Tag Archives: Cognitive Risk Management for Cybersecurity
In this webinar we will look at cognitive security – the concept of using data mining, machine learning, natural language processing and human-computer interaction to mimic the way the human brain functions and learns – in order to help fight cybercrime.
In my previous articles, I introduced Human-Centered risk management and the role that Cognitive Risk Governance should play in designing the risk and control environment outcomes that you want to achieve. One of the key outcomes was briefly described as situational awareness that includes the tools and ability to recognize and address risks in real time. In this article, I will delve deeper into how to redesign the organization using cognitive tools while reimagining how risks will be managed in the future. Before I explore “the how” let’s take a look at what is happening right now.
This concept is not some futuristic state! On the contrary, this is happening in real-time. BNY Mellon, one of the oldest firms on Wall Street has started a transformation to a cognitive risk governance environment. Mellon is not the only Wall Street titan leading this charge. JP Morgan, BlackRock, and Goldman Sachs are hiring Silicon Valley talent among others to transform banking, in part, to remain competitive and to strategically reduce costs, innovate and build scale not possible with human resources. The banks have taken a very targeted approach to solve specific areas of opportunity within the firm and are seeking new ways to introduce innovation to customer service, new product development and create efficiencies that will have profound implications for risk, audit, compliance and IT now and in the foreseeable future
As these early stage projects expand the transformation that is taking place today will position these firms with competitive advantages few can anticipate. I do not know the business plans of BNY Mellon, JP Morgan, BlackRock or Goldman Sachs but it is safe to say that each of these firms will see the benefits of implementing targeted solutions with smart systems to augment decision-making and drive growth. They may also reduce risks in the process. However, as these firms grow their smart technology portfolio it will become obvious that a strategic plan must include an overarching Cognitive Risk Governance program that goes deeper than IT efficiencies, investment management and one-off cost savings in contract reviews. I applaud the approach these firms are taking but these are low-lying “tactical fruit”, but one must start somewhere!
The real question is what role will risk management, audit, and compliance play in this new cognitive risk era? Will oversight functions continue to be observers of change or leaders in change with a risk framework that contemplates an enterprise approach to smart systems? Will oversight functions seek opportunity in this new cognitive risk era or choose to ignore the growth of these advances?
The Cognitive Risk Framework for Enterprise Risk Management has been presented in earlier articles as a set of pillars that include human elements integrated with technology because technology alone is not enough! Smart systems will reduce costs, in some cases, redundant staff and in other cases reduce the need to add people to build scale and more. However, without a more comprehensive approach the limits of a technology-only strategy will become obvious as soon as the cost savings decline.
If firms truly want to create a multiplier effect of cost savings and scale the transformation must include technology that assists humans to become more productive!
If operational and residual risks represent the bulk of inefficient bottlenecks or have limited a firm’s ability to respond quickly to changes in the business environment a well-designed cognitive risk framework offers firms the ability to free up the back and middle office environment. How so?
Introduction to Intentional Control Design, Machine Learning & Situational Awareness
First, automation trumps big data analytics!
I know that Big Data, Predictive Analytics, Machine Learning and Artificial Intelligence sound sexy, seems cool and is the future! But let’s work in the real world for a moment. Google has made great advances in machine learning but if you actually take the time to read their research literature (since about 1% or less of the pundits do) you will find that the actual use cases have been limited. The real opportunities involve routine processes with very large pools of data that is well defined.
You can’t teach a machine to be smart with dumb data
If you have unlimited resources or simply want to throw away money then start a Big Data project with unstructured, random data! Some may argue the benefits of this approach but consider this. Most firms produce petabytes of structured data every single day in production environments that are rarely leveraged to its full capacity. Why not start with a good data source, automate the processes that produce this data to assist humans in getting their jobs done more efficiently? Want to ensure internal controls work flawlessly? Automate them! Want to ensure compliance with regulatory mandates? Automate it! Want to produce real-time audit sampling and monitoring? Automate it!
Design the risk, compliance, IT and audit outcomes that you need! Intentional Control Design takes advantage of machine learning in the most efficient manner through the corpus of data that exists in production data.
Once you do that you have your big data projects solved! Need audit data to test compliance? Done! Need risk assessments with real data? Done! Need to check fraudulent activity? Done!
If you want to create situational awareness for how your firm is operating in real time design it! Automation trumps Big Data analytics, but most get this backwards!
Unstructured data requires human annotation, which increases costs exponentially so why start there? It may not be sexy but the money that you save will make you feel better than the money you lose chasing the glamor projects that add little value.
Automation gives you situational awareness through true transparency! Transparency gives the Board and senior management the ability to adjust in a more timely manner. If you want a no surprise business environment consider designing one……. It doesn’t happen by accident nor does it happen by threatening staff to not make mistakes!
Cars are safer today than 40 years ago because of design! Airline travel is safer today because of design. Amazon, Facebook, Google, and Apple have overtaken traditional business models by design!
There are a number of residual benefits that I haven’t discussed in detail yet like reduction in cyber risks, employee burnout, increased staff productivity and many more. I saved these for last because we always forget that humans are the real engines of business growth.
If you are still an unbeliever just take at look at the store closings in the retail industry by not listening to the change created by the internet and firms like Amazon. I understand that change is hard but without change it will be harder to keep up and survive in an environment that moves in nanoseconds!