- Strategy & Partners
- News & Views
- My IIRSM
Driving a holistic view to manage risk internationally
Effective risk management is a cornerstone of any well-run and successful organisation. The stakes couldn’t be higher, be neither could the chances of failure. Complexity is everywhere – from onerous legislative and regulatory compliance requirements, to rapidly emerging disruptive technology systems, geopolitical uncertainty and economic volatility. To make matters worse, organisations operating internationally must tackle risk with the added headache of multiple jurisdictions to manage.
The holy grail here is a 360-degree integrated view of risk to help build the essential Three Lines of Defence for quicker, lower cost and more accurate decision-making. But it’s not all about technology – people, culture and processes matter just as much.
Five key challenges
Risk management has come a long way over the past two decades or so. It has evolved from a process built around handling governance risk and compliance to something far more wide-ranging and integrated. However, as duties become spread out across the organisation, there's a risk that siloes emerge – leading to gaps or unnecessary duplication of effort. Close coordination is therefore required, and risk professionals are increasingly looking to implement best practice in the form of the Three Lines of Defence model.
Those operating in multi-jurisdictional organisations, which is increasingly the case in our globalised 21st century economy, face five key challenges:
Understanding: what your requirements are across multiple territories. In the US alone there are 50 separate state-level jurisdictions to manage, each with their own set of laws, regulations and compliance requirements. You need to understand what your risks are across the entire portfolio.
Identifying: risks in a consistent manner. Or do you decide not to go for consistency and instead choose to focus on local legislation only? Both bring their own challenges – but any decision you make must be business-led.
Targeting: what needs to be done in terms of risk areas. How much money do you need to spend and where must this expenditure be focused?
Culture: leaders must foster a culture in which they can create accurate risk perceptions, generate confidence, and consult, collaborate and co-work to improve risk management.
Disparate technologies: these don’t always work in harmony with each other, creating possible extra cost and complexity if not managed correctly.
Integration is key
Technology certainly lies at the heart of the solution for organisations. The goal is to generate a single, integrated view of their risk profile. Internet of Things (IoT) systems can help here, by collecting and continuously analysing data to generate valuable real-time insight for risk managers. However, when the picture is more complicated and efforts are spread across multiple jurisdictions, organisations will need multiple platforms, all feeding into a single unified solution able to overcome barriers like geography, language and lack of interoperability between applications and hand-held/smart building devices.
The IoT is changing much about the world we live in and integrated risk management is no exception: it enables Ark to operationalise our asset management systems to see what is working, how things work together and how we put these things to work so that we have 360° situational awareness and context. If our management system has additional assets such as a new building, the applications can be updated and devices that have been used to identify risk can be consumed together with the current risk response.
However, while tech is important, it’s not the only criteria for success. Organisations must also have the right culture, procedures and processes in place. The term may have been overused to the point of cliché, but when it comes to international risk management, the key to unlocking value really is by driving a holistic approach.
Thank you to our partners, Ark Workplace Risk, for providing this article.