Balancing automated and human risk management

By Dominic Ellis

January 04, 2021

undefined mins

Should risk management be fully automated to drive efficiencies up and costs down, or include human elements to ensure optimisation and best practice...

Assessing VC risk

Technology’s ever-encroaching reach knows no boundaries and in the realm of risk management, automation is not only being used for repetitive, mundane tasks but also narrative reporting and broadening data contexts.

Data analytics can form a single and authoritative ‘point of truth’, as opposed to hundreds of differing perspectives, and be used to more accurately predict risk in-situ, as well as give full-spectrum applications throughout an organisation. AI, in particular, looks set to transform corporate accounting and could account for 30% of audits by 2025.

By then, half of global midmarket and large enterprises will depend on risk management solutions to aggregate digital risks in their business ecosystems, up from 10% in 2018, according to advisory and accounting firm Richey May.

According to research conducted by Dorian Proksch, et al, in ‘Risk management in the venture capital industry’, venture capital (VC) firms are exposed to five variants of risk:

Agency - arising from conflicts of interest between the investor and the company or individual being invested in.
Financial - these are standard business risks associated with bankruptcy, poor liquidity or a lack of available ‘exits’.
Market - competitivity, customer receptivity and the availability of marketing opportunities.
Human - not just failure to perform essential tasks correctly, but also financial planning, managerial experience of the company being invested in, and a guidance of a larger vision from the VC firm.
Failure - a combination of the preceding four categories and their overall impact on direction.

Given the abundance of risk factors in modern VC activities, a question arises: is it better to utilise cutting-edge data analytics and automation technology to remove and redeploy the human workforce, or is a more nuanced approach preferable?

Automated or semi-automated risk?

Automation negates slower, less efficient and often more costly manual processes, cuts back on staff training costs and potentially frees up staff’s time to pursue more creative, value-added tasks. KPMG says robotic process automation can reduce costs for financial services firms by up to 75%.

Moreover, given the “drumbeat of regulations”, the global nature of business and investors’ growing emphasis on transparency – not to mention the COVID-19 pandemic, which dramatically highlighted the nature of unforeseen risks – the possibilities for improving risk management abound, according to Oracle.

This year saw digital efficiencies soar as the world worked from home though risks amplified too; a recent Deloitte poll found respondents expect their top internal controls program challenges to include staffing changes and the virtual work environment (26.9%) and third-party risks (22.2%) in the next six months.

Only 5.8% of respondents reported a decrease in the size and frequency of risks that their organisations' internal controls programs faced during the past year, and only 22.1% said their organisations leveraged advanced technologies, according to the same poll, suggesting traditional risk assessments remain in place.

"As organisations sprint to digitally transform nearly all aspects of their businesses to manage disruption, internal controls programs should not be left out of modernization efforts," said Stuart Rubin, a Deloitte Risk & Financial Advisory managing director and controls advisory leader, Deloitte & Touche LLP.

"Advanced technologies can help shift internal controls programs away from a lookback-focus to a near real-time dashboarding and visualization approach that's both packed with insights and sustainable, thanks to automation-based design and cutting-edge capabilities like AI and advanced analytics."

Remote or onsite, organisations depend on people to oversee optimisation, drive best practice, develop collaborations and spark innovations. It’s been a year when we’ve all been reminded of the convenient power of technology, though it isn’t without its challenges, as the concerns over cybersecurity illustrate.

Striking a balance

As with much of the corporate COVID world, it is clear we have reached a crossroads, reports Deloitte in The future of risk in financial services. Financial institutions need to decide if they will continue with business as usual or instead fundamentally rethink their approach to risk management, it states.

“Institutions should examine how they can employ digital technologies – such as robotics process automation, cognitive analytics, advanced analytics, and big data – to automate repetitive manual tasks, provide decision support, and improve the ability to proactively identify and manage risks,” it notes.

McKinsey identified six trends shaping the risk function (see box), in a paper entitled The future of bank risk management, two of which focused on human-machine interactions. Highlighting the importance of refreshing the talent pool, it states: “Data scientists with advanced mathematical and statistical knowledge are needed to collaborate across the bank in the conversion of data insights into business actions.”

It also advises building a strong risk-management culture where the detection, assessment and mitigation of risk must become part of the daily job of all bank employees and not only those in risk functions.

Deloitte agrees firms need an active program to infuse a risk aware culture in the organisation, encourage ethical behaviour by their employees, and monitor and manage conduct risk. Institutions should ensure they have sufficient specialists with subject matter expertise on high-risk and complex activities and provide adequate training to continually upgrade skills, it adds.

PwC highlights five key ways organisations are embracing automation – and ‘risk and compliance analytics’ is among them. It believes organisations need to evaluate their situation and available automation capabilities to find the right mix of applications and automation that fits their needs.

KPMG suspects we may have reached a tipping point, thanks to enhanced AI, cognitive automation and better-designed ‘bots – though if you think staff payrolls can be costly, consider the sums of redesigning entire corporate processes.

“We worked with a large investment bank that recently spent over $100m to implement work flow tools allowing it to reengineer processes,” it stated. “That’s a huge investment in technology and it can be a difficult pill for senior management or shareholders to swallow.”

It seems firms will need to strike a balance between automation and human relations for some time to come.

EU publishes DORA IT risks

In October, the European Union (EU) published draft legislation to codify how financial firms manage digital risk. Announced as part of the EU’s new Digital Finance Strategy, the proposed Digital Operational Resilience Act (DORA) is designed to “consolidate and upgrade ICT risk requirements” across the financial entities to ensure all firms are “subject to a common set of standards to mitigate ICT risks.”

Six trends shaping risk function