Integrate Data to Harness its Risk Management Power
Risk management isn’t what it used to be.
Risk managers, CFOs and corporate boards no longer have the luxury of focusing on a defined, static set of risks. Global risks proliferate in number, type and complexity, and the risk environment is changing at an ever-faster pace.
In this environment, organizations must preempt if they can, and be able to adapt and react quickly if they can’t. Efficiency and proactivity aren’t just desirable, they’re essential.
“The approach to risk management needs to change. In addition to responding quickly as events unfold, risk managers need to have the tools to see what’s coming, and the voice to get the attention of senior leaders,” said Quin Rodriguez, Vice President, Strategic Marketing, Riskonnect.
Often, businesses already have what they need to speed up their reaction time and whittle out inefficiencies in risk management: data. Data can provide insight into a company’s key vulnerabilities, and clues for effective risk management strategies. The problem is that the data is siloed in separate administrative systems. Sharing data among different teams and corporate functions allows an organization to take a more integrated approach to risk management. Risk managers just need the tools to do it.
“Integrated Risk Management involves converging data from different sources within the business to provide the C-suite with a strategic view of its exposures. It’s opening windows in the silos to create communication channels and enable data-sharing,” Rodriguez said.
When data is presented in an integrated way, it reveals the totality of risk exposure and provides a top-down view of operational risk data including claims and incidents, which may allow executives and senior managers to identify systemic, organization-wide risks that previously went unrecognized due to departmental silos.
To understand the full scope of risk, organizations need data from all business units and risk and compliance functions, as well as from business partners, suppliers and outsourced vendor services.
“It’s hard to see and appreciate the impact of any risk, much less do anything about it, when you’re only looking at them individually and over a short period of time,” Rodriguez said. “Integrated data enables strategic, real-time decision making with the long view in mind.”
A Platform for Data Sharing
Gartner defines Integrated Risk Management as “a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.”
Despite the benefits of streamlining data systems and sharing information across an organization, a 2015 survey conducted by Gartner revealed that nearly 40 percent of its clients were not using software for governance, risk and compliance, or what is now referred to as IRM. Sixty-five percent of clients were not even familiar with the term GRC. And yet, a separate survey of global executives revealed that 65 percent of execs saw investment in risk management as “falling behind.”
Why aren’t more organizations investing in updated risk management practices and taking an integrated approach? Rodriguez said there are shortfalls in both organizational cultures of risk awareness, and in the availability of enabling technologies.
“The technology hasn’t quite been there,” Rodriguez said. “Many vendors have built one-off and niche solutions to meet demands as they arise, resulting in different apps for claims management, safety reporting, internal audit, etc. But there has been no one solution where the data is all accessible at once.”
Riskonnect offers the platform and data services that can unify these separate and siloed solutions. Consolidating claims data, safety reporting, training documents, compliance reports, and other risk management information under one unified hierarchy eases data-sharing without compromising data integrity. It allows risk managers to see the full impact of each risk and understand them in context.
Take the example of a fast food restaurant. A patron comes in for lunch and discovers a bone in his chicken sandwich, which is a safety risk for the customer and a liability risk for the restaurant. The customer complains to the manager, who files an incident report. Then the unhappy customer goes home and shares his experience on social media, denigrating the restaurant for its poorly prepared food. Now that bone is a reputational risk that could affect other restaurant locations as well.
“What we’re seeing is these risk managers are having greater visibility into these risks, and they’re starting to ask us for more information,” Rodriguez said. “They want to be able to see the operational impact of a reputational risk and determine how to mitigate it.”
Rodriguez described another client who was seeing a lot of claims tied to environmental health and safety, but couldn’t determine where the common vulnerability was that was allowing things to slip through the cracks. Part of the problem was that the claims management team and the safety team weren’t communicating.
If there was an injury, the safety team would file a report, but the claims team did not have access to their system and thus could not see the report. They would not know about the incident until the injured employee filed a workers’ compensation claim.
“Safety reporting should be tied to claims, which should be tied to safety auditing,” Rodriguez said. “The injury report should be filed in the same system as claims so that the claims team can identify that report as a potentially insurable risk. When data is integrated, they know what’s coming.”
“Any time you can break down the silos and create common sources of data, normalize them, and ease communication, you achieve an integrated risk management approach that ultimately helps to create efficiency and mitigate losses,” Rodriguez said.
Implementing Integrated Risk Management
Switching to one unified system works best when there is support from all departments. Managers of different business units will need to expand their view outward and look to synchronize their data collecting and reporting with their counterparts throughout the organization.
But there are also needs to be an appetite for integration at the executive and board level, Rodriguez said.
“We have clients that use five, six, seven different solutions of ours and may not have the required appetite to really normalize that data at the C-suite level. There needs to be a desire at that level to really put data to work and develop a purpose for it,” he said. “Otherwise, they’re just going to get another dashboard.”
This is where risk managers can take a leading role and elevate their strategic contribution to their organization.
“Risk managers already collect so much information, but with an integrated risk management approach they can bring better data to their bosses that has a clear purpose,” Rodriguez said. “Harnessing shared data can get risk managers a seat at the table.”
To learn more about integrated risk management solutions, visit https://riskonnect.com/.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Riskonnect. The editorial staff of Risk & Insurance had no role in its preparation.