Actualités

Incumbents and InsurTechs must embrace each other’s unique strengths and work together

Executive summary

New challenges, changing business dynamics have set off a tectonic shift in the insurance industry

  • Customer expectations are evolving, offers are becoming more innovative, and new players are making their presence known.
  • Fundamental and significant challenges will require insurers’ immediate and considered attention.
  • As a result of these changing dynamics, incumbents and InsurTechs agree that collaboration with other industry players is necessary to create an integrated portfolio of offerings.

Insurers must support a platform that serves a broad spectrum of customer needs

  • The future marketplace will showcase a bouquet of offerings that caters to customers’ financial and non-financial needs.
  • Insurers need a structured approach to marketplace development that includes proper identification of customer preferences and relevant offerings, evaluation of best-fit partners, and an effective GTM strategy.
  • Today’s operating model will undergo a fundamental transformation as part of the inevitable path forward.

Experience-led digital offerings and seamless collaboration with ecosystem players will drive marketplace success

  • Insurers will need to tear down internal silos, seamlessly connect with ecosystem players, and be more inventive.
  • Our Inventive Insurer profile includes key characteristics:
    • intelligent insurer,
    • open insurer,
    • deep customer,
    • and product agility.

Incumbent-InsurTech collaboration can shore up competencies in preparation for the future

  • InsurTechs’ unique capabilities and agility make them ideal partners for incumbents aiming to carve out a substantive role in the new marketplace.
  • A successful holistic collaboration will focus on long-term benefits.

New ecosystem roles will evolve as the industry transitions toward the marketplace model

  • Industry players must decide how to successfully and profitably contribute to the new ecosystem based on their most compelling competencies, as well as market needs and the external environment.

There’s no looking back for today’s digitally-empowered consumers

Throughout the past decade, as smart technology tools became mainstream, consumer interaction with the world changed dramatically. Changing lifestyles, behavior, and preferences have created a digital-age paradigm. As smartphones and the internet unlock information and decision power, interconnectivity, personalization, and seamless omnichannel access have become must-haves.

So, what does this mean for insurers?

Policyholders seek new offerings: Traditional insurance policies may not fully meet customers’ changing needs and desire for add-on services, personalization, and flexible offerings. In fact, for nearly half of policyholders, the decision to continue with their insurer is influenced by the availability of these features and benefits, according to the World Insurance Report (WIR) 2019.1

The demand for digital transaction channels is up: The popularity of digital channels is gradually growing. More than half of insurance customers (nearly 52%) interviewed as part of the WIR 2018 placed high importance on the mobile and internet or a website channel for conducting insurance transactions.

Simplicity is the rationale behind genuinely digital products

Digital channels work best when insurers streamline and standardize products and processes so customers easily understand features and benefits and can make direct purchases online with ease. In short, insurers must simplify offerings to create genuinely
digital products.

  • Easy to understand: Policy details should be redesigned and reformatted for straightforward interpretation so customers can quickly make a buy/ no-buy decision. For example, Berkshire Hathaway’s Insurance Group (BiBerk) launched a comprehensive insurance product for small businesses that combines multiple coverages. Dubbed THREE, the new product is three-pages long and links coverage for workers compensation, liability (including general liability, errors and omissions, and cyber), property, and auto.
  • Automated processes: Straight-through processing and other ease-of-use tools can simplify underwriting, claims processing, and more across the value chain. Cake Insure, a subsidiary of Colorado-based Pinnacol Assurance, launched in late 2017 with an algorithm that produces a bindable quote in less than a minute and a bound policy in fewer than five minutes for small businesses seeking workers’ compensation insurance. New York-based property and casualty InsurTech Lemonade uses artificial intelligence to automate claims processing. Lemonade showcases a 2016 case in which it crossreferenced a claim against a user’s policy, ran 18 anti-fraud algorithms, approved the claim, and sent wiring instructions to the bank in three seconds to demonstrate ease of use.
  • Straightforward policy wording: Descriptions of policy coverage and expenses (which ones are payable and which do not qualify) must be explained clearly in everyday language. Similarly, insurance industry players should work together to standardize definitions, exclusions, and processes.
  • Interactive customer education: Gamification, interactive videos, and social channels are ways to educate customers about risks, their need for coverage, and policy details. Interaction can also improve customer engagement and experience.

The marketplace of the future can holistically focus on customer needs

HomeFlix is a virtual assistant offering renters and homeowners insurance underwritten by Zurich Connect, the digital arm of Zurich Italy, and powered by on-demand digital broker Yolo, a Milan-based InsurTech. In addition to insurance coverage, the policy, introduced in July 2019, offers laundry service – washed and ironed after a few days and paid directly on delivery. Access to concierge maintenance services such as plumbing and electric also is available. Next, HomeFlix plans home delivery, babysitting, and cleaning services.

New York-based Generali Global Assistance (a division of Italy’s Generali Group, which provides travel insurance-related services) strategically partnered with San Francisco-based rideshare company Lyft in late 2017 to improve customer service and contain costs for clientele of its insurance companies and multinational corporations. Later, Lyft
collaborated with CareLinx, a US professional caregiver marketplace that helps find, hire, manage and pay caregivers online, to create CareRides, a door-to-door transportation service for special-needs individuals in 50 US metro areas. Generali Global Assistance also partnered with CareLinx to provide value-added services for existing policyholders in times of need.

The marketplace of the future can offer emerging-risk coverage

Working with Cisco, Apple, and Aon, Allianz launched a comprehensive cyber insurance product for businesses in early 2018. The product includes a solution comprised of cyber-resilience evaluation services from Aon, secure technologies from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz. The product aims to help a broader range of organizations manage and protect themselves better from cyber risks associated with ransomware and malware-related threats.

The marketplace of the future can deliver simple to understand, easy-access offerings

Berlin-based startup FRIDAY offers innovative, digital automotive insurance with features like kilometeraccurate billing, the option to terminate at month’s end, and paperless administration. The InsurTech’s technologies and partnerships include:

  • Telematics support from the BMW CarData platform and from TankTaler, which tracks vehicle location as well as data such as battery voltage, mileage, and other statistics
  • Automotive services through the mobility hub of ATU, a German chain of vehicle repair franchises
  • Drivy, a peer-to-peer car rental marketplace that enables consumers to lease vehicles from private individuals
  • Friendsurance, a peer-to-peer InsurTech that pays out a percentage to customers who do not use (or use very little) annual insurance also sells FRIDAY policies

Prudential Singapore and StarHub partnered to create FastTrackTrade (FTT), Singapore’s first digital trade platform for small and midsized business (SMBs) that uses blockchain technology. FTT helps SMBs find business partners and distributors, buy and sell goods, track shipments, receive and make payments, access financing, and buy insurance via a single platform. FinTech startup Cités Gestion developed the pioneering platform with funding from Prudential.

CG1

Structure supports success

Insurer success in the future marketplace will rely on a structured approach (see Figure 3).

  • Understanding customer preferences and conceptualizing product portfolios: Insurers can tap new data sources such as social media channels and use behavioral analytics for better understanding and more accurate estimation of their customer’s preferences and risk profile. With a deeper understanding of customers, they can conceptualize personalized product portfolios for each customer segment.
  • Recruiting the right partners: Once the product portfolio is finalized, insurers should look for partners that align with their business objectives and strategic vision. Cultural fit, ease of integration of systems, and seamless channels of communication are key success factors.
  • Structuring the offerings portfolio: Insurers should closely collaborate with partners while assembling their portfolio. A winning product/service mix offers a hyper-personalized one-stop solution for all the needs of the customer.
  • A compelling go-to-market strategy: Insurers should be able to communicate the value of the marketplace by touting human-centric offerings that customers find simple to understand and easy to access.
  • Capturing feedback: Through advanced analysis of sales data, direct customer input, social media, etc., insurers can capture feedback about their offerings. The process should be continuous rather than on an ad-hoc basis. More importantly, the input should be immediately acted upon to enhance current products or to conceptualize a new product.

CG2

To realize the full potential of the structured approach, four fundamental shifts in the current operating model are critical

For an insurer to realize the full potential of the structured approach and ensuring the successful creation of the marketplace of the future, four fundamental shifts in the current operating model are critical (see Figure 4). The importance of these areas is borne out by the research. For example:

  1. Experience: More than 70% of insurers and InsurTechs said a focus on holistic risk solutions for customers was critical to establishing a future-state insurance marketplace.
  2. Data: More than 70% said advanced data management capabilities are critical.
  3. Partnerships: 90% of InsurTechs said partnerships were critical while 70% of incumbents said the same. Both insurers and InsurTechs have a hearty appetite for collaboration with other sectors, such as healthcare providers and players from the travel, transportation, and hospitality space (see Figure 5).
  4. Shared access: However, an emerging area in which views are evolving is the transition to a shared economy. Here, less than 40% of established insurers and InsurTechs say they consider shared ownership of assets to be critical.

Industry players should understand that the four shifts – focus on experience, data, partnership, and shared access – are interrelated and critical for partnering with other entities to develop bundled offerings. Concentrating on one at the expense of others may stymie the overall efficiency of the marketplace.

CG3

Digital maturity does not match aspiration

While insurers realize the importance of these fundamental shifts, there is a significant gap between their expectations and their current digital maturity. Lack of digital maturity is the biggest concern for incumbents. While 68% of insurers said they believe partnerships are critical, only 32% are currently collaborating with ecosystem partners (see Figure 6).

Less than 40% of insurers have a holistic digital transformation strategy and are collaborating with ecosystem players to provide value-added services. Only 11% of insurers say they leverage open architecture, which is critical for working with other industry players.

CG4

CG5

Experience-led digital offerings and seamless collaboration with ecosystem players will drive marketplace success

We call firms prepared to excel in the future marketplace Inventive Insurers because they have strategically updated their product portfolios, operating models, and distribution methods. They have outlined their distinctive capabilities as well as their competency gaps and are ready to deliver end-to-end solutions in the manner customers prefer.

Pragmatic assessment (and subsequent enhancement) of a firm’s digital maturity is critical to connecting with ecosystem players seamlessly. Figure 7 shows the steps companies need to take to establish the marketplace of the future.

CG6

1. Prioritize digital agility

The critical first step in the future marketplace journey is boosting digital agility. The more quickly initiatives are implemented, the more quickly firms will enhance their digital maturity and actively participate within a connected ecosystem. Insurers must holistically adopt these critical capabilities to optimize their digital agility and seamlessly connect with partners to develop digitallyintegrated ecosystems (see Figure 8).

  • Real-time data gathering
  • Advanced analytics
  • Re-engineering complex processes and automating them

CG7

2. Build an integrated ecosystem

Seamless collaboration between insurers and their strategic partners is the backbone of a digitally integrated ecosystem. As new players enter the insurance value chain (aggregators, original equipment manufacturers (OEMs), one-stop policy management apps, and third parties such as repair stores), incumbents must strengthen their position through strategic partnerships.

Our proposed digitally-integrated ecosystem seamlessly interconnects insurers with customers and partners to enable the efficient flow of information and services (see Figure 9).

CG8

In the digitally-integrated ecosystem, customers can access insurers over various channels through extended multi-device, multi-platform, and mobility offerings. Digital integration with partners will play a crucial role as insurers seek to increase their reach and provide customers with convenient and seamless services.

Integration with aggregators and intermediaries offers insurers a choice of distribution channels. As insurers connect with individual customers through devices, real-time data can be captured and used to provide personalized offerings and value-added services.

Insurers will move beyond traditional touchpoints to become their customers’ constant risk control advisory and partner. For that to happen, however, insurers will need to join forces with third-party vendors for efficient claims management and payout, and with OEMs for real-time customer data.

APIs, cloud-based storage, and blockchain can foster insurance ecosystem integration by enabling the seamless and secure transfer of data between diverse systems. A digitally-integrated ecosystem – both within and outside the organization – will support the real-time, personalized services that customers already demand. Digital mastery can benefit top- and bottom lines and propel insurers forward.

Grasping the art of teamwork with close ecosystem players – and relevant offerings based on core capabilities – will lay the groundwork for insurers to partner profitably.

3. Create tomorrow’s marketplace

Firms must develop Inventive Insurer competencies to contribute to the successful development of tomorrow’s marketplace. These competencies include intelligent processes, open platforms, customer centricity, and an innovative mindset among team members ( see Figure 10).

CG9

Intelligent insurer. Automation, analytics, and artificial intelligence can prioritize customer experience within all operations.

  • Process efficiencies can support top-notch service with quick turnaround times.
  • Analytical competencies help insurers understand customer needs and act swiftly.
  • Robust digital governance provides monitoring and ensures compliance within today’s dynamic regulatory environment.

Open insurers leverage open platforms to build an ecosystem of partners through seamless collaboration with third parties and enable firms to participate in the value chain of third parties. Insurers with open platforms can access and integrate new data streams to cater to customers’ evolving needs, reaching them in the way they prefer via new distribution channels. Modern platform with open architecture for providing bouquet of offerings also allow firms to take a fail-fast approach to product development and innovate at a faster pace.

Deep customer competencies allow insurers to leverage data and channels for enhancing the customer experience across all touchpoints. Deep customer insights generated using advanced analytics and AI enable insurers to keep the customer at the center of all decisions.

Product agility is crucial for insurers to create new products at a faster pace and gain a competitive edge from an increased speed-to-market. Creative culture and ability to innovate at scale are critical components for achieving product agility. A creative culture
encourages novel thinking from employees and spurs openness to change.

Innovation labs and design thinking can encourage a fresh approach, especially within cultures that are hard-wired with conventional processes and culture.

Leadership support and vision are also critical. While Inventive Insurer status may be an aspirational future state, each firm’s journey is unique. An open platform used as a sandbox is an excellent place to begin developing new competencies and learning how to innovate at scale. Inventive Insurers create digital, experience-led offerings by collaborating seamlessly with other ecosystem players.

Incumbents and InsurTechs will benefit from strategic collaboration

For the most part, the industry sees InsurTech collaboration only as a means to drive growth and transform the customer experience. For example, 84% of insurers and 80% of InsurTechs say they are focusing on “developing new offerings.”

However, when it comes to the critical building blocks for the new insurance marketplace – such as developing holistic technology infrastructure and advanced data management capabilities – there are significant gaps in the expectations of insurers and InsurTechs. For example, fewer than 40% of incumbent insurers want to build holistic technology infrastructure by collaborating with InsurTech firms, while more than 60% of InsurTechs wish to work with insurers to create such a foundation.

What’s more, while data security remains a crucial concern when establishing partnerships with other industries, only around 10% of incumbents and 25% of InsurTechs say they want to focus collaborative efforts on data security.

Industry players should focus on a holistic approach while venturing into an insurer-InsurTech collaboration to prepare for the future and consider tactical plans for quick wins that may offer short-term benefits.

External partners can facilitate incumbent-InsurTech collaboration

After clearly outlining collaboration objectives, insurers must select a partner. The World InsurTech Report 2018 took a deep dive into the InsurTech landscape and offered ways in which incumbents can assess the success potential of short-to-medium term partnerships with InsurTech firms as well as longterm relationship feasibility. Finding a partner that can address technology capability gaps may require specialized third-party support.

Incumbents and InsurTechs can optimize their structured collaborative efforts by keeping four guiding pillars in mind: People, Finance, Business, and Technology (Figure 13).

CG10

People (The right individuals in the best-fit positions): Employees are a firm’s most essential assets when it comes to driving innovation, growth, expansion, and fruitful collaboration. Both partnering entities must be flexible and strive for a balance between the hierarchical nature of many traditional insurers and the flat organizational structure favored by InsurTechs.

Finance (Allocate optimal capital, realistically forecast returns): Without a defined investment and revenue model, it may be difficult to articulate a compelling value proposition. Participants need adequate capital to invest in the partnership and a proven revenue generating model to maintain positive cash flow in the not-too-distant future.

Business (Early traction, measurable success): Business traction, a proven business model, customer adoption, and value creation are must-meet goals for any potential collaboration. A new business model should solve the needs and challenges that were difficult to tackle independently. A collaborative partnership should produce a value proposition with quantifiable results.

Technology (Collaboration tools and technologies): Technology tools should be secure and enable frictionless collaboration, as well as scalability. Partner systems should securely integrate with the help of technology. Accessed information must be accurate, timely, and be regulatorily compliant. It should be scalable without affecting current systems.

New ecosystem roles will evolve as the industry transitions toward the marketplace model

As the insurance industry advances, new specialist roles are developing. In addition to the traditional integrated business role, new functions include that of Supplier, Aggregator, and Orchestrator. Close collaboration will enable incumbents and InsurTechs to maximize opportunities in each.

These roles are not business-model exclusive but business-case specific. Each ecosystem entity may mix and match positions depending on the business model in play (see Figure 15).

Established insurers and InsurTechs can also play multiple roles within an ecosystem. For example, a firm can act as both supplier and orchestrator. Similarly, one firm may be a supplier in an ecosystem, but be an orchestrator in another ecosystem.

CG11

 

Click here to access Cap Gemini’s entire report

 

Building your data and analytics strategy

When it comes to being data-driven, organizations run the gamut with maturity levels. Most believe that data and analytics provide insights. But only one-third of respondents to a TDWI survey said they were truly data-driven, meaning they analyze data to drive decisions and actions.

Successful data-driven businesses foster a collaborative, goal-oriented culture. Leaders believe in data and are governance-oriented. The technology side of the business ensures sound data quality and puts analytics into operation. The data management strategy spans the full analytics life cycle. Data is accessible and usable by multiple people – data engineers and data scientists, business analysts and less-technical business users.

TDWI analyst Fern Halper conducted research of analytics and data professionals across industries and identified the following five best practices for becoming a data-driven organization.

1. Build relationships to support collaboration

If IT and business teams don’t collaborate, the organization can’t operate in a data-driven way – so eliminating barriers between groups is crucial. Achieving this can improve market performance and innovation; but collaboration is challenging. Business decision makers often don’t think IT understands the importance of fast results, and conversely, IT doesn’t think the business understands data management priorities. Office politics come into play.

But having clearly defined roles and responsibilities with shared goals across departments encourages teamwork. These roles should include: IT/architecture, business and others who manage various tasks on the business and IT sides (from business sponsors to DevOps).

2. Make data accessible and trustworthy

Making data accessible – and ensuring its quality – are key to breaking down barriers and becoming data-driven. Whether it’s a data engineer assembling and transforming data for analysis or a data scientist building a model, everyone benefits from trustworthy data that’s unified and built around a common vocabulary.

As organizations analyze new forms of data – text, sensor, image and streaming – they’ll need to do so across multiple platforms like data warehouses, Hadoop, streaming platforms and data lakes. Such systems may reside on-site or in the cloud. TDWI recommends several best practices to help:

  • Establish a data integration and pipeline environment with tools that provide federated access and join data across sources. It helps to have point-and-click interfaces for building workflows, and tools that support ETL, ELT and advanced specifications like conditional logic or parallel jobs.
  • Manage, reuse and govern metadata – that is, the data about your data. This includes size, author, database column structure, security and more.
  • Provide reusable data quality tools with built-in analytics capabilities that can profile data for accuracy, completeness and ambiguity.

3. Provide tools to help the business work with data

From marketing and finance to operations and HR, business teams need self-service tools to speed and simplify data preparation and analytics tasks. Such tools may include built-in, advanced techniques like machine learning, and many work across the analytics life cycle – from data collection and profiling to monitoring analytical models in production.

These “smart” tools feature three capabilities:

  • Automation helps during model building and model management processes. Data preparation tools often use machine learning and natural language processing to understand semantics and accelerate data matching.
  • Reusability pulls from what has already been created for data management and analytics. For example, a source-to-target data pipeline workflow can be saved and embedded into an analytics workflow to create a predictive model.
  • Explainability helps business users understand the output when, for example, they’ve built a predictive model using an automated tool. Tools that explain what they’ve done are ideal for a data-driven company.

4. Consider a cohesive platform that supports collaboration and analytics

As organizations mature analytically, it’s important for their platform to support multiple roles in a common interface with a unified data infrastructure. This strengthens collaboration and makes it easier for people to do their jobs.

For example, a business analyst can use a discussion space to collaborate with a data scientist while building a predictive model, and during testing. The data scientist can use a notebook environment to test and validate the model as it’s versioned and metadata is captured. The data scientist can then notify the DevOps team when the model is ready for production – and they can use the platform’s tools to continually monitor the model.

5. Use modern governance technologies and practices

Governance – that is, rules and policies that prescribe how organizations protect and manage their data and analytics – is critical in learning to trust data and become data-driven. But TDWI research indicates that one-third of organizations don’t govern their data at all. Instead, many focus on security and privacy rules. Their research also indicates that fewer than 20 percent of organizations do any type of analytics governance, which includes vetting and monitoring models in production.

Decisions based on poor data – or models that have degraded – can have a negative effect on the business. As more people across an organization access data and build  models, and as new types of data and technologies emerge (big data, cloud, stream mining), data governance practices need to evolve. TDWI recommends three features of governance software that can strengthen your data and analytics governance:

  • Data catalogs, glossaries and dictionaries. These tools often include sophisticated tagging and automated procedures for building and keeping catalogs up to date – as well as discovering metadata from existing data sets.
  • Data lineage. Data lineage combined with metadata helps organizations understand where data originated and track how it was changed and transformed.
  • Model management. Ongoing model tracking is crucial for analytics governance. Many tools automate model monitoring, schedule updates to keep models current and send alerts when a model is degrading.

In the future, organizations may move beyond traditional governance council models to new approaches like agile governance, embedded governance or crowdsourced governance.

But involving both IT and business stakeholders in the decision-making process – including data owners, data stewards and others – will always be key to robust governance at data-driven organizations.

SAS1

There’s no single blueprint for beginning a data analytics project – never mind ensuring a successful one.

However, the following questions help individuals and organizations frame their data analytics projects in instructive ways. Put differently, think of these questions as more of a guide than a comprehensive how-to list.

1. Is this your organization’s first attempt at a data analytics project?

When it comes to data analytics projects, culture matters. Consider Netflix, Google and Amazon. All things being equal, organizations like these have successfully completed data analytics projects. Even better, they have built analytics into their cultures and become data-driven businesses.

As a result, they will do better than neophytes. Fortunately, first-timers are not destined for failure. They should just temper their expectations.

2. What business problem do you think you’re trying to solve?

This might seem obvious, but plenty of folks fail to ask it before jumping in. Note here how I qualified the first question with “do you think.” Sometimes the root cause of a problem isn’t what we believe it to be; in other words, it’s often not what we at first think.

In any case, you don’t need to solve the entire problem all at once by trying to boil the ocean. In fact, you shouldn’t take this approach. Project methodologies (like agile) allow organizations to take an iterative approach and embrace the power of small batches.

3. What types and sources of data are available to you?

Most if not all organizations store vast amounts of enterprise data. Looking at internal databases and data sources makes sense. Don’t make the mistake of believing, though, that the discussion ends there.

External data sources in the form of open data sets (such as data.gov) continue to proliferate. There are easy methods for retrieving data from the web and getting it back in a usable format – scraping, for example. This tactic can work well in academic environments, but scraping could be a sign of data immaturity for businesses. It’s always best to get your hands on the original data source when possible.

Caveat: Just because the organization stores it doesn’t mean you’ll be able to easily access it. Pernicious internal politics stifle many an analytics endeavor.

4. What types and sources of data are you allowed to use?

With all the hubbub over privacy and security these days, foolish is the soul who fails to ask this question. As some retail executives have learned in recent years, a company can abide by the law completely and still make people feel decidedly icky about the privacy of their purchases. Or, consider a health care organization – it may not technically violate the Health Insurance Portability and Accountability Act of 1996 (HIPAA), yet it could still raise privacy concerns.

Another example is the GDPR. Adhering to this regulation means that organizations won’t necessarily be able to use personal data they previously could use – at least not in the same way.

5. What is the quality of your organization’s data?

Common mistakes here include assuming your data is complete, accurate and unique (read: nonduplicate). During my consulting career, I could count on one hand the number of times a client handed me a “perfect” data set. While it’s important to cleanse your data, you don’t need pristine data just to get started. As Voltaire said, “Perfect is the enemy of good.”

6. What tools are available to extract, clean, analyze and present the data?

This isn’t the 1990s, so please don’t tell me that your analytic efforts are limited to spreadsheets. Sure, Microsoft Excel works with structured data – if the data set isn’t all that big. Make no mistake, though: Everyone’s favorite spreadsheet program suffers from plenty of limitations, in areas like:

  • Handling semistructured and unstructured data.
  • Tracking changes/version control.
  • Dealing with size restrictions.
  • Ensuring governance.
  • Providing security.

For now, suffice it to say that if you’re trying to analyze large, complex data sets, there are many tools well worth exploring. The same holds true for visualization. Never before have we seen such an array of powerful, affordable and user-friendly tools designed to present data in interesting ways.

Caveat 1: While software vendors often ape each other’s features, don’t assume that each application can do everything that the others can.

Caveat 2: With open source software, remember that “free” software could be compared to a “free” puppy. To be direct: Even with open source software, expect to spend some time and effort on training and education.

7. Do your employees possess the right skills to work on the data analytics project?

The database administrator may well be a whiz at SQL. That doesn’t mean, though, that she can easily analyze gigabytes of unstructured data. Many of my students need to learn new programs over the course of the semester, and the same holds true for employees. In fact, organizations often find that they need to:

  • Provide training for existing employees.
  • Hire new employees.
  • Contract consultants.
  • Post the project on sites such as Kaggle.
  • All of the above.

Don’t assume that your employees can pick up new applications and frameworks 15 minutes at a time every other week. They can’t.

8. What will be done with the results of your analysis?

A company routinely spent millions of dollars recruiting MBAs at Ivy League schools only to see them leave within two years. Rutgers MBAs, for their part, stayed much longer and performed much better.

Despite my findings, the company continued to press on. It refused to stop going to Harvard, Cornell, etc. because of vanity. In his own words, the head of recruiting just “liked” going to these schools, data be damned.

Food for thought: What will an individual, group, department or organization do with keen new insights from your data analytics projects? Will the result be real action? Or will a report just sit in someone’s inbox?

9. What types of resistance can you expect?

You might think that people always and willingly embrace the results of data-oriented analysis. And you’d be spectacularly wrong.

Case in point: Major League Baseball (MLB) umpires get close ball and strike calls wrong more often than you’d think. Why wouldn’t they want to improve their performance when presented with objective data? It turns out that many don’t. In some cases, human nature makes people want to reject data and analytics that contrast with their world views. Years ago, before the subscription model became wildly popular, some Blockbuster executives didn’t want to believe that more convenient ways to watch movies existed.

Caveat: Ignore the power of internal resistance at your own peril.

10. What are the costs of inaction?

Sure, this is a high-level query and the answers depend on myriad factors.

For instance, a pharma company with years of patent protection will respond differently than a startup with a novel idea and competitors nipping at its heels. Interesting subquestions here include:

  • Do the data analytics projects merely confirm what we already know?
  • Do the numbers show anything conclusive?
  • Could we be capturing false positives and false negatives?

Think about these questions before undertaking data analytics projects Don’t take the queries above as gospel. By and large, though, experience proves that asking these questions frames the problem well and sets the organization up for success – or at least minimizes the chance of a disaster.

SAS2

Most organizations understand the importance of data governance in concept. But they may not realize all the multifaceted, positive impacts of applying good governance practices to data across the organization. For example, ensuring that your sales and marketing analytics relies on measurably trustworthy customer data can lead to increased revenue and shorter sales cycles. And having a solid governance program to ensure your enterprise data meets regulatory requirements could help you avoid penalties.

Companies that start data governance programs are motivated by a variety of factors, internal and external. Regardless of the reasons, two common themes underlie most data governance activities: the desire for high-quality customer information, and the need to adhere to requirements for protecting and securing that data.

What’s the best way to ensure you have accurate customer data that meets stringent requirements for privacy and security?

For obvious reasons, companies exert significant effort using tools and third-party data sets to enforce the consistency and accuracy of customer data. But there will always be situations in which the managed data set cannot be adequately synchronized and made consistent with “real-world” data. Even strictly defined and enforced internal data policies can’t prevent inaccuracies from creeping into the environment.

sas3

Why you should move beyond a conventional approach to data governance?

When it comes to customer data, the most accurate sources for validation are the customers themselves! In essence, every customer owns his or her information, and is the most reliable authority for ensuring its quality, consistency and currency. So why not develop policies and methods that empower the actual owners to be accountable for their data?

Doing this means extending the concept of data governance to the customers and defining data policies that engage them to take an active role in overseeing their own data quality. The starting point for this process fits within the data governance framework – define the policies for customer data validation.

A good template for formulating those policies can be adapted from existing regulations regarding data protection. This approach will assure customers that your organization is serious about protecting their data’s security and integrity, and it will encourage them to actively participate in that effort.

Examples of customer data engagement policies

  • Data protection defines the levels of protection the organization will use to protect the customer’s data, as well as what responsibilities the organization will assume in the event of a breach. The protection will be enforced in relation to the customer’s selected preferences (which presumes that customers have reviewed and approved their profiles).
  • Data access control and security define the protocols used to control access to customer data and the criteria for authenticating users and authorizing them for particular uses.
  • Data use describes the ways the organization will use customer data.
  • Customer opt-in describes the customers’ options for setting up the ways the organization can use their data.
  • Customer data review asserts that customers have the right to review their data profiles and to verify the integrity, consistency and currency of their data. The policy also specifies the time frame in which customers are expected to do this.
  • Customer data update describes how customers can alert the organization to changes in their data profiles. It allows customers to ensure their data’s validity, integrity, consistency and currency.
  • Right-to-use defines the organization’s right to use the data as described in the data use policy (and based on the customer’s selected profile options). This policy may also set a time frame associated with the right-to-use based on the elapsed time since the customer’s last date of profile verification.

The goal of such policies is to establish an agreement between the customer and the organization that basically says the organization will protect the customer’s data and only use it in ways the customer has authorized – in return for the customer ensuring the data’s accuracy and specifying preferences for its use. This model empowers customers to take ownership of their data profile and assume responsibility for its quality.

Clearly articulating each party’s responsibilities for data stewardship benefits both the organization and the customer by ensuring that customer data is high-quality and properly maintained. Better yet, recognize that the value goes beyond improved revenues or better compliance.

Empowering customers to take control and ownership of their data just might be enough to motivate self-validation.

Click her to access SAS’ detailed analysis

Optimize for both Social and Business Value – Building Resilient Businesses, Industries, and Societies

Why Is Corporate Capitalism at a Tipping Point?

Stakeholders are beginning to pressure companies and investors to go beyond financial returns and take a more holistic view of their impact on society. This should not surprise us. After all, we have lived through two decades of hyper-transformation, during which rapidly evolving digital technologies, globalization, and massive investment flows have stressed and reshaped every aspect of business and society.

As in previous transformations, the winners created new dimensions of competition and built innovative business models that increased returns for shareholders. Many others found their businesses at risk of being disrupted, with familiar formulas no longer working. To meet the unwavering demands of Wall Street, many companies relentlessly optimized operating models, streamlined and concentrated supply chains, and specialized their assets and teams — leaving them less resilient and less adaptable to shifting markets and trade flows. The resulting waves of corporate restructuring, consolidation, and repositioning have fractured companies’ cultures and undermined their social contracts.

Furthermore, this hyper-transformation cascaded beyond individual companies and created socio-economic dynamics that left many people and communities economically disadvantaged and politically polarized. Combined with the increasing shared anxiety that the earth’s climate is changing faster than the planet can adapt, a global zeitgeist of risk and insecurity has emerged. We will enter the 2020s with more citizens, investors, and leaders convinced that the way business, capital, and government work must change — and change quickly.

We now must rethink the sustainability of the whole system in the face of extreme externalities — or risk losing social and political permission for further progress. The 2030 UN Sustainable Development Goals (SDGs) identify the moral and existential threats that we must meet head-on. While some question the SDGs’ breadth and timeline, most agree that, if achieved, they would create a more just, inclusive, and sustainable world.

Goal 17 calls for new engagement by companies and capital in partnership for collective action across the public, social, and private sectors. Five years into the SDG agenda, there is ample evidence that governments, investors, and companies are beginning to exercise their capacity to create much-needed change.

Change Is Underway but Is Hardly Sufficient

Many institutional investors are racing to integrate ESG (environmental, social, and governance) assessments into their decision making, and they are expecting companies to report on how they deliver on those metrics. New efforts promote radical disclosure, like the Bloomberg/Carney TCFD (Task Force on Climate-Related Financial Disclosures), which encourages signatories to report on the climate risks of their financial holdings.

New standards initiatives are creating a foundation for nonfinancial performance accounting, and the prospect of widespread “integrated reporting” seems realistic. Companies are investing in “purpose” and defining their contributions to society against material ESG factors and SDG goals. Corporate sustainability and CSR (Corporate Social Responsibility) functions, historically on the sidelines, are now being integrated into line business activity, with progressive companies expanding the scope of competition to include differentiation on environmental and societal dimensions. And through industry consortia, many companies are taking collective action on issues that both threaten their right to operate and open up new opportunities for their industries.

Such examples are important early signals that the context for business is changing. However, for all the progress on commitments, agreements, metrics, and policies, there has been little aggregate progress against top-level goals, like

  • reducing CO2 emissions,
  • cutting plastics waste,
  • or narrowing social and economic inequality within nations.

Without demonstrable impact and collective progress, social and political pressure will only build, further threatening the legitimacy of corporate capitalism.

A New Societal Context for Business

Companies will face escalating social activism by investors, stakeholders, social mission organizations, and policymakers on issues of

  • climate risk,
  • economic inequality,
  • and societal well-being.

Governments and local communities will set a higher bar for a company’s right to operate, and in a connected world a company’s local performance will quickly affect its global reputation and trigger social and regulatory consequences. Stakeholders will expect radical transparency on ESG performance.

This will shift investors’ perceptions of a company’s risk and opportunity, skewing capital toward those that deliver both financial returns and positive societal impact. To satisfy a growing demographic of socially minded consumers and businesses, companies will need to demonstrate “good products doing good” and anchor their brands and identity around a credible purpose.

Talent will gravitate toward companies that give employees a line-of-sight to making the world better while also providing a fulfilling career. To win, companies will need to define competition more broadly, adding new dimensions of value through

  • environmental sustainability,
  • holistic well-being,
  • economic inclusion,
  • and ethical content.

This will require radical business model innovation

  • to enable circular economies for precious resources;
  • to provide assets that are shared rather than owned;
  • to broaden access and inclusion;
  • and to multiply positive societal impact.

At this critical moment for corporate capitalism, business is more trusted than government, according to the Edelman Trust Barometer. Farsighted corporate leaders will see the opportunity for their industries to

  • mitigate environmental and societal threats,
  • catalyze collective action to discover new solutions,
  • shape wider ecosystems,
  • and expand trust with stakeholders.

Such actions will be indispensable to strengthen social permission for corporate capitalism before it is further undermined.

CEOs Need an Agenda for Value and the Common Good

We frame the journey to new corporate value and the common good around six imperatives.

It begins with reimagining corporate strategy, then

  • involves transforming the business model,
  • reframing performance and scorekeeping,
  • leading a purpose-filled organization,
  • practicing corporate statesmanship,
  • and elevating governance.

BCG 1

While challenging to execute, we argue that this agenda will be essential to create a great company, a great stock, a great impact, and a great legacy.

Reimagine Corporate Strategy

We believe few companies have strategies for this new era of business. The following exhibit illustrates the ambition of such a strategy, which establishes competitive advantage at the intersection of

  • shareholder value,
  • corporate longevity,
  • and societal impact.

The “quality” of the strategy is thus judged by how it delivers both total shareholder returns and total societal impact.

BCG 2

Consequently, it widens the scope of competition to encompass creating rich differentiation and relative advantage in multiple areas of societal value. It embeds “social value” into new business constructs, shared value chains, and reconstructed ecosystems.

It also opens, broadens, and deepens markets to enable access and inclusion. And it expands the scope of business by calling for coalitions for collective action that address existential risks to environmental and societal ecosystems.

This new type of strategy flips leadership’s perspective from “company-out” to “societal needs-in,” by asking how a specific SDG target could be met by extending the company’s capabilities, assets, products, services, and ecosystem—and those of its industry. The following exhibit lists ten questions that strategists should incorporate into their strategy processes to ensure that they embrace the opportunity to create both shareholder returns and societal impact.

BCG 3

However, these new strategies cannot simply be grafted onto existing business models. Business models themselves will need to be transformed. Sustainable business model innovation (S-BMI) takes a much wider perspective than traditional business model innovation by considering

  • a broader set of stakeholders;
  • the system dynamics of the socio-environmental context;
  • longer time horizons for sustaining adaptable advantage;
  • the limits of business model scale, viability, and resilience;
  • the cradle-to-grave production and consumption cycle;
  • and the points of leverage for profitable and sustainable transformation.

Transform Business Models

We can already observe seven topologies for sustainable business model innovation, sometimes in combination, all with the potential to increase both financial returns and societal benefits.

  • Own the origins. Compete on capturing and differentiating the “social value” of inputs to production processes, products, or services. For example,
    • pursue cleaner energy,
    • sustainable practices,
    • preserved biodiversity,
    • recycled content,
    • inclusive and empowering work practices,
    • minimized waste,
    • digitized traceability,
    • fair trade, and so on.

Performance here will require differentially advancing the societal performance of the supplier base and its stewardship of resources, communities, and trade flows. Achieving this may require backward integration to ensure fast and complete upstream transformation and then holding and using these new capabilities for competitive advantage and differentiation.

  • Own the whole cycle. Compete by creating societal impact through the whole product usage cycle, from creation through end of life. This competitive typology puts a wide aperture on the business and requires systems analysis to uncover business models that offer the richest competitive and financial options. For example,
    • designing for circularity, recyclability, and waste to value;
    • creating offerings that enable sharing rather than owning to ensure high utilization of resources and end-of-life value;
    • constructing infrastructure to facilitate circularity and repurposing;
    • integrating into other value chains to capture societal value;
    • educating and enabling consumers to choose whole-cycle propositions on the basis of value to people and planet.

To achieve these ends, expect to reposition operations, reinvent supply chains and distribution networks, pursue new backward or forward integration, acquire business adjacencies, or undertake unconventional strategic partnering.

  • Expand “social value.” Compete by expanding the value of products or services on six dimensions:
    • economic gains,
    • environmental sustainability,
    • customer well-being,
    • ethical content,
    • societal enablement,
    • and access and inclusion.

Then advocate new standards, increase transparency and traceability, tune marketing and segmentation, engage customers on the product’s wider value and their involvement in bigger change, and seek premium pricing. In business-to-business offerings, help customers integrate the full social value of your products, services, and business model into their own differentiation and ESG ambitions.

  • Expand the chains. Compete by extending the company’s value chain, layering onto other industries’ value chains to extend the reach of your products and services and the societal impact for both parties, while changing the economics and risks of doing so. For example,
    • use the reach of a consumer products distribution system to extend payments and financial services to small merchants;
    • layer one company’s health services onto another company’s physical supply chain to benefit its workers and their families while expanding markets for health services;
    • or use the byproducts of one company’s operations as feedstock in other companies’ value chains.
  • Energize the brand. Compete by digitally encoding, promoting, and monetizing the full accumulated social value that is embedded in products and services, along the whole value chain— from origins to customer, from cradle to grave. Use such data to rethink differentiation, the brand experience, customer engagement, pricing for value, ESG reporting, investor engagement, and even potential new businesses. For example,
    • strengthen the brand with promotions that showcase the business’s performance on the open, clean, green, renewable, and inclusive attributes of its operations;
    • and increase customer engagement and loyalty by using data on the product’s environmental and societal footprint to empower customers in choosing how their lifestyle affects the planet and its people.
  • Relocalize and regionalize. Compete by contracting and reconnecting global value chains to bring societal benefits closer to home markets in ways stakeholders value. For example,
    • build local and regional brands that better express local tastes and values;
    • source from smaller local producers to minimize logistics emissions and strengthen local economies;
    • reimagine production networks against total environmental and societal costs;
    • capture local waste streams as feedstocks for other activities;
    • or reconstitute jobs for microwork to use local talent.
  • Build across sectors. Compete by creating models that include the public and social sectors to improve the company’s business and societal proposition, particularly in emerging and rapidly developing economies. For example,
    • work alongside governmental bilateral aid institutions and NGO development organizations to improve the agricultural capacity of small farmers so they become reliable sources of agricultural inputs to the agro-processing value chain;
    • partner with global environmental organizations and governments to promote the reuse of ocean plastics as feedstocks to production systems;
    • partner with governments to strengthen social safety nets and prevent corruption through digitization and electronic payments;
    • or partner across sectors to restructure recycling systems to enable higher penetration of waste-to-value business models.

Extend this into industry coalitions for collective action that reshape broader rights to operate and generate new opportunities.

All seven types of S-BMI create new sources of differentiation, operating advantage, network dynamics, and societal value — enabling more durable and resilient businesses that benefit shareholders and society. But to assess and improve the performance of these business models and communicate their value, we need to expand today’s scorecards.

Click her to access BCG’s full article

 

From Risk to Strategy : Embracing the Technology Shift

The role of the risk manager has always been to understand and manage threats to a given business. In theory, this involves a very broad mandate to capture all possible risks, both current and future. In practice, however, some risk managers are assigned to narrower, siloed roles, with tasks that can seem somewhat disconnected from key business objectives.

Amidst a changing risk landscape and increasing availability of technological tools that enable risk managers to do more, there is both a need and an opportunity to move toward that broader risk manager role. This need for change – not only in the risk manager’s role, but also in the broader approach to organizational risk management and technological change – is driven by five factors.

Marsh Ex 1

The rapid pace of change has many C-suite members questioning what will happen to their business models. Research shows that 73 percent of executives predict significant industry disruption in the next three years (up from 26 percent in 2018). In this challenging environment, risk managers have a great opportunity to demonstrate their relevance.

USING NEW TOOLS TO MANAGE RISKS

Emerging technologies present compelling opportunities for the field of risk management. As discussed in our 2017 report, the three levers of data, analytics, and processes allow risk professionals a framework to consider technology initiatives and their potential gains. Emerging tools can support risk managers in delivering a more dynamic, in-depth view of risks in addition to potential cost-savings.

However, this year’s survey shows that across Asia-Pacific, risk managers still feel they are severely lacking knowledge of emerging technologies across the business. Confidence scores were low in all but one category, risk management information systems (RMIS). These scores were only marginally higher for respondents in highly regulated industries (financial services and energy utilities), underscoring the need for further training across all industries.

Marsh Ex 3

When it comes to technology, risk managers should aim for “digital fluency, a level of familiarity that allows them to

  • first determine how technologies can help address different risk areas,
  • and then understand the implications of doing so.

They need not understand the inner workings of various technologies, as their niche should remain aligned with their core expertise: applying risk technical skills, principles, and practices.

CULTIVATING A “DIGITAL-FIRST” MIND-SET

Successful technology adoption does not only present a technical skills challenge. If risk function digitalization is to be effective, risk managers must champion a cultural shift to a “digital-first” mindset across the organization, where all stakeholders develop a habit of thinking about how technology can be used for organizational benefit.

For example, the risk manager of the future will be looking to glean greater insights using increasingly advanced analytics capabilities. To do this, they will need to actively encourage their organization

  • to collect more data,
  • to use their data more effectively,
  • and to conduct more accurate and comprehensive analyses.

Underlying the risk manager’s digitalfirst mind-set will be three supporting mentalities:

1. The first of these is the perception of technology as an opportunity rather than a threat. Some understandable anxiety exists on this topic, since technology vendors often portray technology as a means of eliminating human input and labor. This framing neglects the gains in effectiveness and efficiency that allow risk managers to improve their judgment and decision making, and spend their time on more value-adding activities. In addition, the success of digital risk transformations will depend on the risk professionals who understand the tasks being digitalized; these professionals will need to be brought into the design and implementation process right from the start. After all, as the Japanese saying goes, “it is workers who give wisdom to the machines.” Fortunately, 87 percent of PARIMA surveyed members indicated that automating parts of the risk manager’s job to allow greater efficiency represents an opportunity for the risk function. Furthermore, 63 percent of respondents indicated that this was not merely a small opportunity, but a significant one (Exhibit 6). This positive outlook makes an even stronger statement than findings from an earlier global study in which 72 percent of employees said they see technology as a benefit to their work

2. The second supporting mentality will be a habit of looking for ways in which technology can be used for benefit across the organization, not just within the risk function but also in business processes and client solutions. Concretely, the risk manager can embody this culture by adopting a data-driven approach, whereby they consider:

  • How existing organizational data sources can be better leveraged for risk management
  • How new data sources – both internal and external – can be explored
  • How data accuracy and completeness can be improved

“Risk managers can also benefit from considering outside-the-box use cases, as well as keeping up with the technologies used by competitors,” adds Keith Xia, Chief Risk Officer of OneHealth Healthcare in China.

This is an illustrative rather than comprehensive list, as a data-driven approach – and more broadly, a digital mind-set – is fundamentally about a new way of thinking. If risk managers can grow accustomed to reflecting on technologies’ potential applications, they will be able to pre-emptively spot opportunities, as well as identify and resolve issues such as data gaps.

3. All of this will be complemented by a third mentality: the willingness to accept change, experiment, and learn, such as in testing new data collection and analysis methods. Propelled by cultural transformation and shifting mind-sets, risk managers will need to learn to feel comfortable with – and ultimately be in the driver’s seat for – the trial, error, and adjustment that accompanies digitalization.

MANAGING THE NEW RISKS FROM EMERGING TECHNOLOGIES

The same technological developments and tools that are enabling organizations to transform and advance are also introducing their own set of potential threats.

Our survey shows the PARIMA community is aware of this dynamic, with 96 percent of surveyed members expecting that emerging technologies will introduce some – if not substantial – new risks in the next five years.

The following exhibit gives a further breakdown of views from this 96 percent of respondents, and the perceived sufficiency of their existing frameworks. These risks are evolving in an environment where there are already questions about the relevance and sufficiency of risk identification frameworks. Risk management has become more challenging due to the added complexity from rapid shifts in technology, and individual teams are using risk taxonomies with inconsistent methodologies, which further highlight the challenges that risk managers face in managing their responses to new risk types.

Marsh Ex 9

To assess how new technology in any part of the organization might introduce new risks, consider the following checklist :

HIGH-LEVEL RISK CHECKLIST FOR EMERGING TECHNOLOGY

  1. Does the use of this technology cut across existing risk types (for example, AI risk presents a composite of technology risk, cyber risk, information security risk, and so on depending on the use case and application)? If so, has my organization designated this risk as a new, distinct category of risk with a clear definition and risk appetite?
  2. Is use of this technology aligned to my company’s strategic ambitions and risk appetite ? Are the cost and ease of implementation feasible given my company’s circumstances?
  3. Can this technology’s implications be sufficiently explained and understood within my company (e.g. what systems would rely on it)? Would our use of this technology make sense to a customer?
  4. Is there a clear view of how this technology will be supported and maintained internally, for example, with a digitally fluent workforce and designated second line owner for risks introduced by this technology (e.g. additional cyber risk)?
  5. Has my company considered the business continuity risks associated with this technology malfunctioning?
  6. Am I confident that there are minimal data quality or management risks? Do I have the high quality, large-scale data necessary for advanced analytics? Would customers perceive use of their data as reasonable, and will this data remain private, complete, and safe from cyberattacks?
  7. Am I aware of any potential knock-on effects or reputational risks – for example, through exposure to third (and fourth) parties that may not act in adherence to my values, or through invasive uses of private customer information?
  8. Does my organization understand all implications for accounting, tax, and any other financial reporting obligations?
  9. Are there any additional compliance or regulatory implications of using this technology? Do I need to engage with regulators or seek expert advice?
  10. For financial services companies: Could I explain any algorithms in use to a customer, and would they perceive them to be fair? Am I confident that this technology will not violate sanctions or support crime (for example, fraud, money laundering, terrorism finance)?

SECURING A MORE TECHNOLOGY-CONVERSANT RISK WORKFORCE

As risk managers focus on digitalizing their function, it is important that organizations support this with an equally deliberate approach to their people strategy. This is for two reasons, as Kate Bravery, Global Solutions Leader, Career at Mercer, explains: “First, each technological leap requires an equivalent revolution in talent; and second, talent typically becomes more important following disruption.”

While upskilling the current workforce is a positive step, as addressed before, organizations must also consider a more holistic talent management approach. Risk managers understand this imperative, with survey respondents indicating a strong desire to increase technology expertise in their function within the next five years.

Yet, little progress has been made in adding these skills to the risk function, with a significant gap persisting between aspirations and the reality on the ground. In both 2017 and 2019 surveys, the number of risk managers hoping to recruit technology experts has been at least 4.5 times the number of teams currently possessing those skills.

Marsh Ex 15

EMBEDDING RISK CULTURE THROUGHOUT THE ORGANIZATION

Our survey found that a lack of risk management thinking in other parts of the organization is the biggest barrier the risk function faces in working with other business units. This is a crucial and somewhat alarming finding – but new technologies may be able to help.

Marsh Ex 19

As technology allows for increasingly accurate, relevant, and holistic risk measures, organizations should find it easier to develop risk-based KPIs and incentives that can help employees throughout the business incorporate a risk-aware approach into their daily activities.

From an organizational perspective, a first step would be to describe risk limits and risk tolerance in a language that all stakeholders can relate to, such as potential losses. Organizations can then cascade these firm-wide risk concepts down to operational business units, translating risk language into tangible and relevant incentives that encourages behavior that is consistent with firm values. Research shows that employees in Asia want this linkage, citing a desire to better align their individual goals with business goals.

The question thus becomes how risk processes can be made an easy, intuitive part of employee routines. It is also important to consider KPIs for the risk team itself as a way of encouraging desirable behavior and further embedding a risk-aware culture. Already a majority of surveyed PARIMA members use some form of KPIs in their teams (81 percent), and the fact that reporting performance is the most popular service level measure supports the expectation that PARIMA members actively keep their organization informed.

Marsh Ex 21

At the same time, these survey responses also raise a number of questions. Forty percent of organizations indicate that they measure reporting performance, but far fewer are measuring accuracy (15 percent) or timeliness (16 percent) of risk analytics – which are necessary to achieve improved reporting performance. Moreover, the most-utilized KPIs in this year’s survey tended to be tangible measures around cost, from which it can be difficult to distinguish a mature risk function from a lucky one.

SUPPORTING TRANSFORMATIONAL CHANGE PROGRAMS

Even with a desire from individual risk managers to digitalize and complement organizational intentions, barriers still exist that can leave risk managers using basic tools. In 2017, cost and budgeting concerns were the single, standout barrier to risk function digitalization, chosen by 67 percent of respondents, well clear of second placed human capital concerns at 18 percent. This year’s survey responses were much closer, with a host of ongoing barriers, six of which were cited by more than 40 percent of respondents.

Marsh Ex 22

Implementing the nuts and bolts of digitalization will require a holistic transformation program to address all these barriers. That is not to say that initiatives must necessarily be massive in scale. In fact, well-designed initiatives targeting specific business problems can be a great way to demonstrate success that can then be replicated elsewhere to boost innovation.

Transformational change is inherently difficult, in particular where it spans both technological as well as people dimensions. Many large organizations have generally relied solely on IT teams for their “digital transformation” initiatives. This approach has had limited success, as such teams are usually designed to deliver very specific business functionalities, as opposed to leading change initiatives. If risk managers are to realize the benefits of such transformation, it is incumbent on them to take a more active role in influencing and leading transformation programs.

Click here to access Marsh’s and Parima’s detailed report

Optimizing Your GRC Technology Ecosystem

Most organizations rely on multiple technologies to manage GRC across the enterprise. Optimizing a GRC technology ecosystem aligned with a defined GRC process structure improves risk-informed business decisions and achievement of strategic business objectives. This illustration outlines ways to continuously optimize your GRC technology ecosystem for

  • greater process consistency
  • and development of actionable information.

An integrated GRC technology ecosystem built on common vocabulary, taxonomy and processes enables

  • more accurate and timely reporting,
  • increased reliability of achievement of objectives
  • and greater confidence in assurance with less burden on the business.

Here are just a few of the key benefits:

Process and Technology Alignment

  • Common methods for core tasks, uniform taxonomies, and consistent vocabulary for governance, risk management and compliance across the organization
  • Risk-based actions and controls that ensure timely responses to changed circumstances
  • Standardized GRC processes based on understanding where in the organization each defined process takes place and how data is used in managing risks and requirements
  • Connected technologies as necessary to gain a complete view of the management actions, controls and information needed by each user

Governance Systems to include:

  • Strategy / Performance
  • Board Management
  • Audit & Assurance Tools

Risk Systems to include:

  • Brand & Reputation
  • Finance / Treasury Risk
  • Information / IT Risk
  • External Risk Content
  • Third Party Risk

Compliance Systems to include:

  • Policies
  • Helpline / Hotline
  • Training
  • EHS (Environment Health and Safety)
  • Fraud / Corruption
  • Global Trade
  • Privacy
  • Regulatory Change
  • AML (Anti Money Laundering) / KYC (Know Your Customer)

Enabling Systems to include:

  • Data Visualization
  • Analytics
  • Business Intelligence
  • Predictive Tools
  • External Data Sources

Protective Systems to include:

  • Information Security
  • Data Protection
  • Assets Control

Benefits and Outcomes

  • Enhanced tracking of achievement of objectives and obstacles
  • Connected reporting for board/management/external stakeholders
  • Timely understanding of impact from operational decisions
  • Actionable view of changes needed to meet regulatory requirements
  • Clear action pathways for resolution of issues and process reviews
  • Consistent risk assessments feeding into advanced analytics
  • Improved predictive capabilities to support strategic planning
  • Control testing and audit trails for response to regulators and auditors
  • Greater confidence in assurance with less burden on the business
  • Enterprise-wide, departmental and geographic control standards

OCEG

Tips for Optimization

1. Process Framework

  • Identify tasks appropriate for standardization and schedule implementation across units
  • Assess vocabulary used throughout organization for inconsistencies and establish rules
  • Adjust process model periodically to continue alignment with business objectives and activities

2. Technology Ecosystem

  • Periodically review GRC technologies for gaps and duplication of systems
  • Assess appropriateness of connection of systems for data sharing and user access
  • Maintain a current road map for re-purposing and acquisition of technologies

3. Outcome Management

  • Apply standard processes for resolution of issues and remediation of identified process framework or technology ecosystem weaknesses
  • Enhance reporting capabilities with refined report structure and delivery methods/schedules
  • Ensure all users apply the process framework and understand how best to use the technology

Click here to access OCEG’s illustration in detail

Internal Audit’s Guide to Planning, Managing and Addressing Risks

As time passes and the modern-day enterprise evolves, so does the role of the internal auditor. What was once a function that was perceived as rule enforcers and compliance police is expanding into one that is a trusted advisor within the business. The last several years have introduced an enormous amount of change, but the proliferation of technology within the enterprise is accelerating every aspect; from operations to decision making.

The progressive steps organizations are taking as a result of the digital age present a bevy of benefits, but in turn, create a slew of challenges and risks. Subsequently, the internal audit function has been forced to adapt along the way, assuring key stakeholders in the business that risks have been identified, but above all, addressed and mitigated.

While identifying and managing risks tied to the business fall on management, it’s internal audit’s responsibility to focus on closing the loop. That’s why our second article focuses on the effective audit follow up, in addition to outlining the how and when tied to escalating risks.

A DYNAMIC AND ITERATIVE PROCESS

The COSO Internal Control – Integrated Framework (2013) provides that a “risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives.” (emphasis added). To be effective, internal audit should be aware of and responsive to changes in known risks and additionally the emergence of new ones.

A purpose for the traditional (i.e., annual risk assessment) is to allow internal audit to develop a planning horizon which is understood by stakeholders and, in particular, executive management and the audit committee as a basis for the risks identified. In this process there can also be a push to finalize the internal audit “plan” so that budgets, schedules and staffing can be arranged.

With the emerging concept of “risk velocity”—measuring how fast a risk may affect an organization—is recognition that the typical risk assessment process is one that is not dynamic and iterative nor responsive to change in real time. Change does not occur on an annual basis. The move to a continuous and dynamic audit plan is significant for most internal audit departments. Some departments are already moving on this path and have had to adjust from a static process focused on listening to management on a seasonal basis to monitoring business objectives and risks that are rapidly changing.

Tony Redlinger, internal audit director with IHS Markit, observes the difficulties of the timely capture of risks as “asking the pertinent questions often without the broader knowledge of what the business is getting into, where the technology often advances much faster than the controls.”

BEYOND THE TYPICAL INTERNAL AUDIT RISK ASSESSMENT

What approaches internal audit functions can take to ramp up the process to achieve more dynamic audit planning?

One technique is to increase the frequency of the process and design a rolling service of assessments and audit planning. If existing processes can be made more streamlined and efficient, the time trajectory can be intensified to occur more frequently. Potentially, a concerted effort can result in an audit plan being updated every six months instead of annually. Since the risk identification process ideally is ongoing, management should be encouraged to implement a schedule to periodically review risks, while reserving the ability to accelerate reviews if a company objective changes, or risk factors increase.

For example, if management is considering an acquisition in a new jurisdiction, it could require the reevaluation of risk factors to determine how the decision could impact operations. Such processes can be formally linked into internal audit planning. Of course, existing sources of risk information should be identified and integrated into internal audit planning.

Other assessment processes including Enterprise Risk Management activities, department self-assessments and other functionspecific reviews in high-impact areas depending on industry (e.g., environmental hazards, cybersecurity threats, etc.), should connect and feed into internal audit processes.

Internal Audit 1

TECHNOLOGY TOOLS AND REALISM ABOUT SURVEYS

In the typical risk assessment, preparatory materials are provided and participants are asked a series of questions during sessions with audit staff. This process is expected to produce information to guide the allocation of resources and activities within internal audit so as to optimize the match between the company’s greatest risks and the corresponding mitigation efforts. The availability of sophisticated technology tools such as online surveys can seem to make it cheap and easy to gather voluminous data from a larger population, and to conduct statistical analysis of that data.

Dr. Hernan Murdock, vice president of the audit division at MISTI, finds surveys and questionnaires to be a technique to collect information. “[Questionnaires] promote risk and control awareness, while encouraging transparency and accountability,” he says.

Potentially, this means we can conduct a much larger assessment with the same resources. There is definitely a place for crowdsourcing risk as well as casting a wide net for particular fact patterns of concern, such as use of third-party sales intermediaries or collection of consumer personal data. Still, more data is not always better data. The essence of a good risk assessment is not popular opinion, mechanically sliced and diced; it is informed opinion and expert judgment applied to the facts. Be careful with gathering far more data than can be followed up on or that can be analyzed meaningfully which can result in human-judgment bottlenecks in the process.

Ordinarily, risk assessments gather information from senior executives and managers, as well as a sample of senior operational personnel in the business units. To the extent that “risk owners” are not in these groups, they are usually sought out, and sometimes manager-level input is also requested.

Front-line workers should be considered as well. It’s usually those who are in the details on a daily basis that have the best perspectives on risks and low-hanging fruit when it comes to increasing operational efficiency.

THE RISK OF THE INTERNAL AUDIT RISK ASSESSMENT

Here we are not talking about the risk assessment that drives the audit plan. Rather, this is the risk that the internal audit function itself will not achieve its objectives as a result of the risk assessment. Should you perform this type of quality engagement as well? See IIA’s Standards for the Professional Practice of Internal Auditing 2120—Risk Management: “The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.”

The internal audit function in this regard should consider risks such as:

  • The potential that the audit risk assessment is inaccurate or incomplete leading to an ineffective audit plan
  • Audit staffing that is insufficient in terms of quality and capacity to deliver useful results on every engagement
  • Changes in business and risk not promptly identified so that the audit plan can be updated
  • Audit communications failing to provide information organizational stakeholders need, when they need it
  • Governance roles not able to understand audit results and their implications for management of the organization

Internal Audit 2

Beyond Quality: The Four-Part Approach for Audit Efficiency and Effectiveness

STEP 1: PLAN FOR ORGANIZATIONAL GROWTH

While the concept of quality is uniform for internal auditors of different varieties and capacities, effectiveness and efficiency can vary from organization to organization. Accordingly, clear definitions for these terms—the expectations for your team—must be established and adopted to plan for growth.

Use these questions as guidance when defining exactly what effectiveness and efficiency mean for you and your team:

  • Are we equipped with the up-to-date tools needed to conduct the best work possible?
  • Do we have the right resources and skill sets required to deliver our audit plan?
  • Are we contributing to organizational improvement? If so, can others see this?
  • Have we obtained any validation of our team’s quality, such as notification from managers or executives?
  • Is feedback effectively distributed to team members, so they know what areas to improve?
  • What quantifiable metrics can we associate with these definitions?

While you and your team’s definitions of effectiveness and efficiency are crucial, it is also important to gain the approval of key stakeholders involved in internal audit.

A major reason that process improvement initiatives fail, according to one Harvard Business Review article is that the people whose work will be directly impacted are often left out of the process.

Accordingly, feedback from stakeholders at the helm of the financial success of your company should also be incorporated. Here are a few stakeholders who should weigh in on your definitions of effectiveness and efficiency:

  1. Internal stakeholders: Board of directors, audit committee, executives, senior management and department leads
  2. External stakeholders: Regulators, standard-setters, vendors, customers and external audit teams

STEP 2: DO THE WORK NEEDED TO SET EXPECTATIONS

The second step of this process continues to articulate the definitions of effectiveness and efficiency, and sets expectations for your team.

By this stage, you should have an internal definition of effectiveness and efficiency, and you have tempered that definition in the context of what key internal and external stakeholders need. To better set your organization up for success, make these definitions more actionable and specific through the assignation of qualitative and quantitative metrics.

As described in a Forbes article, Forrester reports 74 percent of firms say they want to be “data-driven,” but only 29 percent are actually successful at connecting analytics to action. Actionable insights appear to be the missing link for companies that want
to drive business outcomes from their data.

Make these definitions more actionable and specific for your team by assigning qualitative and quantitative metrics for each. To collect qualitative and quantitative metrics, try the following tactics:

  • Look back at past performance data to determine quantitative metrics:
    • How many audits were scheduled?
    • How many were completed?
    • How was staff utilized?
    • What were the budgeted hours as compared to the actual hours?
  • Go on a listening tour of departments impacted by your work to determine qualitative metrics:
    • What do clients think of your team’s performance?
    • What do other internal stakeholders think of your team’s performance?
    • Do they consider you and your team leaders in their role or order-takers?
    • Would they want to engage in future projects with your team?

With these actionable definitions in hand, the expectations for your team should be crystal clear. It is ultimately up to chief audit executives to hold their teams accountable for efficient and effective—along with quality—work.

STEP 3: CHECK PROGRESS AGAINST SET EXPECTATIONS

To check the quality, effectiveness, and efficiency of your team’s work, internal audit leaders should look at individual performance on an ongoing basis—not just an annual one. After all, it is easier and less problematic for leaders to reevaluate individual performance in small increments before it becomes a major issue.

In organizations of all sizes, a traditional once-per-year approach to employee reviews is fading away in favor of more ongoing ones. As a Washington Post article describes, today’s employees have come to expect instant feedback in many other areas of their lives, and performance reviews should be the same. Besides, the article states, one report found that two-thirds of employees who receive the highest scores in a typical performance management system are not actually the organization’s highest performers.

Chief audit executives should encourage the completion of self-appraisals. A Harvard Business Review article explains that an effective self-appraisal should focus on what you have accomplished and talk about weaknesses carefully, using language with an emphasis on growth and improvement, rather than admonishment. Highlight your team’s blind spots that they might not be aware exists.

In short, employees want more frequent and iterative assessments of their work, and internal audit leaders need to step up to deliver this and ensure quality, effectiveness, and efficiency at all stages.

STEP 4: ACT UPON WHAT YOU HAVE LEARNED

By this step, internal audit leaders have an array of tools at their disposal, including:

  • Actionable definitions of effectiveness and efficiency for their teams
  • Qualitative and quantitative metrics to bolster these definitions
  • Information gathered from self- and manager-guided evaluations
  • An understanding of how team members have performed along these guidelines

With this information in hand, many opportunities for growth are apparent—simply compare where you want your team members to be against where they are right now. By
implementing these fact-based changes into your internal audit processes, leaders set the stage for cyclical organizational and personal improvement.

According to a survey, this type of continuous improvement yields a positive ROI for organizations, helping increase revenue, along with saving time and money—an average annual impact of $6,000. Additionally, these improvements are designed to compound with each cycle.

Just as the approach to monitoring and improving audit quality is ongoing and cyclical—there are always improvements yet to be made—this approach to improving effectiveness and efficiency is fluid as well.

By weaving this four-part process into the fabric of your internal audit methodology, leaders can improve effectiveness and efficiency in their organizations.

 

Click here to access Workiva’s and MISTI’s White Paper

EIOPA Insurance Risk Dashboard: Risk exposures for the European insurance sector – July 2019

Risk exposures for the European insurance sector remain overall stable.

Macro and market risks are now at a high level due to a further decline in swap rates and lower returns on investments in 2018 which put strain on those life insurers offering guaranteed rates. The low interest rate environment remains a key risk for the insurance sector.

Credit risks continue at medium level with broadly stable CDS spreads for government and corporate bonds.

Profitability and solvency risks increased due to lower return on investments for life insurers observed in year-end 2018 data; SCR ratios are above 100% for most undertakings in the sample even when excluding the impact of the transitional measures.

Market perceptions were marked by a performance of insurers’ stocks broadly in line with overall equity markets, while median CDS spreads have slightly increased. No change was observed in insurers’ external ratings and rating outlooks.

RD 719 1

Macro risks are now at a high level. Since the April 2019 assessment, swap rates have further declined for all the currencies considered (EUR, GBP, CHF, USD). The indicator on credit-to-GDP gaps has deteriorated due to a more negative gap in the Euro area. Key policy rates remained unchanged and the rate of expansion of major central banks’ (CB) balance sheets is now close to zero. Recent monetary policy decisions suggest that some degree of monetary accomodation is still to be expected for the forseeable future.

Credit risks remained stable at medium level. Since the previous assessment, spreads have remained broadly stable for all corporate bond segments except financials (unsecured). The average credit quality of insurers’ investments remained broadly stable, corresponding to an S&P rating between AA and A, while the share of below investment grade assets remains limited.

Market risks are now at a high level. Volatility of the largest asset class, bonds, remained broadly stable compared to the January’s assessment, whereas equity market volatility spiked in June 2019. Newly available annual information shows a decline in the spread of investment returns over the guaranteed rates to negative values in 2018, mainly due to lower investment returns. The mismatch between the duration of assets and liabilities remained broadly stable in the same period.

Liquidity and funding risks remained stable at medium level. Liquidity indicators have remained broadly unchanged since the previous quarter, while funding indicators such as the average ratio of coupons to maturity and the average multiplier for catastrophe bond issuance increased.

Profitability and solvency risks remain at medium level but show an increasing trend. This is mainly due to newly available data on the return on investments for life solo undertakings, which was considerably lower in 2018 than in the preceding year. SCR ratios are above 100% for the majority of insurers in the sample even when excluding the impact of the transitional measures on technical provisions and interest rates. The proportion of Tier 1 capital in total own funds remains high across the whole distribution and the share of expected profit in future premiums in eligible own funds is below 15% for most undertakings in the sample.

Interlinkages and imbalances risks remained at medium level in Q1-2019. A minor increase is observed for exposures to banks, while the opposite is true for exposures to other financial institutions. An increase has been reported in the share of premiums ceded to reinsurers.

Insurance risks remained constant at a medium level. Median premium growth of life and non-life business remains positive and a reduction has been reported in insurance groups’ loss ratios and cat loss ratios.

Market perceptions remained constant at medium level. Insurance groups stocks’ performance was broadly in line with the overall market. Median insurers’ CDS spreads have increased, while external ratings have remained unchanged.

RD 719 2

Click here to access EIOPA’s Risk Dashboard July 2019