The new COSO ERM framework and data analytics

Why data analytics is driving the future of risk management

Business strategy dashboard In September 2017, COSO released its long-awaited update to the first ERM framework it promulgated in 2004. The updated framework, titled Enterprise Risk Management – Integrating with Strategy and Performance, focuses on the importance of considering risk in both the strategy-setting process and in driving performance. This new update helps organizations manage risk differently - it paves a new path towards the evaluation of how risk is used in the strategic decision making process, which ultimately affects an organization’s performance. When risk and performance are integrated, organizations will be better positioned to embrace opportunities and move toward the future with greater confidence.

Since the COSO released its first ERM framework in 2004, the amount of data available to businesses has exploded, and the potential ability to collect, synthesize, report and use that data to drive more informed decisions has improved exponentially. Improving data analytics capabilities and integrating them with ERM efforts is one of the single most important steps businesses can take to transform their risk functions and align with the strategic drivers of the organization.

Why data matters The idea of using data analytics in ERM isn’t new. Historically, risk leaders have used analytics to develop reports in order to assist in their decision making. However, the technological landscape has evolved so quickly that most organizations haven’t kept pace with the possibilities.

In recent years, the generation and collection of data across the enterprise has become more widespread. This includes traditional business sources of structured data, such as transactional records, as well as unstructured data from sources such as social media and human responses. Both sources offer value. Along with the benefits of technological advancements, improved market understanding, and increased data generation, organizations are only scratching the surface with data analytics and data mining.

The growth of data provides a new opportunity to address operational and strategic business issues. The challenge becomes how best to harness the proliferation of data in specific efforts, such as better understanding and managing an enterprise’s risks.

Keeping pace with data analytics advances Many organizations lack the analytical processes and tools they need to truly capture and use risk information more effectively. Using data analytics, risk management functions must facilitate and encourage the capture, analysis, and delivery of current and forward-looking risk information to further their mission and meet objectives.

Within the ERM space, organizations must extend their understanding of the risk landscape to available data that is associated with strategic risks, down to the operational and program level. Aligning the data to the risk profiles and indicators is a prerequisite towards using the now-available data to better understand and manage risk through analytics. Only then can analytic models be built to detect potential risks, more fully assess their financial impact, and build an analytic framework that can begin to balance the financial and strategic impacts against the investment to mitigate and fully manage the risks.

The ability to leverage data through analytics will strengthen evidence-based decision-making for leadership teams and enable them to map their data to strategic and business objectives. For example, data-driven budgeting practices coupled with value-to-spend analytics and spend distribution models can help organizations better align their budgets with their strategy and maintain a real-time view into how effectively their investments support their business models. Coupling those tools with dashboards tracking customer experience against key performance benchmarks can provide a real-world reality test for both organizational strategy and spending, allowing companies to adjust to market conditions and customer preferences quickly, based on empirical evidence. Those are just a few examples of how organizations can focus their ERM efforts and assess risks in a meaningful and data driven manner.

Why a data-driven approach to risk? In an environment of increasingly scarce resources and a focus on mission critical activities, implementing ERM makes strong business acumen. A data-driven approach supports the development of key risk indicators (KRIs) and key performance indicators (KPIs) to anticipate and understand whether strategic and business objectives are being met and at what cost. The time for organizations to fully harness the data they have is now. Leaders should adjust their organization’s strategic plans and risk responses based on performance as measured through a strong analytics program.

What questions should you be asking to assess your risk and data practices?

  • What are your organization’s data analytics capabilities?
  • Do you have a centralized data analytics team or are your capabilities decentralized into your business functions or processes?
  • What data analytics tools are you using today?
  • Are you considering new analytics, e.g., machine learning, robotic process automation, natural language processing, artificial intelligence, etc.?
  • Are you using data analytics to measure KRIs and KPIs?
  • How are you using data analytics to evaluate your strategic and business objectives?

Our Advisory Services professionals have significant experience helping clients develop risk solutions utilizing data analytics that create value by helping them define and execute their business strategy in alignment with their risk profile.

Baily Jordan
T +1 919 881 2790

Michael Rose
T +1 215 376 6020

Christopher Hare
Senior Manager
T +1 703 837 4453