Horizon Scanning, Predictive Analytics & Risk Operations Center – An Overview

Horizon Scanning, Predictive Analytics & Risk Operations Center – An Overview

May 19, 2021 | Business Continuity, Business Resiliency, Supply Chain

Risk Operations Center

Risk Operations Centers provide a single, centralized resource point for risk and resiliency governance. When incorporated into organizational governance regimes they can provide real-time, ongoing horizon scanning and predictive information. To be practical, there must be the capacity to receive, analyze, and manage incoming information in relation to the supply chain ecosystem to reasonably ensure continuous monitoring of supply chains is effective and efficient.

 

 

Risk insight that remains siloed cannot be taken into account to inform risk management efforts across the full extent of your organization. A risk control listening post, or Risk Operations Center is a key element of a mature risk management program. Its goal is to gain significantly greater insight into the issues that you face on an ongoing basis. A Center provides an established pathway to receive data, validate and synthesize the information, and report to the necessary functions across the organization to manage the risk. It also provides a path for risk managers to use information more collaboratively and effectively than a decentralized process.

 

Risk Operations Center – Making Strategic Use of Information

Silos are obstacles to efficiency across all industries. Any combination of risk triggers – internal or external – needs to be recognized for its potential impact across the enterprise. To accomplish this, a central focal point is required.

 

As the vehicle for sharing data across your organization and with your vendors, an effective Risk Operations Center can:

  • Provide a data-centric integration point for incoming risk intelligence.
  • Provide real-time vision into your supply chain risk management (SCRM) that combines monitoring with automated and manually curated actions to improve operational resilience.
  • Provide a platform for data sharing that improves your ability to maximize resources.
  • Provide a feed-forward/feed-back loop that allows for continuous improvement to processes and management of risk.

 

 

What’s on the Horizon?

Horizon scanning is at the heart of a Risk Operations Center:

  • Horizon scanning is a stepwise process that should be coordinated with the analysis and response to information gained through observation.
  • Predictive analytics uses available data garnered through horizon scanning to try to identify future outcomes.
  • Mapping out a multi-category profile of third and Nth parties can reveal where resources can be focused to better understand potential supply chain disruptions, including breaches, where an organization’s operations may be significantly impacted.

 

A roadmap for horizon scanning and predictive analytics will help focus attention where resources are needed to develop a listening post in your setting. This center should consider continuous monitoring solutions intelligence to make data become actionable intelligence. In response to the need for better disruption forecasting, continuous monitoring is shifting to a wider multi-category review where metrics are tied to operational concerns. Real-time, automated, curated data needs to be managed over the broad spectrum of cyber; financial viability of vendors; Environment, Social, and Governance (ESG); location beyond geopolitical; and fourth parties.

 

Using this expanded continuous monitoring dataset, horizon scanning processes can yield insight into cause and effect such as:

  • Can you predict the financial stability of a company?
  • Can you predict a cyber attack – can you show a company’s cyber defenses make it more likely that an attack will occur?
  • Can you predict a delay in key source materials or parts?

 

An example of where using horizon scanning to anticipate organizational needs could have improved response times and shifted operational focus is vaccine manufacture. Producers were unaware during early stages of production of the potential for shortages in raw materials, drug distribution vials, syringes, and dry ice – each a discrete component of the manufacturing and delivery process. Had this been identified earlier, the production and delivery of these key elements of vaccine delivery could have been modified to reduce the impact on the production and delivery of high volumes of vaccines to clinics around the world.

 

Can You Make Scanning Effective?

To be effective, since “humans don’t scale,” you need to be able to manage the data you get in a way that is timely. The practical effectiveness of horizon scanning and predictive analytics relies on several practices:

  • Robust, accurate supply chain mapping. This step requires that an organization has its data house in order so that it can identify all its suppliers and their importance.
  • Identify and mitigate risk at a level that allows for resilience. This effort requires different disciplines and risk control areas to be measured and interpreted.
  • Sharing information in a cohesive way. Without some type of coordination, ideally through a Risk Operations Center, horizon scanning and subsequent analytics and mitigation lose value.

 

Looking Back to See Forward

Probability-based forecast modeling will provide a strong basis for improving the ability to predict future disruptions through simulation, scenario analysis, and other forms of optimization that support foresight into how you may influence what could happen. To accomplish this, you need to move from purely descriptive metrics that identify issues after the fact, what did or did not happen; to diagnostic data discovery that links what happened to why it happened.

 

Forecasting is coming into the continuous monitoring marketplace; however, predictive models have to be calibrated against historical data. In the current risk environment, there are not accumulated data sets for many of the issues that have emerged in recent years. Theoretical data can be used, though this can be hard to locate or non-existent. Meta data can be sanitized to serve as a starting point, though few organizations have the capacity to manage this task.

 

In the cases where data may exist, discerning what to view poses its own challenges. For instance, an indicator of interest might be how many access rights requests a vendor has in a given quarter and how that compares with that vendor or vendor set over time. The data may exist, but the people on the risk side may not be experienced at sourcing that data.

 

Learning how to get those access request logs and interpret the data is an educational opportunity. With this education, practitioners can begin to understand how analyze multi-category data and communicate up and down the organization .

 

Few Incidents, Big Impact

Horizon scanning is separate from predictive analytics. The terms are two processes that work side by side. A wide aperture will allow you to see the big picture and then use the data gained to synthesize a forecast of what that data might mean. This is a high bar, and may seem unrealistic for some risk governance programs.

 

Horizon scanning is a relative term. Getting attention on the need for horizon scanning and predictive analytics can be realized by focusing on realistic issues. The opportunities for anticipating organizational needs can be demonstrated through the operational and relationship advantages of understanding:

  • Supply chain resilience; and
  • Supply chain stakeholder collaboration.

 

Operational resilience is the goal. Greater buy-in can be achieved by moving beyond the risk conversation to show the overall value of a Risk Operations Center to your organization. Look for halfway points that will allow you to bring stakeholders together to support a more robust control environment. A target maturity matrix for managing resilience may be useful for calibrating expectations. With the horizon always changing, defining what you want to look for within your own organization can help provide perspective and a foundation for collaboration.

 

Creating a Roadmap for Driving Toward the Aspirational Goal

A Risk Operations Center should be designed to streamline risk management and make everyone’s job easier. There are layers of information coming in that can drown a listening post. The pathway to best practice is a horizon view that provides both vision and long-range insight. Buy-in from all risk areas and divisions is itself aspirational. If one division or risk manager endorses a move to forecasting and analysis, but other senior managers do not follow that direction, it is harder to effect change. A defined mandate from your C-suite will have the strongest impact and provide the needed resources and the result in the greatest value.

Phil Bennett

Currently Manager, Information Security Governance, Horizontal Services for Navy Federal Credit Union, Bennett has 18 years experience in third party cyber risk management at a top financial institutions including oversight of global assessments, assessment content and the controls testing approach strategy.


John Bree

John is Chief Evangelist & Chief Risk Officer with Supply Wisdom, the leading patented continuous risk intelligence and monitoring solution for third parties and locations. He is recognized as a global financial industry executive and risk subject matter expert, in vendor/third-party risk management, AML/CTF, KYC, and anti-fraud programs. Prior to joining Supply Wisdom, John held senior positions globally for Citi and Deutsche Bank covering corporate, investment, commercial, and consumer banking. He has managed global staff and corresponding budgets in multiple locations and delivered cost-efficient and operationally effective programs ensuring compliance with local and global regulatory requirements. Through interaction with Business Units, Internal Audit, and regulatory agencies, John resolved MRIAs, MRAs and Findings, on time and without penalty. John is a member of the Shared Assessments US and UK Steering Committees and Co-Chair of the Financial Industry Vertical Strategy Group.


Alpa Inamdar

Alpa is the Transformation Leader at AIG, where she oversees the execution of large strategic initiatives that will shape AIG’s underwriting and claims operations and policy administrations function. Prior to joining AIG, Alpa was the Global Head of Third Party Governance Advisory Group at BNY Mellon, overseeing 22 lines of businesses assessing vendor/third party risk. At BNY Mellon, Alpa served as a chair of the IMPACT Asian Leadership Forum. Currently, Alpa also sits on the board for Park and Trails of NY, Risk Board, CeFPro Magazine, Pace Transformative leadership advisory panel, and Ascend. Alpa is a Steering Committee Member of Shared Assessments.


Bob Jones

Bob Jones is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. When not writing blogs for SharedAssessments, Bob enjoys playing with his 4 grandchildren and 2 granddogs.


Kaelyn Lewis

Kaelyn Lewis is the Senior Risk Consultant, Rochdale Paragon. She provides third-party and operational risk consulting services at RPG as well as SME support for services and software development. She manages third party programs for three large credit unions and their credit union service organization affiliates (CUSO’s).


Charlie Miller

Charlie Miller has led vendor risk management and financial services initiatives for several global companies and now leads the Shared Assessments Continuous Monitoring Working Group and Vertical Strategy Groups. Charlie is a subject matter expert, consultant and speaker. After he finishes the HoneyDo List, Charlie can be found poolside with a Bud Light &/or Vodka & Tonic taking in the sunset.


Gary Roboff, Senior Advisor

With four decades of experience in financial services planning and management, Gary Roboff is a Subject Matter Expert in financial risk and payments. Gary leads the Shared Assessments Regulatory Compliance and SFG Risk Committees and leads the development of the Shared Assessments TPRM Framework.


Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics

Business Continuity | Business Resiliency | Supply Chain