When you consider to maken an investment in improving risk management, I think it would be very helpful to focus on the following three items in the technological dimension:
1. Instead of auditing all the events after a certain amount of time, it would be advantageous to position a solution that constantly listens to the application layer. Exception-based anomaly detection is not as scary as its name, but based on my experience, it is an idea that can be built and deployed within 12-14 weeks. Therefore, it is possible to automate even complex architectures step by step. Of course, I am on the side of making strategic investments in accordance with the idea of “Minimum Viable Product”. I think this will both save the departments from the stress of high investment and at least prevent the hasty decisions brought by the idea of sunk costs. If I were to give an example, I could start with a script set that only tracks the anomalies in the purchasing processes in the SAP system in the public sector.
Technology Investment Recommendation: Automatic control monitoring application that listen to the data produced by the organization or RPA investments
2. We need experts or algorithms to translate what this data says. Therefore, it is of great importance to examine these data according to certain threshold ranges and to create insights that predict future data based on past data.
Technology Investment Recommendation: Data Visualization (Analytics) Solutions
3. Of course, it is not enough to just collect the information and save it somewhere in the database. I think it is necessary to implement a risk and audit management software that will reflect the risk and audit culture of the company and consolidate this data.
Technology Investment Recommendation: Risk Management and Audit Management Software
These are suggestions I can make from a software-centric perspective. However, you will appreciate that; there is another relatively difficult task. It is the responsibility of risk professionals who will create programs to promote risk-centered management within the organization. Automatic control mechanisms, dashboards for data visualization, enterprise risk management, and internal audit software will be very important weapons for risk professionals on this journey. At the same time, I think it will allow the organization to form a risk memory and create a risk-based value chain independent of silos.