Heading Off Risks With Predictive Risk Intelligence

Across industries, stakeholders expect risk monitoring to provide intelligence that supports strategic decision-making. Predictive risk intelligence could help solve many of the more complex challenges.

Boards, shareholders, regulators, customers, and business partners increasingly expect organizations to provide a view into what could go wrong in the future and a real-time view of issues they currently face — not just insights on what went wrong in the past. Moreover, they demand organizations demonstrate that they can execute quickly on risk-management decisions.

Organizations can get an early warning system on emerging risks, potential loss and risk exposures, and external threats by using predictive risk intelligence (PRI). With PRI, organizations can enhance their ability to detect and monitor risks and make more informed decisions faster.

Advances in PRI are increasingly recognized as cornerstones to effective risk-monitoring programs. Respondents to the Deloitte and Forbes Insight Survey reported that risk-management programs help them increase operational resiliency; realize the value of new technologies; improve cost effectiveness and accelerate time to market, among other benefits. That only half of survey respondents acknowledged that they leverage comprehensive risk analytics to make strategic business decisions suggests a need for a more holistic risk-monitoring methodology.

Risk-monitoring Strategies

Risk monitoring occurs throughout the risk-management lifecycle and can be broken down into three categories:

Reactive Risk Monitoring —The initial monitoring mechanism through which the organization tracks and reports loss events after they happen. Process owners may report these incidents as losses occurring during the normal course of business or discover incidents such as fraud during an audit or the assessment of a particular business process. The ability to respond post-event with a remediation plan is central to this technique.

Integrated Risk Monitoring — A discipline, process, or initiative that an organization has assimilated with overall business strategy. It’s the next stage of monitoring that employs indicators of risk, performance, compliance, and control to report on risk-performance thresholds. The primary emphasis of integrated risk monitoring is the timely reporting of risks given identified assessment criteria, the status of established benchmarks, and interpretation of risks deviating from performance standards such as organizational risk appetite.

Predictive Risk Monitoring — A technique that helps organizations discover potential risks and threats, including types of risk that are not covered by existing risk indicators. Predictive risk monitoring applies analytics to current and historical information from internal and external data sources to identify emerging risks that have a short cycle time before actual impact.

How PRI Works

PRI can help turn risk, controls, and performance information into insights, preparing organizations for a more refined understanding of emerging risks. Such a capability also can help shift risk reporting from a periodic basis to real-time. Typically, the PRI process would include the following steps:

• Defining PRI scope: Management and risk governance teams identify prioritized risk events to better monitor on a continual basis.
• Identifying precursors of risk events: Each risk identified within scope is analyzed to identify indicators or incidents that precede risk events and provide a reliable indication of the occurrence of an event. For example, a failure in product quality may result from an internal process failure or a supplier failure.
• Determining data sources: Each risk event precursor is prioritized and mapped to internal and external data sources, which can supply the data required for analysis and predictive modeling (see chart below for examples of data sources).
• Developing static and self-learning predictive algorithms: Via an analysis of internal and external precursor information, a predictive analytics algorithm is selected for fit and applied to predict or detect the heightened occurrence and likelihood of a risk event. Data mining and machine learning capabilities allow these models to evolve with ongoing improvements in accuracy.
• Initiating PRI generation: Risk governance functions start collecting the baseline data for each risk category and apply risk predictive algorithms to generate emerging risk alerts and notifications. The results are continuously evaluated to determine the models’ success rate and enhance the accuracy of outcomes. Formal reports are generated to describe the emerging risk environment for C-suite and board decision-making.

Applying technology across the PRI lifecycle generates faster and more reliable risk information, while also creating an effective risk-monitoring process. One example of how technology is applied to PRI is within data collection, where robotic process automation (RPA) might be applied to collect data on a real-time basis. With more data collected over time, risk analysis techniques such as regression and event tree analysis improve in accuracy.

Another example is within data standardization and aggregation, where RPA and cognitive intelligence are employed to assimilate, cleanse, standardize, and aggregate various formats and types of data. And in predictive risk modelling and analysis, big data predictive analytics and algorithms are executed by artificial intelligence and machine learning to put the collected data and models developed to work. Based on the risks identified, analytical models interpret outcomes and confirm model parameters to generate PRI.

In addition, PRI could potentially help to solve complex challenges across industries. For example, PRI concepts can be applied to automotive, retail and distribution, and technology companies to provide actionable risk information on critical infrastructure components and products, thereby helping to mitigate industrial technology and operational failures.

Within the financial services industry, where improving conduct is a priority, PRI could provide intelligence on changes in employee behaviors indicative of potential conduct lapses, changes in employee sentiment, and policy breaches that indicate potential conduct and compliance risks, such as insider trading.

In the life sciences industry, where entities interact with hundreds of third parties while also meeting strict regulatory requirements, PRI could use external data sources such as news, government publications, and publicized incident reports to provide visibility into third-party operations that often lack transparency.

Industry-wide Benefits of Predictive Risk Intelligence

Across all industries, stakeholders expect risk monitoring to provide intelligence that supports strategic decision-making such as investment in products and technologies, new business models, and the development of advanced risk strategies.

Using predictive risk intelligence, organizations can develop a refined understanding of emerging risks to enhance their ability to avoid situations where high-risk individuals are concerned, understand the geopolitical climate and countries with a high perception of corruption, and improve techniques for holding business accountable for involving both internal and external relationships in the risk-monitoring process.


Article originally published on wsj.com

Top ORC Cases

North Haven Man Pleads Guilty in U.S. Court to Role in Large-Scale $5.9M Fencing Operation

Worchester, MA: Man held on ID theft charges worked at store tied to $3.6M food stamp fraud

Detroit, MI: Store Owner Pleads Guilty To $2M Food Fraud

Houston, TX: Thieves smash display cases, make off with $2M in jewelry