Ensuring benefits from your risk management transformation

Unlocking the benefits from your risk management transformation  

When organisations embark on implementing a new risk, resilience and compliance system, like ServiceNow, the primary rationale centres around the ability to better manage and mitigate risks.   And yes, this is correct but here’s the catch.  Many organisations have little or no SMART (Specific, Measurable, Achievable, Realistic, Timely) benefits behind this.   Without clear benefits, justifying the project’s worth to stakeholders becomes an uphill battle.

In this blog I will delve into some of the specific benefits that should be considered within a risk transformation.   While my focus will mainly be the benefits related to risk and compliance (including controls management) if anyone is doing third party risk management, business continuity or resilience then please get in touch as happy to share ideas for these business cases too.  

I have broken down the benefits for each area and have been bold by outlining the level of improvement you should be looking to achieve.   Note – these are based on my experience rather than any scientific study!!!!

• Risk reduction - 40% + reduction in major and minor risk events through a better understanding of your risk posture and the ability to proactively manage risk and respond effectively to incidents when they do occur.  This includes a reduction in the financial impact (fines, losses, etc.).    
• Regulatory compliance - 50% + reduction in time needed to prepare regulatory reports or answer questions as regulatory requirements aligned to risk and control data with compliance reporting available at the click of a button.
• Growth - 10% + improvement in customer retention and satisfaction through the reduction in operational incidents impacting the customer experience.  You could potentially be able to win new customers by being easily able to demonstrate compliance with industry best practice standards (such as ISOxxxx).
• Cost reduction in controls - 40% + reduction in time spent maintaining and testing each control for first line via self service, streamlined testing and automated workflows / attestations.
• Second line efficiency - 20% + improvement in second line efficiency by automating policy lifecycle management, control testing, and continuous control monitoring / key risk indicators.
• Audit efficiency - 20% + improvement in internal audit team efficiency by simplifying reporting to audit committee via single source of truth and real time data. Automating testing, control monitoring, evidence collection, and issue identification.
• General efficiency and effectiveness improvements across the 3 lines of defence – linked to all the above bullets.    Given all 3 lines of defence will be using the same data set (ie same risk and controls) this will remove duplication of effort and workflow makes collaboration a lot easier.   With proper planning these features can boost the % numbers listed above by upwards of 10%.
• Employee satisfaction - 50% + improvement in employee satisfaction with risk systems and processes through use of a modern system with a single source of truth and timely insightful reporting.   This can help with staff recruitment and retention.
• Decommissioning benefits - Realise a cost saving by decommissioning existing risk-related software.   The value of this will vary depending on the number of systems you have.
• External audit improvements – 20% + improvement in external audit experience (whether financial audit or compliance audits) as data is available easily to demonstrate compliance meaning auditors spend less time asking business to provide data for control testing.   There is also the potential to reduce external audit fees.  Auditors should have to do less substantive testing given the strong risk and control environment.    

In conclusion, I hope I have demonstrated that technology enabled risk management transformations can have tangible benefits.   The key is taking the time to understand your current process and how the new process can improve this position.   This will allow you to define SMART benefits and then be easily able to demonstrate the value the investment has driven.