Today’s risk managers are between a rock and a hard place. They have to identify and implement the right risk management practices in order to prove that they’re adding value to the organization, comply with regulatory requirements, and sustain the business. But, with so many innovative technology options, it can be difficult to determine which risk management solutions they can use, if any, to ensure success.
In a recent SAP Game-Changers radiocast, panelists Saret van Loggerenberg, manager of risk and compliance for Exxaro Resources Limited; Scott Mitchell, chair of OCEG; and Bruce McCuaig, director of solution marketing for GRC solutions at SAP, share their thoughts on risk management trends, technology, and the human factor.
Defining the role of risk management
Risk management carries a different meaning for each organization, based on its needs, challenges, and goals. For Loggerenberg, governance, risk, and compliance (GRC) is not about ticking boxes for the sake of compliance; it’s about wanting to exist in the future. “It’s about how the company is directed and controlled, how to ensure that we make decisions effectively…and about remaining sustainable,” she says.
McCuaig agrees with Loggerenberg, adding that it isn’t enough to manage risk; organizations have to understand what causes risk in the first place. To illustrate his point, he shares some advice a fire inspector once gave him. “It does not matter how many fire extinguishers you have or what kind they are or how big they are, fire extinguishers don’t prevent fire,” he was told. “So just sitting here and trying to figure out how to control the fire does not really count. We need to understand what causes the fires.” The key is to manage risk before you even have to put a control in place, says McCuaig, and organizations are using technology to do just that.
Leveraging technology and the human factor to drive value
For risk management organizations, innovative technologies can “provide data, analysis, and information that informs us more about the world we don’t understand today…but we are going to have to play in tomorrow,” says Loggerenberg. The problem, she points out, is that “sometimes people implement technology because they think they are going to solve the problem with that, or that the technology is going to serve the purpose of what human behavior should actually do.”
Citing a recent risk management report, Loggerenberg says that, while 80 percent of risks have external root causes, 60 percent of them are people related. For this reason, “you cannot manage risk…without dealing with the human factor,” says McCuaig. “In fact, if all you did was deal with the human factor, you will probably be very, very successful at risk management.”
Mitchell concurs, and goes on to predict that the future of risk management lies in “a whole new wave of technology that is intended to help people in the enterprise get paired together for better decision making.” He expects that, instead of automating the human factor out of risk management, we need to look at collaborative technologies that will bring people together for decision making.
Navigating the path ahead
All panelists agree that the future of risk management is in technology. This includes everything from monitoring customer and employee sentiment on social media to using Big Data to identify trends and link cause-and-effect relationships. And, McCuaig says, “We have to do the right thing wrong a little bit and finally figure out how to make it work.”
For even more insights into risk management trends, technology, and the human factor, listen to the full radiocast.