Leveraging artificial intelligence to energize GRC in a disruptive world
THERE IS CLEAR LY A MIXTURE of excitement about a future driven by digital and AI and a desire to better understand what it means and how to prepare for it. Everybody is discerning and working on AI and their digital future. Many executives have come to terms with the idea that disruption is a fact of life and that their companies need to transform.
But what exactly is AI and how can it shape the future of GRC?
Artificial intelligence (AI) deals with building smart machines capable of performing tasks that typically require human intelligence. Patrick Winston, the Ford professor of artificial intelligence and computer science at MIT, defines AI as “algorithms enabled by constraints, exposed by representations that support models targeted at loops that tie thinking, perception and action together.”
According to Wikipedia, AI, sometimes called machine intelligence, is intelligence validated by machines, in contrast to natural intelligence displayed by humans and animals. It is the study of “intelligent agents”: any device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals.
The term is often used to describe machines (or computers) that mimic “cognitive” functions that humans associate with the human mind, such as “learning” and “problem solving”
Although artificial intelligence educes thoughts of science narrative, studies have shown that it already has many usages today:
• Spam filters on email;
• Personalization: Online services use artificial intelligence to personalize experience. Services, like Amazon or Netflix, “learn” from an individual’s previous purchases and the purchases of other users in order to recommend relevant content;
• Fraud detection: Banks, for instance, use artificial intelligence to determine if there is strange activity on an account. Unexpected activity, such as foreign transactions, could be flagged by the algorithm;
• Smart assistants (like Siri and Alexa);
• Disease mapping and prediction tools;
• Manufacturing and drone robots;
• Optimized, personalized healthcare treatment recommendations;
• Conversational bots for marketing and customer service;
• Robo-advisors for stock trading;
• Social media monitoring tools for dangerous content or false news; and
• Song or TV show recommendations from Spotify and Netflix.
Hardly a day passes without a news story about a high-profile data breach or a cyber-attack costing millions and millions of dollars in damages. Cyber losses are difficult to approximate, but the International Monetary Fund [IMF] places them in the range of US$100–$250 billion annually for the global financial services industry.
Furthermore, with the ever-growing pervasiveness of computers, mobile devices, servers and smart devices, the cumulative threat exposure grows each day.
While the business and policy groups are still beleaguered to shawl their heads around the cyber realm’s brand-new importance, the use of AI to cyber security is foreshowing even greater changes.
One of the fundamental purposes of AI is to automate tasks that heretofore would have required human intelligence. Cutting down on the labor resources an organization must employ to complete a project, or the time an individual must devote to routine tasks, enables terrific gains in efficiency.
The nature of risks is unremittingly fluctuating and evolving at unprecedented levels and hence implementing a successful risk management program is the call for organizations looking to safeguard their hard-earned reputation. Failure to do so could be injurious, as many organizations in the past have realized the hard way.
The standard organizational framework used to manage risk and compliance are the three [3] lines of defense:
• The first line of defence (functions that own and manage risks);
• The second line of defence (functions that oversee or who specialise in compliance or the management of risk); and
• The third line of defence (functions that provide independent assurance). A key requirement of the lines of defense is the assistance provided to various levels of management. While first and second lines of defense are archetypally organized to support levels of management, the 3rd line of defense classically works with management and the board to surface risks and compliance issues and works to address slits and deficiencies. In order to provide proper assistance for these levels of management, the lines of defense need to provide insights that enable:
• Enriched execution on a daily basis of the performance of risk and control activities;
• Finer and tenacious control and management of the activities, and
• Forward and outward looking comprehensions for strategic risk management.
Integrated GRC platform is the only solution to help businesses manage risks across the organization while driving overall enterprise performance and being flexible enough to keep pace with a rapidly-changing environment.
As these platforms allow companies to meet their GRC targets by automating the workflow, many organizations are espousing GRC platforms to augment their operational activities.
In this day and age of disruption, technology is a sturdy enabler of business. And arguably, few developments in technology have generated as much interest as AI. From digital assistants to streaming services, AI is ubiquitous, with seemingly endless possibilities. But beyond all the flimflam, what are the practical applications of AI in GRC?
Artificial Intelligence (AI) in GRC is the need of the hour. As companies expand their digital footprints, cyber security vulnerabilities increase due to huge amount of data being produced. Surely, the demand for intelligent use of accumulated risk data will only increase.
GRC solutions that incorporate AI and its application Machine Learning (ML), will play a key role. The key players in GRC industry are Continues on page 12
• Dr Abolo is the Director General, The Economic Thinktank Centre, and also GMD/CEO, The Risk Management Academy Limited. He can be reached on 08021003297; and mail@ drabolomoore.com; aboloemma@gmail.com