By Sean Pyott, MD of thryve
Last month, I reflected on the importance of risk managers and why they are in high demand right now. But what about companies – what kind of changes should they undergo to make better use of new risk management practices?
It’s an important question because modern risk-management practices aren’t simply imported. You can hire the best actuaries and give them all the resources they require, but it won’t necessarily make a difference to your organisation’s proactive use of risk. And ‘proactive’ is the keyword for this transition: at thryve, we prefer the statement “sense and respond” risk management, meaning you treat risk as an active and strategic information source to avoid problems as well as spot new opportunities.
“Sense and respond” risk extends out of digital technology, which today leverages data to make significant risk predictions. Data in the modern context is not just information. It also relates to the richness and continuity of the data.
In the past, we had to extrapolate insights from limited sets of data, whereas today, you can rely on a steady stream from a data source, or combine different data sources, or do both. For example, insurers now routinely use social media information to help predict or manage risks, such as people reporting nearby weather events.
This richness exists inside companies as well, when they combine different silos of information and build a so-called ‘single truth’ of what’s happening inside their operations. It delivers the three types of analytics that modern companies rely on: descriptive analytics, predictive analytics, and prescriptive analytics.
Descriptive analytics gives insight on historical data, predictive analytics forecasts what might happen, and prescriptive analytics offers a choice of various outcomes based on parameters. In the past, none of these could keep pace with other parts of the business and required a lot of resources to deliver comparatively limited results. The combination of big data and cheap access to computer resources shifted this reactive environment into the “sense and respond” approach.
Yet aspirations are not enough. You have to nurture and grow this new risk-management capability. To that point, Accenture’s Managing Director, Steve Culp, wrote an article for Forbes at the start of October looking at the topic. I’ll summarise his points:
- Connect risk management to the rest of the business, particularly front-office operations. A risk function stuck in the back corner of the company will accomplish little.
- Leverage technology that includes data, analytics and advanced modelling, often incorporating artificial intelligences such as machine learning. Specifically, these can reduce low-risk areas so that managers can focus their energies more productively.
- Align risk policies with business strategies. As I noted above, the speed or risk management lagged well behind those of business. But no more, so risk can now continually collaborate with business strategy.
- Be active, not passive. Relating to my “sense and respond” statement, risk management must do more than identify and mitigate potential risks. It can actively prevent risks and find opportunities.
- Centralise and decentralise. Risk management should have strong central controls, but it must also have good “sensors at the edges”, as Culp puts it. These provide objective inputs from the front line and from outside the business.
The technologies, best practice and integration expertise are available to accelerate risk management across all these strategies. At thryve, that’s a large part of what we do. But companies have to be more culturally and strategically proactive about risk’s new role in combination with these digital services.
It can often start as a small seed – a cloud-based service that quickly and efficiently improves the operations of a single department, project or process. We’ve seen on many occasions how such a small difference creates a lot of enthusiasm and transformation across a company once the above culture considerations also start coming into effect.