In today’s fast-paced world, we’re bombarded with articles extolling the virtues of AI and technology. From our smartphones to the evening news, the promise of revolutionising work processes is everywhere. But what about organisations still relying on manual or highly manual procedures? How can they transition to predictive risk management without feeling overwhelmed.
Embarking on the journey towards using data, automation and AI to enable predicative risk management, and hopefully avoiding those disruptive and costly incidents, need not be daunting. In this blog I am going to outline a couple of my tips on how to start out on this journey.
- Start with a clear roadmap: Start at the end and work out what outcome (s) you are looking for. These should be customer centric outcomes and once you have captured them you can prioritise and start building a roadmap. For example: you might have the regulator on your case so need to get a central risk register; or you may have conduct issues where staff continually are breaching cyber policies so you need a better way to manage, communicate and confirm staff understand policies; or you might be spending a fortune on controls testing and still experiencing incidents so you need continuous controls monitoring. Every organisation has different priorities so invest time in this critical planning phase.
- Embrace Agile Development. Agile software development should be familiar to everyone by now. If done properly it will help ensure what is built aligns with your needs and benefits are delivered.
- Sprints should be short with continual user involvement - break down your journey into manageable chunks. During the sprint users should be doing inflight testing and end of sprint acceptance testing to confirm requirements are met.
- Deliver incremental benefits - The sprints should be delivering the outcomes outlined on your roadmap. Benefits should be delivered regularly and not months after a project deliverable is competed. For example:
- A policy workflow (including exceptions and acknowledgements) should take a matter of weeks to design, build, test and implement; or
- If you are doing continuous controls monitoring, select a sample number of controls and get them implemented over a few weeks so everyone can see the benefits and you can adapt your approach before a larger roll out.
- Assemble the right team for transformation. The importance of having the right people driving risk, resilience, and compliance initiatives cannot be overstated. While this tip may seem obvious, organisations often stumble here. If you’re committed to transforming your risk management practices, do it thoroughly—because half measures won’t suffice and you will fail.
Whoever is going to own and drive this needs the time, money and experience to make it happen. This includes experience in risk management but more importantly the drive and leadership skills to navigate organisational hierarchies and get stuff done.
- Secure senior management support. Regularly update senior management on progress. Timely communication ensures that risks and issues are addressed promptly. Replace lengthy governance reports with a concise, system-driven dashboard. Highlight progress, costs, benefits, and areas needing support. Clarity trumps complexity and means those on governance forums can see the ‘wood from the trees’ and provide the required support
- Take stakeholders on the journey with you. This is key. Regularly engage the impacted stakeholder community by showing them the product, getting their feedback and training them. Don’t leave it to the end. This will ensure that when it goes live, users adopt it and you release all the awesome benefits available.
Predictive risk management need not be daunting. With a well-defined roadmap and an agile mindset, organisations can harness data, automation, workflow, and AI to proactively manage risks. Remember, success lies in assembling the right team, securing support, and taking stakeholders on the journey. If you’d like to delve deeper or discuss what a roadmap could look like for you, feel free to reach out.
Stay tuned for more insights in our upcoming blogs where I will discuss the benefits you should be delivering from a risk transformation and a deeper dive into what an IRM roadmap could look like.