It’s hard, if not impossible, for risk functions to share risk insight and adopt clearer, more-comprehensive views on risk when each risk function is categorizing risks in its own individual way, leveraging stand-alone technology, drawing on different data sources, building its own analytics, and defining its own metrics. Yet, at the majority of organizations, that is the norm.
Data and technology vary by risk function and are typically disconnected from the broader IT strategy and from other risk functions. Just half (51%) of organizations in our study say they have the right data today to manage risk.
“Our single enterprise system, in combination with our common risk taxonomy and other foundational elements, provides a good base for greater collaboration. Enterprise risk management, compliance, vendor risk management and other second line teams rely on the technology and internal audit uses insights from it to support audit plan development. Drawing data and insight from a common foundation is extremely helpful to us in connecting the dots across our activities.”
Tricia Bartylla, Vice President and Chief Audit Executive, Target Corporation
Consider these steps to make more powerful risk insight possible.
A common risk taxonomy is the dictionary that helps everyone think about, prioritize and communicate risks in the same way as one another.
You can use key risk indicators to monitor enterprise risks, but if all functions don’t use the same language – or risk taxonomy – it’s very challenging to align on risks, insight and issues.
Risk functions use many different tools and technologies, and it is time-consuming and inefficient to consolidate risk insight and reporting if risk functions do not connect into a single platform. Technology investments can be difficult for any one risk function to swallow, but when functions consolidate their business case for investment, the value proposition gets much stronger.
Our single GRC platform will help us get to a single source of truth that can be leveraged by the board, senior executives and other stakeholders as they make business risk decisions.
More than ever before, there exists an abundance of data both inside and outside organizations from which to draw more-intelligent risk insight. Now is the time to collaborate across risk functions with a view to determine how that volume of data can best be used by all lines. Risk functions should embed themselves in their organization’s enterprisewide data strategies and data asset development efforts to make their collective data and functional requirements known.
Partner and Primary Author of the Global Risk Study, Risk and Regulatory Practice, PwC US