Ahead of Riskonnect sponsoring the upcoming #RISK London, their CEO spoke with us to give an overview of the risk landscape today.
Taking place on October 18 and 19 at ExCeL London, #RISK London addresses the issues impacting organisational risk today, from Governance, Risk and Compliance (GRC), to Environmental, Social and Governance (ESG), organisational culture, and much more.
The event builds on the success of #RISK 2022, allowing organisations to examine the cumulative nature of risk, unite GRC specialities and share views with subject-matter experts.
- Beyond the Checklist: Rethinking Compliance- Wednesday 18th October, 13:00 - 14:00 - GRC Theatre
1. Jim, to start can you tell us a little about your role and how you got to where you are?
I started my professional career in accounting at IBM. This gave me a solid foundation in business and finance, which I later leveraged to build a successful career in technology.
After a few years in accounting, I joined a small technology startup in product management. This experience gave me a deep understanding of the software development process and the challenges faced by startups.
Over the next decade, I held a variety of roles in software companies, including sales, marketing, and customer support. This experience gave me a broad perspective on the technology industry and the diverse ways that companies can succeed.
I joined Riskonnect five years ago because I was impressed by the company’s vision and mission. Riskonnect is committed to helping organizations manage all types of risk across the enterprise. This is a critical challenge for businesses in today’s complex and ever-changing world.
I am also proud to be part of Riskonnect’s high-impact team. Our team is made up of talented and experienced professionals who are passionate about helping our customers succeed. We are also committed to creating a positive and supportive work environment.
I am excited to help the company achieve its ambitious goals. I believe that Riskonnect is uniquely positioned to lead the way in integrated risk management and am confident that we can make a significant impact on the way that organizations manage risk.
2. How radically has the risk landscape changed over your 20-year career?
The frequency, velocity, and impact of risk have experienced incredible growth in recent years. Several catalysts have driven this:
- Digital transformation. The rise of cyber risk has changed the landscape of risk for organizations of all sizes. Cyberattacks can now cause widespread disruption and financial loss, and they are becoming more frequent and sophisticated.
- Global interdependence. We live in a more interconnected and globalized world, which means that risks can spread more quickly and easily. For example, a natural disaster in one part of the world can have a ripple effect on supply chains and economies around the globe.
- The search for margin. In today’s competitive marketplace, organizations are under pressure to optimize their operations and extract every bit of value. This can lead to increased risk-taking, as organizations try to squeeze out more profits.
These catalysts have made it more important than ever for organizations to have a strong risk management framework in place. A well-designed risk management framework can help organizations to identify, assess, and mitigate risks. This can help to protect organizations from economic loss, reputational damage, and other negative consequences.
3. What are the primary themes governing risk in your industry?
- Increased formalization of risk management program: Organizations are increasingly formalizing their risk management programs. This includes creating a risk management framework, assigning roles and responsibilities, and developing key processes. This formalization is being driven by the need to comply with regulations, the desire to improve risk management effectiveness, and the availability of technology to automate risk management tasks.
- Adoption of technology: The formalization of risk management programs is driving the adoption of technology to automate risk management tasks. This technology can help organizations to identify, assess, and mitigate risks more effectively and efficiently. For example, technology can be used to collect and analyze data, identify patterns, and develop risk models.
- Quantification of risk: Organizations are increasingly seeking to quantify their risk of exposure, cost of compliance and risk management, and losses. This quantification is being driven by the need to make better decisions about how to allocate resources and manage risk. For example, organizations can use quantitative techniques to assess the likelihood and impact of risks, and to develop cost-effective risk mitigation strategies.
- Use of data: The quantification of risk is being enabled by the availability of data. Organizations are collecting more data about their operations, risks, and environment. This data can be used to develop more accurate risk models and to make better decisions about how to manage risk.
- Vertical and horizontal integration: Risk organizations are integrating vertically and horizontally both within and outside of their organization. This integration is being driven by the need to have a holistic view of risk and to collaborate with other stakeholders. For example, risk organizations are integrating with other functions such as compliance, finance, and IT. They are also integrating with external stakeholders such as regulators and partners.
- Maximum visibility to risk: Risk organizations are expanding their reach to provide maximum visibility to risk. This includes expanding their scope of coverage, improving their reporting capabilities, and using technology to automate risk management tasks. This visibility is essential for making informed decisions about how to manage risk.
4. How have priorities changed for your organisation and for your clients over the last five years?
Risk management technology has transformed based upon client needs. As the back office of risk, the second line first needed an information repository of risk information. Over time technology has been improved to provide validation of data. As risk sought to integrate the first line of defence to the second and third line – the technology has evolved into a workflow engine. Now, with enhanced AI, analytical tools, and quantification – modern risk platforms can orchestrate and automate activities across a greater span of risk and include both internal organizations and external third parties and partners.
5. Is progress being made in the drive to catch up with the cybercriminals?
Yes. Progress is being made in several ways. 1) Increased cooperation between government regulators, law enforcement, industry, and consumers. 2) Continuous innovation of technologies to combat cybercrime such as ML/AI for detection and prevention, blockchain for transparent and secure recordkeeping, and break-through encryption methods.
6. What new technological developments are coming through that are helping organisations like yours to improve efficiency while mitigating risk?
New technological developments are helping organizations to expand their risk management reach in several ways. For example, they are being used to:
- Monitor ESG (environmental, social, and governance) risks: Organizations are increasingly being held accountable for their ESG performance. New technologies are being used to help organizations to monitor their ESG risks, identify and mitigate ESG risks, and report on their ESG performance.
- Track multiple tiers off the supply chain: Organizations are increasingly reliant on complex supply chains. New technologies are being used to help organizations to track their supply chains, identify and mitigate risks in their supply chains, and ensure that their supply chains are sustainable.
- Go deeper into the organization: Traditionally, risk management has been focused on the top levels of the organization. However, new technologies are being used to help organizations to go deeper into the organization and identify and mitigate risks at all levels.
- Increasing in impact: The level of fines, penalties, and repercussions for non-compliance with regulations is increasing. This is driving organizations to adopt innovative technologies to help them to improve their compliance and risk management practices. For example, organizations are using modern technologies to:
- Automate compliance tasks: This frees up resources to focus on more strategic risk management activities.
- Identify and mitigate risks more quickly and efficiently: This helps to reduce the likelihood of costly fines and penalties.
- Report on compliance and risk management more effectively: This helps to demonstrate compliance to regulators and stakeholders.
Overall, new technological developments are helping organizations to improve efficiency while mitigating risk by expanding in reach, increasing in impact, and helping organizations to go deeper into the organization and identify and mitigate risks at all levels.
7. How are evolving regulatory frameworks dictating the work that you do, and your clients’ and customers’ needs?
Increasing the need for automation: Evolving regulatory frameworks are increasingly complex and demanding. This is driving the need for automation in risk management. For example, organizations are using automation to:
- Identify and assess risks: This can be a time-consuming and labor-intensive process. Automation can help to streamline this process and free up resources to focus on other tasks.
- Mitigate risks: Automation can help to identify and implement cost-effective risk mitigation strategies.
- Report on compliance: Automation can help to generate reports that demonstrate compliance with regulations.
Increasing the need for analysis: Evolving regulatory frameworks are increasingly focused on data and analytics. This is driving the need for organizations to have a strong understanding of their data and to be able to use it to identify and mitigate risks. For example, organizations are using analytics to:
- Identify trends: This can help organizations to identify risks that they may not have been aware of.
- Assess the impact of risks: This can help organizations to make informed decisions about how to mitigate risks.
- Benchmark their performance: This can help organizations to see how they are doing compared to their peers.
Increasing the need for integration: Evolving regulatory frameworks are increasingly cross-functional. This is driving the need for organizations to integrate their risk management processes with other functions such as compliance, finance, and IT. For example, organizations are integrating their risk management systems with their financial systems to get a more holistic view of their risks.
8. What will be the primary battle ground upon which organisations can bolster their cyber posture and manage risk? Cultural, structural, technological, or something else?
Easily, culture. Human risk remains the largest pain point / gap across risk domains. Through driving a risk-aware culture that values predictable outcomes that comply with risk and safety best practices, organizations have the greatest impact in managing their risk.
9. Is it true to say that improving compliance stands to earn businesses a competitive edge?
Yes. Leading organizations have the highest opportunity to perform to their mission over the long term when they operate in alignment with the key controls and requirements of their domain. This discipline protects customers, employees and shareholders. Competitive edge can be sustained on a foundation this is strong, resilient, and transparent.
Ian Evans will join fellow experts to explore these issues in depth at #RISK London, in the session: “Beyond the Checklist: Rethinking Compliance”.
The session sits within a packed two-day agenda of insight and guidance at #RISK London, taking place on October 18 and 19 at ExCeL London.
#RISK London unites thought leaders and subject matter experts for a deep-dive into organisational approaches to handling risk. Content is delivered through keynotes, presentations and panel discussions.
- Session: Day 1, Beyond the Checklist: Rethinking Compliance
- Theatre: GRC
- Time: 13:00 – 14:00 BST
- Date: Wednesday 18 October 2023