The data-driven risk manager

Despite the widespread ambition of organizations to create a data-driven culture, few seem to make the transition successfully. In the article Big Companies Are Embracing Analytics, But Most Still Don’t Have a Data-Driven Culture, the authors cite the results of this year’s annual New Vantage Partners survey on data issues. “Virtually all respondents (99%) say their firms are trying to move in that direction, but only about one-third have succeeded at this objective. This gap appears every year in the surveys, and the level of success hasn’t improved much over time.”

According to a Gartner study, a similar disconnect is found: 80% of CEOs claim to accept the concept of data as an asset, yet only 10% say their organization treats it that way. Given the fairly daunting odds, why are so many organizations still fighting the uphill battle to establish a data-driven culture? Because, as a TechCrunch article notes, “Being data-driven pays!” As proof, the authors cite an MIT study finding a 5-6% higher output in data-driven organizations and other research indicating a more than $13 payback for every dollar spent on analytics.

The importance of the risk manager

Given the potential payoff of a data-driven culture, the analysis-based role of a risk manager can be a linchpin in the effort to elevate the role of data in strategic decision-making across the organization. To make this transition, risk managers need to adopt an enterprise risk management (ERM) mindset, regardless of whether the organization actually has an ERM program in place. The core of this mindset relies on using data to influence decisions and direct actions.

Building blocks

There are several key concepts that increase the odds of successfully instilling a data-driven culture.

Single source of truth means better insight (and a better process)

The TechCrunch article referenced above lays out the benefits of integrating data. “When you have a single source of truth, you provide superior value to the end user: the analysts and other decision makers. They’ll spend less time hunting for data across the organization and more time using it.” Not only is the process improved, but the quality of analysis rises as well. If data is spread across multiple silos it becomes impossible to provide valuable, truly comprehensive insights.

Focusing on ensuring data is centralized and accessible is a critical first step. This means that robust data integration capabilities are essential, as is the flexibility to handle data in diverse formats.

Democratization of data (looking upstream and downstream)

The underlying value of a data-driven culture lies in how it can impact actions throughout an enterprise. While the focus tends to fall on the upstream decision makers, data also needs to flow out to those responsible for taking direct action. As an example, the TechCrunch article relates the story of a food delivery company in San Francisco where even the chef has access to analytic data regarding ordered meals. This contributes to a greater understanding of how to tailor the menu, and what “works.” The right data helps everyone in an organization make more informed decisions. As the article’s authors state, “It means assessing the needs of individuals, not just the analysts and key decision makers, but across the whole organization, out to the front-line of operations.”

Key decision makers are an obvious target for a data-driven approach due to their focus on executing the organization’s strategic objectives. Frontline managers, however, can also benefit. Not only will they gain insight into how they can impact the organization, but they will also see firsthand if their efforts are actually moving the needle. This feedback, so often missing in top-down directives, focuses on results and translates strategic direction into measurable actions.

Decision-making impact

The reason only 1 out of 3 companies succeed with efforts to create data-driven cultures is that data only holds value if it affects decision making. Kristopher B. Jones puts it this way in the CIO article 5 tips to create a data-driven culture at your company, “Data without decisions is like burying your money in the ground.”

If data does not directly influence the decisions, either because it is not timely enough or it fails to add insight to the process, then it holds no value to the organization. Obtaining the data is not the end goal. Making better decisions is what really matters. The question to ask both upstream and downstream data consumers is, “Are you doing anything with it?”

Alignment with business objectives

In Avoiding Common ERM Pitfalls, the importance of connecting ERM assessments with the strategic objectives of the organization is discussed. This type of connection also holds for any data-driven effort. Jones also notes the importance of linking data to organizational goals in his article. “From sales and finance to project management and service-level experiences, data should be rooted in goal-oriented tasks,” Jones states.

By extending the ERM mindset to all aspects of a data-driven culture, the effort to become data-driven gains relevance. Offering analysis and context on how successful the organization is with reaching its objectives, or pointing out related threats or opportunities, places data at the heart of strategic decisions. Framing the effort in the language of the executive team means that they will not only understand the value of a data-driven culture, but will also advocate for the transformation.

Becoming a data-driven risk manager

There are specific steps a risk manager can take to become more data savvy.

Look strategically at what you measure (and why you measure it)

Not all data is equally valuable. “Creating a data-driven culture starts with being able to accurately measure and present reliable and actionable information,” says Scott Busse in a Risk Management Magazine article. Leading indicators, metrics that foretell potential risks or negative outcomes, tend to be the most actionable type of information. Rather than looking at the after effects of actions taken in the past, leading indicators predict events in the future.

Guilherme Lopes chronicles his company’s search for a way to combat customer churn rates in the article Leading Indicators: How we learned what to do today to prevent churn tomorrow. Lopes describes how they ran cohort analyses, identified some unlikely correlations, and created incentive programs around the leading indicators they discovered. The results were a 50% cut in the churn rate and securing a $20M investment round. Leading indicators provoke conversations — and those conversations are what lead to taking strategic actions.

Expand the types of data collected

Looking beyond the claims data and risk assessments that comprise a traditional risk manager’s data arsenal, there are new and innovative ways to draw in more types of data for analysis.

New potential data sources include:

  • Internet of Things (IoT) — Real-time data from wearables and sensors can provide innovative ways to drive down claims. A UK bricklaying company, for example, used wearables to reduce the amount of time bricklayers were in a significantly bent over position by 85%.
  • RFID and telematics — Data from sensors in fleet vehicles can open up new types of usage-based insurance (i.e. pay by the mile) and can power new types of driver safety incentives.
  • Audits and mobile forms — Moving data entry closer to where the data lives can provide powerful feedback on the effectiveness of strategic efforts. One client used audits combined with incentives to drive a 15% reduction in claims, a metric they could not otherwise seem to budge.
  • Data feeds — From real-time weather and natural disaster alerts to A.M. Best ratings to ODG benchmarking data, connecting the right data to your process can provide the context and insight needed to make better decisions.
  • Images and annotations — Images and annotations can often provide a greater level of understanding than text descriptions alone. Including images associated with incidents and claims, for instance, can enhance the ability to identify root causes.

As you consider new types of data sources to incorporate in the risk management process, look for data that can serve as early-warning triggers, measure the effectiveness of mitigation efforts, or help isolate the most critical trends. When evaluating potential data for inclusion, also factor in ways to reduce the collection effort and reduce lag times in reporting.

Presenting the data

While risk managers are typically awash in data, deciding what specific information needs to flow to the executive team or out to operational managers can be a challenge. Passing along data that offers no actionable intelligence or doesn’t connect with the organization’s strategic goals holds no value for those already bombarded with competing messages. As Busse notes, “Most business leaders say they get plenty of reports but not enough information.” His advice, “Go for insights (not data) and analysis (not reports).”

Insight is what the data-driven risk manager has to offer. To the executive teams, this means relevant, actionable data that informs strategic decisions. And to the operating managers, this means clear feedback that their efforts are moving the needle (or not). Data can overwhelm, but insight fuels change.

Moving from an annual exercise to continual improvement

Relying on an annual assessment process can limit the effectiveness of the feedback loop between actions taken and results observed. Instead of engaging in a resource-draining cyclical routine, a continual improvement approach affords the data-driven risk manager a much more adaptable and calibrated environment to work in.

In the article A data-driven approach the author notes, “Companies that do incorporate a data-driven approach to risk management are continually able to define and redefine what their business risks are, rather than using a traditional annual or periodic risk assessment cycle.” The article offers these suggestions for employing a continuous analysis approach:

  • Use continuous analysis to test and validate the effectiveness of your controls — on a timely basis.
  • Provide management with immediate notification of red flags.
  • Create processes for control remediation.
  • Implement continuous analysis on a comprehensive basis across business process areas.

Collecting more data points makes it easier to identify trends while providing feedback closer to real time allows the organization to pivot and respond as needed. Being data driven requires looking at cause and effect. If the effect is separated from the cause by almost a year, that connection can be severely strained and the insight buried. Given the rapidly evolving risk landscape today’s organizations face, agility in responses is a competitive necessity.

Choosing a data-driven technology

To become a data-driven risk manager, the right technology is essential. As discussed in our eBook The Complete Guide to Choosing a RMIS, “A hallmark of successful, cloud-based SaaS software, configurability provides users with an array of options for unique configurations while still drawing from a single, underlying code base.” Origami Risk offers the flexible data-integration, easily configured reporting options, and automated workflows that can transform your organization into a responsive, data-centric powerhouse.

Click on the button below to see how you can become a data-driven risk manager.