The Risk Management Society (RIMS) annual conference just took place down the street from the riskmethods Boston office, and I was excited to get the chance to go with some of my colleagues to hear the latest on risk management—and also get to know more about the work of Zurich Insurance Group, one of our newest partners. Here are my 4 big takeaways from the sessions I attended and the conversations I heard around the watercooler.
If this one is surprising to you, you haven’t been paying attention. Here at riskmethods, we’ve been talking about it for a while, and the topic was definitely embraced by this year’s RIMS crowd. My favorite thoughts on this were actually contained in a presentation about emerging risk, but they went a long way to enumerate the ways that digital tech can mitigate risk—and, just as importantly, what you should demand from a digital risk management solution. These were a few of the highlights.
A digital risk management tool should source information from a broad, rich data set.
A digital risk management tool should give you the ability to automate your risk management processes.
A digital risk management tool should enable you to create dashboards that will identify trends and inform analysis.
…[T]here are known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know.
The famous Donald Rumsfeld quote from years ago still gets a lot of attention on the risk management scene. It may sound like a brain teaser, but the core of the quote is absolutely true, and hits at the heart of risk management. How does your organization handle the risks it knows it’s likely to encounter? Probably pretty well—or at least you have a plan. But what about the risk you don’t know you’re going to encounter? That’s a bit harder.
The key to effective risk management is making sure that you have processes in place for sussing out the risk you don’t yet know is on your horizon. There are always going to be unknown unknowns—but with an effective risk management strategy in place, you can reduce their number.
RIMS defines emerging risk as follows: “Those risks an organization has not yet recognized or those which are known to exist, but are not well understood.” Traits of emerging risk include: difficulty to communicate, uncertain relevance and difficulty to assign ownership, among others.
To do a better job at identifying emerging risk, you have to understand what potential threats might impact your business objectives, whether they’re the effect of regular market shifts (a change in customer buying behavior, for example) or extraordinary events (disasters, geopolitical events, etc.).
At the end of the day, though, the key to mastering emerging risks is simple: Data. Without useful data that will alert you to potential business threats, every emerging risk is simply going to go ignored until it is an actual risk.
I guess it shouldn’t be surprising that a building full of people who care about risk feel strongly that risk management creates value. But it’s not just about a feeling—there are actual hard facts to support this. According to a study from Ernst & Young (“Turn risks and opportunities into results”):
My takeaway from this is related to the effort that organizations decide to put behind risk management: Big steps are more effective than smaller steps. If you want to create value with your risk management program, make sure you’re executing it with the right people, processes and technology in place.
Thanks to RIMS for a great show—looking forward to next year!
