Risk Intelligence

How Artificial Intelligence (AI) can transform Risk Management

Risk Intelligence is an executive’s guide to the application of AI in ERM. Artificial Intelligence will transform risk management to a proactive management tool for informed decision-making and exploiting opportunities.

The title is borrowed from Napoleon’s concept of “Military Intelligence”:

“a military discipline that uses information collection and analysis approaches to provide guidance and direction to assist commanders in their decisions.”

In the same vein, Risk Intelligence can be defined as:

“a business discipline that uses information collection and analysis approaches to provide guidance and direction to assist managers in their decisions.”

The Future of ERM - Book 2 - Executive's Guide

Risk Intelligence How Artificial Intelligence can transform Risk Management

As an executive’s guide, this book walks the fine line between AI technical and ERM strategy. Using everyday language, it lays out how to exploit the latest advances in machine learning and related AI technologies, as a toolkit to navigate uncertainty.

Risk Intelligence provides engaging and practical advice on solving ISO 31000 and COSO ERM’s biggest challenges. This includes using Knowledge Graphs for supply chain risk, Blockchain to eliminate fraud, and Bayesian Game Theory modelling for strategic planning. Covering the 7 risk domains of financial risk, strategic risk, third-party risk, operational risk, security risk, market risk, and compliance risk, it maps out how senior managers can use advanced technology to navigate the volatile and disruptive post-COVID business world.

Gregory M. Carroll shares a wealth of learning and life experience gained from implementing artificial intelligence based solutions for enterprise risk management in Defence and mission critical industries.

It is essential reading for CROs, and GRC practitioners wanting to understand the broader organisational context of deep learning and implementing true risk-based decision-making. With an executive’s perspective on policy and solutions, it is also ideal text for upper-level undergraduate, postgraduate and MBA students.

Watch my book overview at IRM Risk Revolution forum, Sep 2021

Risk Intelligence - AI for ERM

My Top 10 Disruptive Technologies that will change Risk Management in the 2020s are:

  1. Probabilistic Modelling – to mirror real-world uncertainty and aggregate the effects of risk on strategic objectives.
  2. Knowledge Graphs – to map risk network relationships to identify and understand sources of risk.
  3. Neural Networks (aka Deep Learning) – to classify risk, identify patterns in data and images, and recommend courses of action.
  4. Big Data & Predictive Analytics – to build risk collateral, identify trends & evolving risk, anomaly detection, and threat management.
  5. IoT – Intelligent Things – to monitor changes in environmental factors in real-time, and using streaming analytics to identify stress and internal risks.
  6. Virtual & Augmented Reality – to gain a quantum leap in staff training, building a robust risk culture, and provide real-time expertise to critical tasks.
  7. Natural Language Processing (NLP) – providing text analysis to identify regulatory compliance issues and sentiment analysis to monitor behaviour.
  8. Robotic Automated Processes (RPA) – AI infused workflows to augment human processes integrating research and risk-based decision-making at the coalface.
  9. Blockchain Distributed Trust Systems – that will transform everything from cybersecurity and supply chain risk to making individuals responsible for their carbon footprint.
  10. Bayesian Decision Networks – applying expert experience and probabilistic modelling to risk scenarios to identify the most likely outcome of complex events.

The 7 Risk Domain of ERM

Following on from Book 1 – “Mastering 21st Century ERM“, I have separated the application of AI technologies by Risk Domains. It is adapted from the healthcare risk management domains to a general business environment, reducing from eight to seven domains:

Financial Risk

Although there are well establish risk analytics for managing Financial Risk, I propose the use of Bayesian Decision Network models with time-series forecasting. Essential to this, is the correct use of scenario analysis.

Third Party Risk

Supply chain risk has been expanded to Third Party Risk to include today’s “outsourcing” environments. By using Knowledge Graphs, unsupervised learning clustering models, and deep learning Recommender Systems will provide powerful insights. Manage Third Party Risk by identifying vulnerabilities, possible points of failure, and alternative sources of supply.

Security Risk

Obviously cybersecurity is one of your highest concerns. But in a data driven organisation, inadvertent data corruption can have worse consequences than a ransom attack. I look at Data Governance and using Sensitivity Classifiers for Information Protection. There is an anatomy of a cyberattack, and models for monitoring network activity. Finally, I take a look into the future of Blockchain Trust systems that could eliminate fraud.

Operational Risk

Covering people, processes and systems, operational risk is what you have most control over. Sadly, it is also what you will be held accountable for. As they say, behaviour eats strategy for breakfast. Therefore, I look at different Behaviour Analysis models. This includes using deep learning Sentiment Analysis to monitor Insider Risk and risk culture. As this introduces privacy issues, I look at  Differential Privacy as a method of “de-personalizing” data. There are also all the usual suspects of Robotic Process Automation for workflows and the use of Virtual Reality in training.

Market Risk

For Market Risk I look at establishing a portfolio view of risk using network analysis. Intrinsic to Portfolio Management is the ability to aggregate risk, for which I recommend using Bayesian conditional probabilities. When combined with Horizon Scanning and Threat Management, you start to move into proactive risk management.

Strategic Risk

Strategic Risk covers those risks inherent in setting and achieving an organisations strategic goals. This includes identifying objectives, planning strategies, and the role of Governance to ensure they are pursued. Included under Strategic Risk is using Bayesian Game Theory modelling and how to identify Context using operational capabilities.

Compliance Risk

The two biggest issues in Compliance Risk are matching the framework requirements to your practices, and the effectiveness of audits. AI offers dramatic improvements in rectifying weaknesses in both. This includes using Text Analytics to match regulatory framework requirements, and regression models to target audit surveillance programs.

Copyright © 2013-2021 Gregory M. Carroll