Lastest news

Achieve integrated governance and risk compliance

May 25, 2018
Key factors impacting risk and compliance executives include the need and expectation of real benefits from digital technologies, such as big data, artificial intelligence (AI) and machine learning, as well as distributed ledger technology (blockchain) to bring measurable increases in efficiency to risk management operation,according to a Thomson Reuters report entitled Achieving Integrated Governance Risk and Compliance (GRC) in an Interconnected Digital Age.

Firms also face challenges in moving toward the future. At a fundamental level, the report indicates that risk operations have difficulty developing agile capabilities and continue to be hampered by inflexible technology.

Other key findings of the survey include a strategic wish-list of requirements for a fit-for-purpose, integrated risk ecosystem. These requirements fall into five key areas:
  • Information and data congruence: applications employed to capture and report information for various risk assessments and controls management activities, such as risk control self-assessments (RCSAs), key risk indicators (KRIs), risk appetite parameters and loss events. These should be connected, aligned and congruent with a firm's taxonomy and framework;
  • Adaptability: flexible, business-user centric capabilities to respond to evolving requirements, without the need for protracted cycles of IT development, coding and testing;
  • Rich visualisation, usability and collaboration: next-generation platforms should possess the ability to quickly analyse, chart and exchange operational and risk-related insights based on modern and intuitive user interfaces;
  • Dynamic, event-centric and timely: ability to support multiple modes of operation, including triggering by events and operating in near-real time to monitor and report on the state of affairs in a firm’s risk profile in a dynamic manner; and
  • Open and seamless co-existence: platform should be open and extensible enough to connect and co-exist with other non-risk IT applications (HR, sales, security) using modular, flexible interfacing mechanisms. 
"There is no denying that risk and compliance professionals are calling for a personalised, integrated risk ecosystem. Our research found that there remain many gaps in risk visibility as organisations rely on fragmented data, processes and tools to inform risk decision making. Without effective risk management in place, it is challenging to effectively contrast risk with reward across divisions within a global organisation," said Gareth Evans, Managing Director, Enterprise Risk Management at Thomson Reuters. "The industry challenge and opportunity is to help ensure that risk and compliance professionals are better equipped with advanced technology to support an integrated solution designed to bring measurable increases in efficiency to risk management operations.

"As regulatory scrutiny and cost pressures intensify, risk and compliance professionals will need to adapt quickly to advanced technology that could adversely impact their overall business models," said Cubillas Ding, Research Director at Celent, the company tasked with conducting the research. "A next-generation risk infrastructure should therefore be modular and agile, where data and information are congruent across different risk activities with strong reporting capabilities."

For a close look at the story behind the report and its results, watch this video.

Source: Thomson Reuters.