Cognitive risk sensing identifying and mitigating risk into dynamic process.
Cognitive risk sensing (CRS) is said to be the next frontier in terms of analyzing risk and addressing it in a dynamic fashion. But the approach, which should be especially helpful for internal audit (IA) and other risk functions, is still in its infancy for most organizations.
Neil White, risk and financial advisory principal and global internal audit analytics leader at Deloitte, said organizations have used structured data from areas such as operations and human capital to judge risk, often very effectively. However, such analysis tends to be backward looking.
Outside in. More recently, companies have started to tap unstructured data from outside the organization, an approach that has been used for some time in areas such as marketing and sales. But now is being applied to risk. Essentially that means pulling vast quantities of that data together from social media and other media sources, often using third-party aggregators. Quickly evolving technology such as natural language processing, machine learning and other forms of artificial intelligence now enables the analysis of that data that wasn’t possible before.
Room for growth. CRS is being applied by a still relatively small percentage of companies, according to a recent survey of C-suite ad other executives conducted by Deloitte. Just over 25.4% said their organizations collect and analyze external, open-source data as part of an IA function, and only 5.3% said they’re using it across the organization, with 30.6% saying they’re lagging.
Many of those companies using CRS today are likely in the financial services industry, which Mr. White said has been ahead of the game, adding Deloitte is also working with organizations in the healthcare and consumer-products space. A financial services firm, for example, can collect open-source and unstructured data about regulatory, technology and other issues impacting competitors, and using that information to determine how it, too, may be impacted.
Intelligent ML. “Now we’re starting to see risk insight being drawn from external data sources, with more intelligent ML learning models, resulting in a more resilient organization that can respond more quickly to those risks,” Mr. White said.
Since ML and similar technologies are more readily available and understood, Mr. White said. “We’re starting to see those applications into other parts of the risk world.”
For example, in the supply chain, domain specialists will use CRS for forward-looking insights to identify the potential commodities shortages in key markets or supply chain disrupted due to labor. “A large food distribution company using this for a more forward looking view on whether there will be disruptions to the underlying ingredients that go into those food products,” he said, adding that Deloitte is working with a medical device company using this approach to monitor potential risks in 14 different domains.
“It’s the first time we’re moving into a more forward-looking risk world and not relying entirely on the human knowledge within the organization,” Mr. White said, “And to me that’s what’s really exciting about this.
Dynamic response. He added that especially exciting is CRS enabling IA to get closer to the concept of real-time assurance, which, helps IA move a little closer to the genesis of the risk and respond more dynamically and provide more timely assurance.
“So it’s not just about a tool to peek over the horizon. Those companies who are doing CRS well are changing their entire risk response process and how they align talent, increasing the regularity with which they refresh their risk register and updating audit plans,” Mr. White said.