Meet the new standard in risk management

By and Sandeep Suresh | 3 minute read | June 28, 2021

Umbrella of security

Legacy assessment based third-party risk management (TPRM) practices have struggled for years to keep pace with business needs. During the COVID-19 crisis, these shortcomings became even more acute. Companies faced additional unanticipated challenges involving the rapid onboarding of new service providers, without a way to access a current view into the associated risks.

In a rapidly changing risk landscape, the data collected in periodic assessments quickly becomes stale. Today, effective risk mitigation requires continuous monitoring to provide a current, near real-time view of risk exposure. The new standard in risk management requires always-on, continuous monitoring capabilities of a full stack of risk domains, fully integrated into a company’s governance, risk and compliance (GRC) platform.

Achieve continuous compliance and resiliency

In the aftermath of COVID, improving business resilience is the top priority. The challenge lies in managing the tremendous volume of continuous risk data cost-effectively and time-efficiently to generate the actionable risk intelligence required for effective risk mitigation.

Successful risk mitigation is not simply about knowing the risks — it is about taking action. A Risk Operations Center (ROC) approach is a leading-edge risk management practice that enables businesses to achieve their resiliency and business disruption avoidance goals through appropriate and timely risk mitigation action.

The ROC is an ongoing and proactive approach to risk that is flexibly staffed up or down as the risk environment requires. Not established as a reaction to a current crisis, it is always-on, continuously monitoring, planning, and ready to manage rapidly evolving risk events or risk trends.

The ROC contains the following components:

  • Listening Post: Uses AI and automation to continuously collect real-time intelligence.
  • Workflow Management Tool: Routes relevant risk intelligence to the appropriate action and resources.
  • Risk Response: Powered by automation and a human team, assesses the intelligence for relevance and triggers internal and external actions, both automated and human.

Introducing IBM OpenPages with Watson and Supply Wisdom®

Working together with IBM OpenPages and Supply Wisdom, organizations can have a comprehensive view into their external risk environment with automated continuous risk monitoring and near real-time risk intelligence.

Using the ROC methodology, Supply Wisdom functions as the Listening Post. Using AI and automation, Supply Wisdom identifies potential risk events and collects, validates and analyzes risk data with the potential to disrupt business operations. In addition to AI and automation, Supply Wisdom leverages human curation to ensure no noise in their risk intelligence. Supply Wisdom’s continuous monitoring provides near real-time risk metrics, risk ratings, risk reports, risk event alerts and risk actions on the monitored entities.

From there, Supply Wisdom’s continuous risk intelligence feeds into the OpenPages Third Party Risk Management solution, initiating an integrated view of risk across a full stack of risk domains. The feed brings in a comprehensive view of risk across a broad set of risk domains, enabling quarterly trend analysis by composite rating and individual domain ratings. Supply Wisdom’s full-stack risk domain coverage includes Financial, Cyber, Operations, ESG (Environmental, Social & Governance), Compliance, Nth party and Location risks.

The OpenPages workflow management functionality incorporates the organization’s risk appetite, tolerances, thresholds, and scores to determine the appropriate risk mitigation actions for each risk event finding and alert forwarded by Supply Wisdom. Data science and automation help to drive the corresponding risk actions.

Risk Response is the third component in the ROC process that handles the risk mitigation efforts needed for the most critical risk events. Risk professionals can appropriately evaluate and escalate risk intelligence and findings to apply mitigation strategies, if necessary, to align risk exposure with accepted risk appetite. As automation can be used to address most risk findings, human risk resources are engaged to focus on only the most critical risk mitigation actions. Any risk findings are captured in OpenPages issue management functionality to track resolution of identified risks. Supply Wisdom automatically recognizes the mitigations and reflects that in its risk ratings.

By leveraging tools such as robotic process automation (RPA), machine learning and AI, Supply Wisdom helps with data collection and validation, sentiment analysis and impact analysis to determine the potential risk impact to the organization. Using these tools, human resources are freed from spending countless hours gathering and validating data, allowing them to save time on risk identification, while ensuring zero false positives.

A Risk Operations Center built around Supply Wisdom’s continuous risk monitoring and near real-time risk intelligence and IBM OpenPages workflow capabilities ensures minimal human intervention for risk identification and analysis, enabling an organization to focus their efforts on only the most critical risk mitigation efforts.