“Big Data” is one of the most avidly-followed developing trends in information technology at the moment; searching the term returns over 220 million hits on Google.
The term is defined by IT research and advisory firm Gartner Inc. as “high-volume, high-velocity and high-variety information assets”. Other industry observers frequently add a fourth V – veracity – to Gartner’s volume, velocity and variety. We would like to suggest a fifth – volatility.
However it is defined, there is no doubt that the amount of data available to and about any organisation is growing exponentially, and we could quote endless statistics to confirm this. Both opportunities and challenges are created by Big Data and sound risk management is needed to address these. Most organisations can no longer choose whether to have Big Data or not – it’s there and needs to be managed. Furthermore, the amount and quality of data available on any topic has a direct effect on uncertainty and therefore on risk.
On the opportunity front is the potential to know more about clients, suppliers, partners, competitors and others in the supply chain than ever before, and therefore to take better-informed business decisions. This requires your risk management process to be supported by powerful and flexible analytic tools.
Given the velocity of data – the speed at which it becomes available and is spread – and its volatility – the number of sources from which data is sourced – it is also essential that key risk indicators (KRIs) and key performance indicators (KPIs) are highly responsive and finely tuned. These can enable the organisation to identify and respond to either threats or opportunities as they emerge.
Indicators must be monitored in real-time and workflow capabilities need to escalate positive or negative trends or incidents to management so that these can be capitalised on before competition acts. Comparing multiple data sources can also provide useful checks on data veracity.
No article on trends in risk management is complete without mention of social media and the risks which are created by it, especially that of ‘reputation risk’.
The recently-released ASX Guidance Note 8 – Continuous Disclosure requires Australian-listed companies to be alert for any information, regardless of its source or transmission method, which is potentially market sensitive or could create a ‘false market’. It is now essential for any company to monitor social media in order to identify and manage any potential reputation issues before they escalate out of control. Sound risk management practices are essential to support this monitoring activity.
Some other challenges which any executive responsible for risk should consider:
How, in the age of Big Data, am I managing information security risk issues, including those introduced by complementary trends such as ‘Bring Your Own Device’ and the demands for anytime-anywhere mobile data access?
Where in this mass of data is ‘private’ information about individuals and is it protected appropriately?
If some of our data is processed or stored externally – in the ‘cloud’ – is this managed properly and have we undertaken a full risk assessment of the cloud provider?
How are we protecting our intellectual property?
How do I incorporate Big Data into the scenarios I use to stress-test my business?
‘Big Data’ creates both threats and opportunities for risk managers and risk management systems. Key capabilities need to include the abilities to analyse very large amounts of data in real-time and from a wide variety of sources to generate KRIs and KPIs.
This analytics capability needs to be supported by process modelling, workflow, and flexible rules engines which match individual business structure. Big Data will almost certainly exacerbate any existing risks in the IT space, as well as introducing new risks.