In the IRM’s Risk agenda 2025 survey, there were two seemingly incompatible findings – that the number of risk managers is expected to go up, but also that the increased use of artificial intelligence (AI) is likely to threaten risk management jobs.
So in the face of such divergent predictions, does AI actually present an opportunity for risk management teams, or does its increasing prevalence really herald an existential threat? Perhaps the simplest answer is that it will bring a bit of both – such new technologies won’t replace risk managers but they will expand horizons and the risk management roles on offer may be irrevocably changed.
The survey report states that new risk trends including these technological advances will compel forward-looking organisations to adopt or adapt new or existing risk systems and processes. While risk management is currently driven by the corporate risk function, by 2025 embedded processes and new automation will engage businesses in managing risk more fully – sharing more widely the responsibility for risk management.
Quality and availability of data is growing in importance
AI is certainly a useful tool, but it’s only as good as the data it’s given to process. According to IRM innovation special interest group member Dr Sarah Gordon, when using AI, businesses need lots of data analysts to ensure the data going in is of good quality, otherwise their AI could get confused and find it difficult to correctly identify features in the data, teeing it up for making mistakes in the future. Risk managers are therefore likely to spend a great deal of time cleaning data to make it useful.
Gordon describes the imminent general data protection regulations (GDPR) as “fantastic”, as they will enable risk managers to locate data and understand what exists. The data can then be analysed and used, rather than being invisible to the department. “People tend to be taking GDPR seriously because of the fines, rather than because of the opportunities on the table. If they were focusing on the opportunities, they would have done something about it a long time ago,” she says.
To maximise the opportunities offered by emerging technologies, risk managers and analysts will need to become more computer savvy – perhaps extending the remit of the traditional risk management team. For Gordon, that means moving beyond cleaning data and into processes that involve computer coding in order to create artificial intelligence algorithms and drive machine learning routines. She accepts that for some teams this will require a leap forward in capabilities.
Gordon also reminds us that not all data is numeric – developments in natural language processing, where machines can read text, mean that data from social media feeds and other ‘soft’ sources of information is now available and this adds an extra dimension to risk management. No longer are we asking computers to look just at spreadsheets and numbers; we’re asking them to consider human communications and we need to know how to help them interpret what they see.
Data isn’t the ‘be all and end all’
While the availability, reliability and quality of data are all essential to the successful use of AI, including machine and deep learning programs, the risk management team has a wider and developing role to play in ensuring that decision makers are educated and informed about what the results of an AI analysis actually mean, and in giving recommendations on proposed actions.
According to the risk agenda survey, towards 2025 it is expected that risk professionals will be knowledgeable in qualitative aspects of human behaviour and will address culture in organisations. Essential skills for risk managers will include strategic thinking, influencing and confidence.
Explaining why these skills need to come to the fore, Gordon said: “How do you get someone to listen to you? When the financial crisis hit in 2008, lots of people said they had been waving red flags, but very few seemed to have had the influencing skills to help organisations avert disaster. It is difficult to teach someone how to get information from people and then also persuade them that they need to act on your findings. If we are not helping people make decisions, then there is no real value to risk management.”
Risk management teams of the future
The majority of survey respondents indicated that by 2025 budgets for the central risk function will either increase or stay the same, and that new technologies will result in more people working within the risk function. However, respondents also stated that there will be an organisational swing from risk management being driven by a corporate risk department to it being driven by business unit managers, with a decreasing role for corporate risk. This indicates a shift in the role of the business unit manager in the management of risk – and probably a positive outcome overall for risk management.
AI looks to be a power for good for risk management teams, supporting their work on a professional level and perhaps moving their focus more towards strategy and influencing decisions rather than data crunching. But if you’re still not convinced, perhaps consider the old adage about keeping your friends close but your enemies closer and just make sure you understand what AI can do – and the implications of not using it when your competitors are.