FutureRisk: Taking a Connected Risk Approach With EY

“Scott McCowan: The connected risk approach — we call it the wheel, which I think makes a lot of sense — really stems from four main quadrants around risk taxonomy, risk assessment, coordinated response, and then risk insights or risk reporting. It’s trying to elevate the concept of integrated risk management and the imperative of having a very clear and concise message around those emerging risks. We had done the Global Board Risk Survey back in 2021 where we surveyed boards of directors and executives, and found that only 20% felt that, they had a good handle on their risk. So, there is a huge imperative to really put risk management on its head and think about it differently — how do you infuse technology and coordination amongst these siloed organizations with a connected risk approach.”

“Megan Duggan: It’s a wheel, it’s continuous, but we like to say to start with the risk ecosystem and integrated taxonomy. Who are the players and what are the risks that we’re facing as an organization? We start with that risk taxonomy to really say, here’s our landscape of risk and here’s the detail behind it so that it’s not just at the macro level — the old school ERM level where you’ve got ten risks that you’re managing. You’re really getting down to that detailed level so that you can identify the indicators of risk and you can coordinate your response and provide your insights so that everybody understands what you’re talking about — we’re all speaking the same language.”

“Megan Duggan: It really starts with identifying the players and being proactive about it. The reason we started down this connected risk approach is because too often organizations are operating in silos. You’ve got folks out in various areas of the business attacking risk in different ways or not attacking risks in different ways. They’re doing it in a way that’s redundant or duplicative — or perhaps you have gaps.”

“Scott McCowan: When you think about being a strategic advisor, whether you’re in internal audit or you’re sitting within the second line, the business needs to feel that they’re getting value from you. Trying to figure out how you quite literally get that seat at the table for those risk management committee discussions or the strategic directional conversations for the company is critical. You want to be in front of the emerging risks as you had mentioned.”

“Scott McCowan: Right, and some of that is just focusing on the second part of our quadrant, which is the risk assessment process. We’ve spent a lot of time within the past year really doubling down on what it means to have an effective risk assessment approach.”

“Megan Duggan: It’s my narrative these days! There’s been a huge push for data over the past 15 years. Regardless of where you sit in the organization, you are probably focused on developing data analytics. But what does that actually mean? A lot of times what it means is developing point solutions to go after a particular hypothesis. It’s that risk then data or data then risk conundrum. I have an idea, I think there’s a risk here. I’m going to go seek the data that validates this risk hypothesis. Then, what happens? It goes in a drawer, it doesn’t get used again. We see that a lot, for example, in internal audit where they develop an analytic for a specific audit and then it doesn’t get used again.”

“Scott McCowan: I was reflecting on being at this conference last year and all of the ships that were stuck outside of LA here because of all of the supply chain issues. One is the importance of supply chain not only on our US business, but as we fit into the global economy and all the pressures from China, what that may mean for the production of those products and goods. We’re really trying to look at the concept of supply chain risk management differently and what is the risk manager’s obligation in that equation. In a particular example. It’s the availability of those goods and the reliability of those suppliers. We’ve been working on a solution that helps us with that tiered mapping of suppliers, customers, alliances, to identify where your weaknesses are within that particular supply chain and tie that back to product risk and not just overall risk.”

“Megan Duggan: I’m going to take your future risk question and talk about future opportunity. We talk a lot about digitization and technology introducing risk to an organization. What we’re trying to help organizations with is capitalizing on that technology opportunity especially in risk management and how we use data and technology to streamline our processes, be more efficient, and take a platform approach to risk management. So, I think that’s an area that really we’re starting to get a lot of momentum and help organizations with preparing for digitization of risk management and harnessing the value of it pretty immediately.”