On 9 January 2007 Apple CEO Steve Jobs announced a revolution in communication. In front of the world’s technology media, he presented Apple’s three new breakthrough devices – an iPod, a mobile phone and a new internet communicator. 

Three new devices. 

For a moment he teased the crowd, repeating the names of the three – an iPod, a mobile phone, an internet communicator.

Then the reveal. 

These weren’t three separate devices. 

They were just one.

The iPhone.

Technology fans cheered as he presented a single solution that elegantly integrated what were previously three different activities – listening to music, speaking on the phone, and navigating the internet.

Steve Jobs understood that integration was the future. Not the clunky compromise combination of the early Windows phones, that tried to be several devices in one and failed to do anything well. Jobs knew that successful integration becomes more than the sum of the individual components.

Winning is so often about delivering an experience that’s so obviously the next step, yet feels like a massive leap forward. That experience often comes from bringing separate functions together into an elegant whole.

Integrated risk management in financial services

Risk management in financial services is often seen as a box-ticking exercise. Have we considered the impact of this? Have we quantified our exposure to that? Have the right managers attended the right courses recently?

Tick, tick, tick.

This is not integrated risk management. It’s tick box management, often backed by spreadsheet management (someone has to keep track of all these ticks and boxes).

Nor is integrated risk management a methodology, a fat document of principles, processes and procedures that delivers confidence through its size and weight. Contrary to the expectations of some, success in financial services is not measured by the thickness and aridity of the paperwork produced.

Challenger banks and fintech upstarts aren’t winning over new customers in droves with the beauty of their box ticking. They’re winning because they’ve learned how to easily integrate their product into the lives of consumers. And because, behind the scenes, they’ve embedded integrated risk management into their organisation and their culture.

Integrated risk management starts with having the big picture of the governance, risk and compliance issues and responsibilities of an organisation. It continues by enabling a risk-aware culture throughout the operation, equipping decision-makers with appropriate knowledge and tools, and having controls that balance mitigation with entrepreneurial ambition.

All this is enabled by technology. Digital integration transforms tick boxing into a coherent process flow, delivering the right information to the right people at the right time.

It’s not all about the technology

Elegant integration, as Steve Jobs knew full well, only occurs at the interface between the person and the product.

The machine is nothing without the person, or people, using it. The first iPhone was nothing more than a digital brick, until it was put into someone’s hands. It needed the person to unlock its potential – and look at what’s happened to smartphones since then!

Automated risk management software might sound cool (well, it does to some people) and it holds out the promise of streamlined processes, improved compliance and reduced costs. But it won’t live up to those promises unless it delivers at the interface with its users.

The tools, tests and reports that comprise the integrated risk management solution need to be relevant, intuitive and interactive. That is, user-friendly in every sense of the word – giving your team what they need in a way that integrates well with their working life and aligns with the objectives of the organisation.

Pillars of integrated risk management

Each of these elements helps support the overall risk management structure.

Strategy – lining up your business outcomes with a framework for identifying and owning risk.

Risk assessment – identifying, quantifying and ranking for risks.

Solutions – the tools and technologies for managing risk.

Communication – identifying stakeholders and delivering the appropriate information to them.

Review – the continual process of tracking and assessing risk management activity to ensure it remains fit for purpose.

Any business seeking to be successful in established markets such as financial services, healthcare or information technology must have these pillars firmly in place.

Where integrated risk management differs from GRC

For years, GRC (governance, risk and compliance) has been shorthand for the structured approach to meeting legal and regulatory requirements, along with controlling exposure to events that could damage the organisation.

Integrated risk management doesn’t do away with GRC – it enhances it.

Integrated risk management helps transform the weight of GRC obligations into activities that automate as much of the data processing as possible, surfacing only the data that’s required for stakeholder reporting and decision-making. The integration takes into account essential factors such as:

  • Governance objectives
  • Risk ownership and accountability
  • Policy compliance
  • Risk mitigation

Integration helps to break down silos, ensuring that everyone in the organisation plays their part in GRC. It equips them to play that part as easily as possible, avoiding actions that are unnecessary and inefficient while maintaining full visibility and accountability.

Integrated risk management from 1RS

GRC costs money – a recent survey from the Risk Management Association indicated that 50% of organisations spend between 6-10% of their revenue on compliance.

Automation of GRC, using integrated risk management tools, helps improve efficiency and cut costs. It also helps to drive accountability, bring security and assurance, and deliver a single version of the truth.

Innovation and automation also help to make these tools more accessible to smaller businesses and startups.

Steve Jobs insisted that putting elegant integration into everyone’s hands would transform our lives. He was right.

Elegant integration in GRC might not boast the glamour and excitement of the first smartphones, but it still has the power to transform by allowing a business to focus on what it does best.