A Leap Forward for Risk and Compliance
Last week, I had the honor of being the opening keynote speaker at the Compliance Week West conference in Palo Alto. As we gathered, I chatted with a couple of friends from a large technology company. They told me about some amazing things they are doing with the latest technology (including from SAP and its partners) to improve their risk and compliance activities. This company is not alone and I am hearing stories from companies in all different sectors and geographies almost every week.
- One company is continuously monitoring hundreds of millions of transactions for indicators (red flags) of potential fraud. While organizations have been doing this on a monthly basis for a long time, the latest in-memory technology provides speed improvements – up to 300,000 times faster than just a year ago – that let them monitor transactions almost as they are processed. Now, they can intervene and take action quickly and close down anything improper very quickly.
- A large bank is using some of the same in-memory technology to monitor signs of money-laundering. With the massive fines being levied by the government and regulators for anti-money laundering (AML) compliance failures, this has become a critical activity for financial services organizations. The power is now available to monitor the literally billions of transactions processed every day.
- An IT organization has moved its information security threat risk assessment tool onto an in-memory platform. Previously, the tool was limited to assessing intrusion risks by analyzing a sample of intrusion attempts. As a result, its accuracy and reliability was limited. Now, it does its assessment based on the full history of intrusion attempts.
- SAP is one of many companies that use social media monitoring technology (sometimes referred to as sentiment analytics or text analytics) to monitor what people are saying about the company; this keeps their fingers on reputation risk.
- SAP’s internal risk management function is in the process of deploying mobile risk analytics. Linked to our enterprise risk management system, this mobile app will enable every manager to see and dive into the risks they own. It is enabling risk management to be “embedded” into daily management of the business.
- Other companies are using new technology to improve their monitoring and communication of risks across the organization. It is great to go to a conference, such as Compliance Week West, and see the growing maturity of risk and compliance solutions showcased by vendors, some with integrated risk monitoring capabilities.
The ability to monitor risk and compliance in a more dynamic fashion that is responsive to change delivers power and value to the organization – and to the contribution that can be made by risk and compliance professionals.
But, I hear you say, risk and compliance functions don’t have the money to spend on expensive new toys.
That is true, but the majority of companies are either acquiring or actively looking at the new technology to improve business operations – especially to leverage so-called Big Data, but also to improve the analytics used to make decisions and run the business.
Risk and compliance professionals should be looking for the opportunity to leverage the technology their organization is acquiring for other purposes. That is what my friends at the Silicon Valley technology giant did.
What to look for? Here’s a partial list of new technology to power risk and compliance:
- In-memory computing (sometimes this is called in-memory analytics, sometimes just as a platform or a database. SAP’s solution is called HANA)
- Predictive analytics
- Mobile analytics (sometimes referred to as mobile business intelligence, or mobile BI)
- Risk monitoring, including event monitoring (where a real-time agent tests individual transactions against rules as they are processed)
- And more, such as these solutions from Wipro
I would love to hear what you are doing with the new technology to improve risk and compliance effectiveness and efficiency.
Recent Posts on this Blog
- Proposed rules on compensation risk merit consideration by all of us May 21, 2016
- Cyber Risk and Audit May 14, 2016
- Risk agility and resilience May 7, 2016
- The search for effective risk appetite statements April 30, 2016
- How to assess internal audit effectiveness and value April 23, 2016
- What is the state of ERM? A new study sheds a little light April 16, 2016
- Survey results: risk-based internal audit planning April 8, 2016
- Risk and how we run our business April 2, 2016
- Which risks does IA audit? March 26, 2016
- Why do people take risks? March 25, 2016
- Some authoritative guidance on risk management and the three lines of defense March 19, 2016
- Risk Reimagined! March 12, 2016
- The obligation of the board to challenge management March 11, 2016
- Managing risk means opening your eyes every day March 5, 2016
- Should we take this risk? February 28, 2016
- The Risk of an Ineffective Board May 24, 2016
- Regulator Talks About Culture May 16, 2016
- Balancing Offense and Defense, Performance and Risk May 6, 2016
- Have You Had a Cyber or Data Breach Today? May 2, 2016
- Talking About Internal Audit Value and Leadership April 27, 2016
- Deloitte Suggests 10 Questions to "Embrace Risk and Lead Confidently" April 18, 2016
- How Many Lines Do You Need to Defend Against Risk? April 4, 2016
- Protiviti Says We Live in a More Risky World March 28, 2016
- New Governance Guidance Stretches Thinking on Ethics, Risk, and More March 21, 2016
- The Value Gap Between Internal Audit and Our Stakeholders March 14, 2016