Reading Time: 3 minutes
Traditional risk management techniques can treat risks in isolation and focus too much on traditionally insurable risks. These techniques work in some cases, but don’t reflect the highly integrated nature of business processes — and their related risks.
Integrated risk management pulls together risk management operations from across an organization to create a more unified and holistic risk management strategy. These strategies look beyond traditionally insurable risks and consider all the risks that a firm face.
Integrated risk management offers improvements over traditional risk management, but it isn’t free from its own unique challenges.
The Data Behind Integrated Risk Management
Critical business information is often siloed into disconnected documents and spreadsheets. These resources aren’t always in the same format, and essential data may be present in some documents but not others — making it difficult for firms to bring together all the data they need into one set that can be analyzed.
For an integrated risk management (or IRM) strategy to work, a firm needs to clean and analyze its data in a way that will provide usable insights.
New developments in computer technology — like the rise of big data in risk management analysis — make it possible for firms to use their vast stores of data in risk management processes.
These technologies — big data especially — can be used to sift through these massive stores of data that are simply too large for human analysts to work with. Then, the technology can use the patterns and insights it discovers in that data to construct predictive models. The computer algorithms can bring together seemingly unrelated variables about risk to create models that can accurately assess and evaluate where future risks may be lurking — and the impact that these risks could pose to business operations.
At the same time, other new technologies make collecting data in massive volumes easier than ever — like internet of things (IoT) sensors, tiny devices which constantly record and report information like environmental conditions, GPS location or acceleration. This data be used to support existing and previously collected business data, and provide risk analysts with valuable information regarding processes that were previously difficult or impossible to risk-assess.
For example, IoT sensors are already being used by risk analysts in the logistics industry. There, insurance policy writers have more faith in a logistics company when they can be convinced that the company in question has used data-driven analysis to accurately asses the level of risk a certain piece of cargo faces.
In this case, IRM and IoT technology provides a better overview of both traditionally insurable risks — like insurable cargo — and non-traditionally insurable risks, like business disruptions. The technology, combined with the unified approach to risk management, allows businesses to both more effectively insure their goods and enables businesses see how these two risks are related.
Challenges of Unified Risk Management Systems
A data-driven integrated risk management approach isn’t without its own challenges.
Applying big data will require a change in the way that large enterprises collect, store and aggregate their data. Changes may be required to ensure that all data will flow to the same pool, and in comparable formats, so that it can properly be analyzed. Altering or updating legacy systems isn’t always quick or easy. Implementing an IRM approach may require significant technology upgrades and standardization of data collection policies and methods across an organization.
IRM will also require standardization of risk management processes throughout a company. Businesses are relying on more automated solutions, like VComply to achieve this. Publicly available risk management standards, like the ISO 31000 RM, may help companies by providing an existing, standard framework.
At the same time, businesses that shift to an IRM strategy must become acutely aware of the kinds of data they collect and store — especially data that is confidential or personally identifying consumer information. Companies will need to design their data storage systems to prevent unauthorized access to confidential or identifying personal information, as in the case of a company that regularly stores customer names, addresses, demographic information, financial information and so on.
This is especially true in a time when cyber crime is on the rise, and companies with valuable data are some of the biggest targets. Pooling a company’s data — along with giving all company analysts access to the same data pool — can make that data more vulnerable to cyber-attack. For this reason, IRM may require significant investments in cybersecurity staff and technology.
Companies that choose to employ data-driven IRM approaches will need to be careful stewards of their own data — or they can risk creating new potential liabilities in the form of unsecured confidential data.
The Difficulties and Benefits of Integrated Risk Management
Integrated risk management has both benefits and drawbacks when compared to traditional risk management styles.
As data becomes more valuable and more available, IRM strategies will naturally be more viable for companies that already handle huge amounts of data and need to respond to a growing variety of risks. However, implementing IRM won’t be challenge-free. Good data stewardship and standardized processes are two of the difficulties that businesses will need to face if they want to successfully implement IRM.
About the Author