Unified Enterprise Risk Management Is Absolutely Achievable

Clients: Fusion Risk Management and Salesforce (Lightning Platform).

First Published on TabbForum, April 24, 2019


By leveraging automated workflows, collaboration, and artificial intelligence via a modern operational risk platform, firms can transition from a reactive program to a proactive one of prediction and prevention. But enterprise risk is full of organizational silos that respond to disparate business functions and technology teams operating throughout the organization. The next step is to scale up by connecting internal and external risk functions into a unified enterprise-wide risk management program.

Transition from Reactive to Proactive Risk Management

Previously, on “Operational Risk Management is Exciting!” Bobby’s and his elementary school classmates’ jaws dropped when Bobby’s mom introduced herself as an Operational Risk Manager. They were wowed by her role as a Guardian of the Corporate Reputation, her team’s use of artificial intelligence to help stop bad things before they happen, and her working relationship with special government agents. Meanwhile, Bobby’s mom and her team were enjoying the fruits of their transition from maintaining lists in spreadsheets to leveraging automated workflows, collaboration, and artificial intelligence via a modern operational risk platform.

I titled the operational risk team’s transition as “Functionality +” because they were able to retain what already worked: sophisticated spreadsheets that were developed by the two top project managers on the team. Using a process of “low-code” development, they were able to apply their intellectual capital directly to the job at hand without the bottleneck of prioritizing technology resources to program software on their behalf. Within that process, they were able to enhance their base solution to build a fully robust and defensible process. However, this was only for the business groups that they cover. What is the next step to enabling executives to better communicate and be better informed across the organization?

The Next Step: Unified Enterprise Risk Management

Enterprise risk is full of organizational silos that respond to disparate business functions and technology teams operating throughout the organization. Leveraging software such as Fusion Risk Management’s Fusion Framework System as an example, this post will describe how to scale-up from what we learned earlier, connecting internal and external risk functions into a unified enterprise wide risk management program. We will also keep consistent with our “don’t do things twice” theme.

Business impact management, business continuity preparation, IT disaster recovery planning, incident management, operational risk management, crisis response, third-party risk, and cyber risk are just a few of the risk functions that are scattered (read: siloed) throughout the enterprise. However, regulators, investors, customers, and news outlets don’t care who is at fault and which group should have been prepared.

Case in point comes in the April 2 Financial Institution Letter from the Federal Deposit Insurance Corporation (FDIC): “When services are outsourced, a financial institution's board of directors and senior management are responsible for managing the risks posed by those services as if they were performed within the institution (emphasis added).”

Consider the implications of that statement when a variety of services from one provider is pervasive throughout your organization. A business continuity preparation test by one group might identify a “medium” risk but not report it as a third-party source. Then, another group identifies a similar risk, but it doesn’t really care if it is a third-party issue. If it turns out that these smaller events are symptoms of a larger problem, was it the third-party risk team’s or the service provider’s responsibility? As far as the FDIC is concerned, the financial institution's board of directors and senior management are responsible.

An enterprise unified risk management platform is critical to your job, and that next step is described below.

Re-Use and Make Better

In the last post, I used the Salesforce Lightning Platform to show how to turn the important parts of spreadsheets into objects and then how to build upon those objects to support and enable the proactive capabilities that regulators expect you to have. In line with my “don’t do things twice” mantra, the Fusion Risk Framework System enables your teams to literally build off those objects because the foundation is the same platform. In terms of reaching a unified risk management program, you are almost there.

Leverage Collective Intelligence and the Wisdom of the Crowd

Often, teams that have been together too long without much dialogue with their peers at other institutions will find their perspectives limited to internal experiences that can be weighed down by detail. This results in a perception that the problems you have are unique and require unique solutions. But are you really that special when your peer organizations have comparable business models, the same regulators, and similar politics and cost constraints?

The risk framework identified above provides integration with solutions that are the result of best-in-class deployments across industries and encapsulates the collective intelligence and wisdom of a broader community than you would be able to get internally. With most of the work done, the subject matter experts from each group can focus on the aspects of your organization that make it truly unique.

Resiliency Through Community

Risk is not real until it becomes a problem, and it is at that point when your capacity to recover quickly is tested. This is an important acknowledgement because with all the great work done to predict and mitigate risk, headlines are only made when stuff hits the fan and that is when your resiliency is tested. The Fusion Framework System brings in the concept of “community” that includes third-party providers, correspondent banking partners, traders, sales people, technology teams, financial advisors, executives, or, in general, your entire base of employees and their external partners.

Through Fusion Risk Management’s Community Connector, your entire organization can be engaged in a secure and personalized way, whether it be disaster recovery testing (e.g., “Yes, I can access my applications on my phone after the primary failure.”) or alerting the entire corporate community of live emergency events with instructions. It is critical to your success to receive input from and share vital information with a wide array of users. This is an important capability because silos are eliminated.

In summary, there is a clear path by which your organization can suffice the heightened expectations of regulators, investors, and customers. The technology is there, exemplified by a number of best-of-class deployments. A unified enterprise risk management platform is absolutely achievable. You can evolve from a reactive program to a proactive and highly resilient one.

For more information on the Fusion Risk Management’s Fusion Framework System, please see here.