The role of automation in enterprise risk management

06 June 2018 Anneliese NiebauerBest practices

Q & A with Head of Enterprise Risk at TfL

Automation is business critical in today's on-demand climate. Risk is one of the industries being most dramatically impacted by automation. Despite the promise of cost savings and the reduction in human error, many risk professionals experience panic at the thought of automating their existing risk processes.

We recently sat down with Nico Lategan, Head of Enterprise Risk at Transport for London, to ask him about the risk visualisation approach he designed for TfL and the benefits and risk associated with automating processes. Nico has been shortlisted as the ALARM Risk Professional of the Year 2018 and has won multiple awards for his pioneering work in risk visualisation.

Nico-Lategan-2

Tell us about the risk visualisation approach that you designed for TfL.

The purpose of Enterprise Risk Management is to support people, in the light of increasing uncertainty and complexity, to make better decisions to achieve organisational objectives. Better decisions rely on accurate and timely information, including information on objectives, strategy, performance, risks, controls, etc. In my experience, the most effective way to make this happen is through automating the process of bringing all this information together on one platform to present it in a very visual and interactive way to decision makers. I designed and implemented this award winning risk visualisation approach in Network Rail, and I’m currently in the process of improving on this approach in my work at TfL.

What are the benefits of automating processes for the risk team and to the wider company?

Automation of certain processes has multiple benefits. The obvious ones are that it saves time and decreases the risk of inaccuracies introduced through human error. Not having to complete mundane tasks means people can focus on higher purpose, value added activities which in turn could result in increased job satisfaction. The increased speed and accuracy means the business has access to the right information instantaneously and on demand which supports better decision making.

How do you ensure that automation is not introducing new risks into your company?

There are, of course, down sides to automation if it is not implemented well. Mistakes in the automation design, collation, storage or aggregation of information could go undetected which means decisions are being made on flawed information. A well designed automation process combined with a thorough testing regime should iron most of these issues out.

Are there some risk processes that you believe should never be automated? If so, why?

People, either through action or inaction, are directly or indirectly at the heart of most risks. I believe the art and skill of listening to people is important in gaining an understanding of the risk landscape, either now or what they anticipate for the future. An automated survey may ask the right set of questions, but a person can adjust the questions based on answers received, read between the lines, tease out the nub of an issue and build a level of trust that any automation available today would not be able to replicate.

Is there any advice that you would give to risk teams that are looking to build a culture of risk management across their entire company?

Start at the top! If you can influence your Board and Executive Committee to embrace and recognise the value of risk based decision making, then it makes it so much easier for that approach to cascade down throughout the business. It certainly is no simple task, but hardly anything worthwhile is.

Here are the 4 Key Takeaways you can take with you as you enter your automation journey:

  • Visualisation is the best way to make risk-based decisions using multiple data-points
  • Automation mitigates the most common enterprise risk: Human Error
  • Humans will always add value into data interpretation
  • A culture of risk-based decision making starts at the top

API