On 9 January 2007 Apple CEO Steve Jobs announced a revolution in communication. In front of the world’s technology media, he presented Apple’s three new breakthrough devices – an iPod, a mobile phone and a new internet communicator.
Three new devices.
For a moment he teased the crowd, repeating the names of the three – an iPod, a mobile phone, an internet communicator.
Then the reveal.
These weren’t three separate devices.
They were just one.
The iPhone.
Technology fans cheered as he presented a single solution that elegantly integrated what were previously three different activities – listening to music, speaking on the phone, and navigating the internet.
Steve Jobs understood that integration was the future. Not the clunky compromise combination of the early Windows phones, that tried to be several devices in one and failed to do anything well. Jobs knew that successful integration becomes more than the sum of the individual components.
Winning is so often about delivering an experience that’s so obviously the next step, yet feels like a massive leap forward. That experience often comes from bringing separate functions together into an elegant whole.
Integrated risk management in financial services
Risk management in financial services is often seen as a box-ticking exercise. Have we considered the impact of this? Have we quantified our exposure to that? Have the right managers attended the right courses recently?
Tick, tick, tick.
This is not integrated risk management. It’s tick box management, often backed by spreadsheet management (someone has to keep track of all these ticks and boxes).
Nor is integrated risk management a methodology, a fat document of principles, processes and procedures that delivers confidence through its size and weight. Contrary to the expectations of some, success in financial services is not measured by the thickness and aridity of the paperwork produced.
Challenger banks and fintech upstarts aren’t winning over new customers in droves with the beauty of their box ticking. They’re winning because they’ve learned how to easily integrate their product into the lives of consumers. And because, behind the scenes, they’ve embedded integrated risk management into their organisation and their culture.
Integrated risk management starts with having the big picture of the governance, risk and compliance issues and responsibilities of an organisation. It continues by enabling a risk-aware culture throughout the operation, equipping decision-makers with appropriate knowledge and tools, and having controls that balance mitigation with entrepreneurial ambition.
All this is enabled by technology. Digital integration transforms tick boxing into a coherent process flow, delivering the right information to the right people at the right time.
It’s not all about the technology
Elegant integration, as Steve Jobs knew full well, only occurs at the interface between the person and the product.
The machine is nothing without the person, or people, using it. The first iPhone was nothing more than a digital brick, until it was put into someone’s hands. It needed the person to unlock its potential – and look at what’s happened to smartphones since then!
Automated risk management software might sound cool (well, it does to some people) and it holds out the promise of streamlined processes, improved compliance and reduced costs. But it won’t live up to those promises unless it delivers at the interface with its users.
The tools, tests and reports that comprise the integrated risk management solution need to be relevant, intuitive and interactive. That is, user-friendly in every sense of the word – giving your team what they need in a way that integrates well with their working life and aligns with the objectives of the organisation.
Pillars of integrated risk management
Each of these elements helps support the overall risk management structure.
Strategy – lining up your business outcomes with a framework for identifying and owning risk.
Risk assessment – identifying, quantifying and ranking for risks.
Solutions – the tools and technologies for managing risk.
Communication – identifying stakeholders and delivering the appropriate information to them.
Review – the continual process of tracking and assessing risk management activity to ensure it remains fit for purpose.
Any business seeking to be successful in established markets such as financial services, healthcare or information technology must have these pillars firmly in place.
Where integrated risk management differs from GRC
For years, GRC (governance, risk and compliance) has been shorthand for the structured approach to meeting legal and regulatory requirements, along with controlling exposure to events that could damage the organisation.
Integrated risk management doesn’t do away with GRC – it enhances it.
Integrated risk management helps transform the weight of GRC obligations into activities that automate as much of the data processing as possible, surfacing only the data that’s required for stakeholder reporting and decision-making. The integration takes into account essential factors such as:
- Governance objectives
- Risk ownership and accountability
- Policy compliance
- Risk mitigation
Integration helps to break down silos, ensuring that everyone in the organisation plays their part in GRC. It equips them to play that part as easily as possible, avoiding actions that are unnecessary and inefficient while maintaining full visibility and accountability.
Integrated risk management from 1RS
GRC costs money – a recent survey from the Risk Management Association indicated that 50% of organisations spend between 6-10% of their revenue on compliance.
Automation of GRC, using integrated risk management tools, helps improve efficiency and cut costs. It also helps to drive accountability, bring security and assurance, and deliver a single version of the truth.
Innovation and automation also help to make these tools more accessible to smaller businesses and startups.
Steve Jobs insisted that putting elegant integration into everyone’s hands would transform our lives. He was right.
Elegant integration in GRC might not boast the glamour and excitement of the first smartphones, but it still has the power to transform by allowing a business to focus on what it does best.
If you would like to find out more, book a short discovery call today.
Blog
5 Ways Technology Can Help with SMCR Compliance
One of the biggest changes to FCA regulation in recent years was the need to…
How To Embrace Technology but Keep Your Humanity – Implementing A RegTech Solution
Today, the majority of our business and personal lives are dominated by our…
What are the Cost Benefits of Investing in a GRC System?
More and more organisations are currently seeking out technology-enabled GRC…
Are you ready for Consumer Duty?
With eyes firmly on the calendar for the new Consumer Duty Regulations coming…
What is CASS and who does it apply to?
If a financial services provider holds or controls client money or assets, then…
Has the Motor Finance Industry had its head in the sand?
Ever since the FCA launched a review into Motor Finance and published their…
5 Steps to Improve Your Customer Due Diligence
Last month we looked at third party due diligence and how technology can…
Guide to Operational Resilience
It’s the Monday morning you don’t want. Social media is buzzing because a…
5 Steps To Improve Your Third-Party Due Diligence
All companies use third parties as an essential component in the running of…
Regulation of Buy-Now Pay-Later is Coming
Alice wants a new laptop computer, but it will take her a few months to save…
We won! Fintech Awards 2023- 1RS voted Best Risk Management & Compliance Software Solutions
We are thrilled to announce that Wealth & Finance International have…