Most ERM and GRC vendor offerings currently fail to enable the power and value of applying risk management principles to business decision making. If risk management is about making better decisions, then we need to reset the perspective of what qualifies as a risk management vendor resource.
The Challenge of Embedding Risk Management in Decision Processes
Updates to the COSO ERM and ISO 31000 standards emphasize the need to address risks in the context of organizational objectives and decisions. While the talking points among risk management professionals have progressed, the practical application to business decisions throughout an enterprise is still a significant challenge. Some of the hurdles include:
- The perception of risk management as a standalone function or process.
- Building an executive-led, risk-aware organizational culture.
- The need to clarify risk management responsibilities across an enterprise.
- A market filled with risk management vendors that emphasize risk registers, insurance portfolio management, and regulatory compliance.
Risk management still suffers from the belief it is a time-consuming add-on activity that is just a gating decision control. A reeducation effort is necessary to present risk management as a decision enabler that can raise and optimize organizational value.
The Requirements for a Risk-Informed Decision-Making Process
Integrating risk management and decision making is about (1) people using (2) decision-making processes ingrained with risk management principles and (3) the best information available while leveraging (4) technology to accelerate and optimize decisions and their outcomes.
Some of the relevant risk management principles that apply include assessing and addressing the options, tradeoffs, and uncertainties associated with decisions in the pursuit of business objectives. You can find further details in this post on ten steps of an effective risk-informed decision-making process.
In this context, risk-aware decisions require a system of people, process, information, and technology resources guided by a risk management framework.
As enterprises establish this framework within their organization, it is impossible to build all the resources necessary to identify, assess, and address the range of risk sources they face over time to fully inform decisions. External vendors can fill resource gaps, enhance decision processes, and add risk expertise.
How Vendors Can Support this Process and Fill Resource Needs
Risk registers, insurance products, and regulatory compliance solutions play a role in supporting decisions, but the practical integration of risk management and decision-making processes across an organization demands a broader spectrum of vendor capabilities beyond those of today’s ERM, GRC, or RMIS solution providers.
Consultants support organizational change, redefine roles and responsibilities, and help implement new processes. Risk experts help identify, assess, and offer advice on how to address specific risk sources and events.
A wide variety of software vendors enable technology solutions that
- manage and analyze past risk information,
- monitor and identify real-time risk conditions, and
- predict future risk events and consequences.
Advanced technology and developments in machine learning are extending predictive analytics using vast information sources to now prescribe optimal business decisions. This raises the demand for big data information sources needed to train deep learning models. Risk information and databases are a critical component for building risk-informed decision systems.
Businesses make decisions under dynamic conditions. Changing variables may demand course corrections at any time. This means risk management in support of decisions must continually assess past, present, and future information. The great news is that the convergence of risk management concepts with information technology innovation now has the potential to significantly enhance business decision-making proficiency in dynamic business environments.
The collection of service, software, and information product vendors in today’s market presents what can be a confusing array of offerings to assess when considering risk management resource needs. Some ERM providers, like our fellow GlobalRisk Community member Steven Minsky, strive to address as much of the risk management process and system requirements as possible, but no single solution can address all the functionality and people, process, technology, and information resources needed to integrate risk management considerations with decision making.
A Taxonomy to Classify Vendors that Support Risk-Informed Decisions
Intelligent Management Trends takes a fresh look at the vendor marketplace in the context of enabling risk-informed business decision making. A newly released report, “Risk Management Resources Market Taxonomy, Trends, and Vendor Classification,” translates industry risk management standards into enterprise resource requirements and tackles the challenges of connecting these resource needs to marketplace vendors.
The report identifies the core factors, segments, and vendors that constitute the risk management market from the perspective of optimizing business decisions and offers a holistic categorization of services, software, and information resource offerings that support risk management systems.
The objectives of this research and industry taxonomy include:
- Facilitating vendor-enterprise dialogue by clarifying vendor capabilities in the context of specific risk management resource needs.
- Offering risk management service, software, and information vendors a market-wide perspective to consider their own value positioning, portfolio development, partnership, and acquisition strategies.
- Providing enterprises a classification taxonomy to help decipher how external vendor offerings can provide, supplement, or enhance their risk management system resources.
The report includes market drivers, trends, and extensive vendor examples to substantiate each market segmentation category and definition.
Receive a Free Report Copy in Exchange for Your Feedback
GlobalRisk Community members are invited to receive a complimentary copy of the IMT report, “Risk Management Resources Market Taxonomy, Trends, and Vendor Classification,” in exchange for your suggestions and feedback with points of agreement and disagreement. A limited number of free copies (15) are available, so click this link now to request your copy.
For a more detailed description of the report, including the table of contents and a list of figures, click the following link:
All feedback and advice will be graciously accepted.