MetricStream, the GRC app provider, has a few thoughts to share with compliance officers around the globe about what the year 2015 holds for them and for information technology and risk.

Because the face of 'risk' is ever-changing, companies around the world cannot afford to sit still. They must keep evolving rapidly and adapting to complex and interconnected risks, new operating environments, and the changing context of how business is done.

MetricStream, the GRC app provider, has a few thoughts to share with compliance officers around the globe about what the year 2015 holds for them and for information technology and risk.

Brenda Boultwood, the senior vice president of industry solutions, believes that in the year ahead we shall continue to see financial firms focusing on the harnessing of Big Data, predicting that “People will use Big Data to better their understanding of the underlying themes and patterns that contribute to highly risky and 'high impact' events.

“In 2015, emerging risks will receive even greater attention in the governance process, along with stress-tests of individual risks linked to macroeconomic indicators. Organisations will have to study historical data and combine that with current trend information, all of which can be analysed and transformed into risk management strategies.”

In line with this, organisations will have to take a more holistic view of risk management than ever before in the year ahead, according to Brenda.

“It is imperative to bring all the main interested parties and pieces of data together into a common risk and control strategy. Organisations can become more efficient and lower their costs by streamlining risk management and compliance processes and programmes. Leading organisations will continue to use ever-more sophisticated models and Big Data analysis to understand real-time trends and the relationships that exist between risks.”

The need for a strong technical team is becoming crucial in this new era of Big Data. Piyush Pant, the vice president of strategic markets, argues: “The unprecedented volume, variety, veracity, and velocity of structured and unstructured information is a huge opportunity – and could lead to a competitive advantage for any business.

"Sophisticated analytics platforms can help aggregate and decipher complex data from a number of sources – including social media, multimedia, supplier data, regulatory feeds and threat and vulnerability scanners – all in real time or nearly. By deploying Big Data processing technology, organisations are increasingly able to identify trends and spot anomalies in a way that can help strengthen their risk management and regulatory compliance efforts.”  

Piyush believes that 2015 will see a crucial new organisational job – that of Chief Data Officer - come to prominence. According to Piyush, “An evolution of the traditional data scientist's job, the CDO will possess strong left-brain and right-brain skills and will excel in mathematics and science, but will also be extremely curious, collaborative, communicative and passionate about data.

"CDOs will help lead the organisational charge, working right alongside other business leaders such as the Chief Digital Officer and the Chief Risk Officer, to help their businesses make better decisions and perform more effectively.”

Echoing Piyush’s sentiments, Vidya Phalke, MetricStream's CTO, believes that organisations will continue to rely on business leaders with technical experience and knowledge. According to Vidya, “The Chief Information Officer (CIO) will play a more active front-line role, helping set and guide business strategies. Indeed, as organisations grow their digital ecosystems, CIOs will need to establish underlying sets of risk and governance rules that support and uphold business continuity, data security and privacy. The CIO job will evolve, helping firms to mitigate complex new technology-related risks and also manage mounting regulatory requirements. When it comes to the strategy and risk appetite that firms need to flourish in tomorrow’s digital world, the CIO will emerge as one of the most critical advisers.”

Organisations must take a more proactive role in helping to cultivate this new generation of business leaders, according to Susan Palm, vice president of GRC solutions. According to Susan, “We simply do not have enough people with the right skills, expertise and experience needed to lead and support the risk management programmes of organisations today. It’s vital for companies to begin to invest more heavily in their own talent pools.”

Susan suggests that in 2015, “Organisations need to form partnerships to develop solutions to this global problem – not least by involving themselves in academic programmes at universities, industry training programmes, professional certifications, and 'thought leadership' such as expert-led events and peer associations.”

The cultivation of risk management talent is important and Yo Delmar, vice president of GRC, suggests that we also need to focus on cultivating greater awareness, responsibility and accountability when it comes to an organisation’s information security. According to Yo, “Information security no longer rests solely with the information technology group in the organisation. In the year 2015, we will see organisations re-think and re-imagine their information security processes, which must become truly embedded across functions and business operations. We shall also see stronger private and public partnerships and an increase in collaboration and financial investment, the better to develop stronger information security models that understand and address emerging threats, motives and targets.”

Sonal Sinha, MetricStream's associate vice president, believes that the establishment of a truly pervasive, holistic, and enterprise-wide view of risk is vital in the year ahead. According to Sonal, “Complex risks, and new regulatory compliance requirements – such as those around conflict minerals – have forced companies to look far beyond the traditional four walls of their business, and into the far-reaches of their vast, distributed, global supply chains. In 2015, organisations must ensure that their entire chain is operating under the same corporate, social, ethical, risk, and compliance objectives. As we’ve seen, not doing so can come at a high cost to the business and its corporate reputation.”

In truth, no one can be sure what exactly the year 2015 will bring. However, as our risk and compliance landscape continues to shift and evolve, it is vital for organisations to plan for the uncertainty that lies ahead. From the changing dynamics of the boardroom, to new complex and interconnected risks and the rise and importance of new organisational jobs, 2015 will see companies around the world thinking more proactively about the GRC strategies needed to manage the risks of today and pursue the opportunities of tomorrow.