, consistent user experience; this has to be done in real time. The infrastructure should also offer smart visualisation and interface – applications that allow users to manipulate data and decide what they want, in formats that they can customise themselves.
Digitisation is an extensive exercise; organisations will find themselves having to look outside for partnerships and collaborators. They will have to work with digital experts and service providers to obtain the level of digitisation that is necessary. Holding all this together will be the talent and culture of the organisation. Traditional business and technology knowledge must be combined in the staff of the company. For this to happen, the people need to change behaviours and mindsets.
“They need to be aware of the power of data and its structure,” Ramesh said. “This has to be combined analytics, and a certain level of digital expertise.”
While digitisation is about speed, it is about failing just as fast too. “Don’t be afraid to fail,” advised Ramesh. “Failure is necessary to success. Fail hard and fast but learn quickly. Acknowledge the mistake, and fix it.” But all this can be overwhelming; anyone attempting it will initially require a great deal of help. Organisations need to bear in mind that in fluid environments such as these, that their risk appetites will be similarly dynamic. Risk thus has to be managed in real time, “on the fly” so to speak, to detect emerging risks and evaluate workable solutions. It also means that companies have to develop the capabilities to do this, quickly and efficiently.
However, with adjustments in strategies and approaches, this is achievable. While a certain amount of autonomy for all business units and departments is necessary, organisations would do well to establish a “Nerve Centre” where all analysis concerning risk management and all things risk-related can be managed. This will be where the different impacts of mitigative action can be quickly assessed. “A truly digitised risk function will be able to achieve this,” said Ramesh. “It will be able to provide better service to the organisation, leading to a smarter, nimbler and more effective structure.” But he cautioned that to achieve this, risk managers will need to retrain or upskill so as to evolve and respond to the growing needs and responsibilities of the risk function within their own organisations.
Digitisation is game-changing for key stakeholders like risk executives, CEOs and senior management, retail and corporate customers, and regulators. It takes away the tedium of repetitive tasks for risk executives who will find their roles shifting as they start generating insights that support strategic, high-value decision-making. CEOs and heads of business will automatically get advice on how to run the business, real time, with the information from the digitised system. While digitised systems will provide information that empowers risk managers in decision-making support roles, the same systems also have the ability to influence customer satisfaction.
“Retail and corporate customers will always compare their current experience to the best of what they have experienced before, regardless of the context or industry,” explained Ramesh.
“Systems can push information that is tailored or customised to individual situations, and do it in real time. This has the effect of increasing customer satisfaction where customer experience is key.” Organisations which want to leverage on this need to have an in-depth understanding of the risks connected with it. They can then dynamically adjust risk management decisions and evaluate emerging risks, and make changes in strategy accordingly.
“Strategy is dynamic, never static,” stressed Ramesh, adding that digitisation is as much about the change management process and changing culture, as about putting new systems in place. The main challenge in today’s environment is that organisations lack the capability of making their risk appetite dynamic in tandem. Making their risk appetites more dynamic has far-reaching consequences for organisations. It will mean becoming better at managing in real time, faster detection of emerging risks, evaluation and analysis, and determining how cross-mitigation strategies will work.