Professional Documents
Culture Documents
taking a data-driven
approach to risk
The benefits of taking a data-driven approach to risk 2
The events of the past two The risks modern organisations face have never
years mean it’s more important been more clearly illustrated than over the
past couple of years. A global pandemic, war
than ever that organisations in Europe and subsequent impact on trade, and
understand the full range of the rising cost of living are all evidence of how
risks to which they are exposed. volatile the business landscape is, and that’s on
top of the perennial dangers organisations face.
The use of data and effective
supplier – or ‘third party’ – A report by SAP highlights just how damaging
assessments can help them this has been; 66% of UK businesses have
experienced delays as a result, 64% have
to do just that. seen revenues decrease and 58% have lost
customers. Perhaps even more concerningly,
a quarter (23%) believe their supply chain
problems will not have improved by the
summer of 2023. >>
80%
experienced a significant
methodologies,” said David L Loseby, former-
cyber security incident
Group CPO at Rolls Royce. Further, the risk
in the past two years
landscape will continue to evolve and change
relative to the dynamics of the VUCA (Volatility,
Uncertainty, Complexity, and Ambiguity) world
we currently operate in.
Cyber is a particular threat, with more
“More recently the Federation of European than 80% of companies experiencing a
Risk Management Associations (FERMA) and significant cyber security incident in the
others have recognised that this needs to be past two years, according to research by
more comprehensive within the organisation Gartner. There are different levels of risk
and across its entire supply chain (all tiers) to here, says Mark James, senior consultant
embrace wider and broader criteria.” at compliance firm DQM GRC. “From a data
protection perspective an organisation,
The risks organisations face today from or controller, has a legal and accountable
their supply chains typically fall into four obligation to determine how data is
categories, says Andrew Black, a principal at processed,” he says.
consultancy Efficio. These include financial,
where the viability of suppliers is threatened; “If a third party has weak processes that
health, safety and environmental, social and pose a risk, and as a consequence are
governance (ESG); cyber; and reputational, breached, the controller could have liability.
which underpins the other three as well Some third parties will pose greater risk –
as encompassing other threats such as for example, a third party that hosts all of
inadvertently trading with a supplier in a your IT, and is subsequently breached, could
country currently under sanctions. see operations of the organisation ceasing.”
The benefits of taking a data-driven approach to risk 5
industries
varies, raising the prospect of some
over-emphasising certain threats while
simultaneously not paying enough attention
Data can help The growing breadth and depth of the risk
organisations face means it’s no longer enough
businesses
to rely on gut instinct when it comes to
assessing and monitoring threats, or to hone
in on one particular risk at the expense of
>> Using a dedicated third-party assessment It’s a responsibility that needs to be shared
firm means suppliers only have to go through across different functions, states Walden.
one process for multiple clients, he adds, “At an enterprise group level, the risk
using a standard framework; something that and compliance team will take ultimate
will be appealing to them and could help responsibility for risk under direction of
organisations become customers of choice the executive board,” he says. “Procurement
in competitive categories. and supply chain as part of the overall risk
framework need to take a leadership role in
As Simon Chard points out, monitoring the third-party and supply risks. Managing risk
financial health of suppliers also remains is a group sport, requiring the participation
important not just to ensure they remain viable of many different stakeholders across the
but because this also gives an indication of how company and externally.”
vulnerable they are to other risks. “Financial
health is almost like a buffer against all these
other issues,” he says. “As we move into a
period where more organisations are going
to come under more financial pressure with “Using a dedicated third-party
rising interest rates and inflation, that will assessment firm means suppliers
probably lead to an uptick in some of the other
challenges that they’re going to face and will
only have to go through one process
impact on their ability to deal with them.” for multiple clients”
The benefits of taking a data-driven approach to risk 11