By Jeff Koyen
The Covid-19 crisis taught us many hard lessons—not least being that modern commerce requires a steady stream of fresh, accurate data. And without the right digital workflows in place, that data is difficult to access.
As the global economy slowly recovers from the pandemic and business leaders start preparing for the next crisis, ensuring a consistent supply of mission-critical data is top of mind.
“The reality is, there’s always going to be another crisis,” says Vasant Balasubramanian, general manager of ServiceNow’s risk business unit. Balasubramanian and his team work to ensure clients have the tools they need to manage risk and be resilient issues across the organization.
“Supply chain broke down? Technology failed? There’s been a hack? These things keep happening,” he says. “The smart leaders have already done the scenario planning and have plans in place.”
To understand how smart digital workflows can help maintain consistent access to the data businesses need—when they need it most—we spoke with Balasubramanian from his home office in California. This conversation has been edited for clarity.
What is integrated risk management, and why is it so important?
If you think about all the stakeholders in any given business, the risks in one part are not always known to somebody else. For example, say I’m shipping a product that makes $10 million a day, and it depends on a third-party service that, if it goes down, we’re stuck. Those kinds of connections are very specific and not widely known across the enterprise.
We connect all these silos of risk, compliance and exposure across the enterprise—that’s integrated risk management. Now you can make better decisions from an overall business point of view.
Data can help predict and even prevent crises, both large and small. How does this work, and how does one get started?
Suppose I’m managing a facility in a place where cyclones are common. How does a business owner in America know whether or not an upcoming cyclone will affect the technology center that’s working on their product? Smart risk managers will subscribe to an external data feed or news service that keeps them informed.
Now let’s say this facility is located in a really dry part of California [that is] more subject to wildfire-based disruption. You’ll also want data feeds that provide early warnings that say, “There’s a growing wildfire within 20 or 50 miles of here and you have a facility in its path.”
This is prevention through data-driven monitoring.
To get started, organizations typically draw up a map of the things that are most important to them. Honestly, it’s a journey and people start at many different places. It’s also not a one-day thing or a one-year thing where you just turn it on and you’re done.
Looking back at 2020, what role did data play in coping with the Covid-19 crisis?
First, there was a huge scramble to get the right data. Which countries have the most significant problem? What are the states and localities where this is a problem? Just because it’s a problem in “California” doesn’t mean it’s a problem in the Bay Area, right?
So, which information is relevant? Unfortunately, not everybody had that kind of data.
Second, supply chains. Suddenly, there were companies who weren’t entirely clear about their vendor landscape. Do I have logistics companies with alternate routes? Do I have warehouses that are still operating? This is a massive web of information [that’s] non-trivial because the answer changes depending on geography.
Third, security. Cyber hacks just went through the roof because now everyone was home. And I guess the hackers were home, too, because of the surprising number of attacks. Again, data played a key role in being able to scan your systems, staying ahead of your expanded digital work environment and making sure that it was secure.
How can digital workflows help detect risk and prevent the next crisis?
There’s more technology [than ever] in our day-to-day jobs. Banking products. Automation products. IOT for manufacturing, maintenance and logistics.
These are all technology components, and the first step is understanding how they fit together. Connect the dots between the technology, third parties that supply this technology and the facilities where they rest.
Then you look at continuity points and put disaster recovery plans in place. In all of this, notice how many different people are involved. And consider the data that’s coming from all of these different systems, scanners, supply chain logistics and third-party events. Shared digital workflows create a common language for connecting across the enterprise, and they’re critical to bringing this together.
Can you provide any examples of a client who used digital workflows to help reduce operational risk?
One great example is the city and county of Denver. Until 2018, they used a 30-page vendor application form that included more than 300 questions and relied on email, spreadsheets, PDFs, that stuff. The worst part, from a risk management perspective, was its fraud detection, which depended on 173 security questions that couldn’t even be scored consistently.
It was a long and painful process until they moved everything to our Vendor Risk Management solution. This allowed them to streamline the screening process, write security questions that were more consistent and build a vendor portal. What once took six to eight weeks became a one- to three-week process. Efficiency skyrocketed and risks were reduced.
What advice do you have for an executive who wants to build a world-class risk management strategy, but their systems just aren’t there?
First, start small. Start on something that’s relevant, and you know you can fix it. Don’t try to boil the ocean.
Second, reach out to your stakeholders. Unless you’re the CEO or the COO, it’s unlikely you are the single owner for all the risks across the enterprise.
Third, use technology to help you. Technology’s not the answer. I want to be clear on this. But a solid technology platform that connects day-to-day work helps risk management become embedded across the enterprise.
Finally, it’s important to understand that “risk” can mean different things. Risk can be related to financial risks. There can be reputational risks. There can be competitive risks.
The real question is, how do you stay resilient during and after a crisis, and how can technology help make this possible?