Are you managing operational risk with a teenage brain?

Let’s be honest, none of us is proud of the way our minds worked—or didn’t work—when we were teens. If you are or have been the parent of a teen, you know the struggle: The frontal lobe is still developing in the teen years, and it’s difficult to make consistently good decisions, especially when there’s information overload from multiple sources and a lack of experience to know what’s valid.

Likewise, two-way communication is a challenge because teenagers often keep things to themselves; after all, their parents make “a big deal” out of everything. Teen brains also tend to ignore or downplay risks, thinking they’re invulnerable. And even though teens claim to know everything, they lack the confidence that will come from years of self-awareness.

It sounds a lot like enterprise operational risk management.

Lack of maturity = lack of integration

In the Modernizing operational risk management survey report from nonprofit think tank OCEG, we learn there’s a range of operational risk management maturity levels based on how well organizations integrate processes and operations with the supporting tools/technologies. Based on the responses from the risk managers at the organizations surveyed, there’s a lot of room for maturity:

• Only 17% use a common platform to bring systems together with operational data from the business.

• As many as 44% use multiple, often siloed technologies with little integration of data and processes.

• An alarming 38% of respondents still use ad hoc productivity tools in operations that are mostly manual and siloed.

Less mature organizations are still struggling with:

• Information overload: More than 65% indicate they must pull risk-related data from 20 or more sources, with 21% of them using more than 100 sources.

• Inconsistency: 37% say an absence of repeatable processes is an impediment to performing risk assessments.

• Communication struggles: 35% find it difficult to get attention of front-line managers to gather information, 45% say the response from these managers is slow, and 33% don’t believe in the accuracy of responses.

• Lack of confidence: Only about 30% feel assured they can provide timely, clear, and useful information to key stakeholders, due mainly to the disconnected data sources.

• Downplaying of risks: Only 30% believe the workforce understands the importance of managing risk, while 41% say risk/compliance is scoffed at as a drain on time and resources.

That should all sound familiar if you’ve ever raised—or been—a teenager.

What risk management maturity looks like

The brain matures, thank goodness. By the time we’re in our early 20s, our ability to process information and think rationally improves. We also tend to gain communication skills and the confidence that comes with life experience. And we develop an aversion to risk for self-preservation. It’s all essential for “adulting.”

Equally, maturity matters a lot in operational risk management. According to the OCEG report, “Organizations with more mature operational risk capabilities report greater application of best practices, leading to stronger confidence about risk identification and assessment. They have a broader and more accurate view of risk information and more consistency in application of assessment methodologies.”

Bringing systems together for essential data

One such best practice of a highly mature organization, the report notes, is the use of a common management platform—such as the Now Platform—that brings systems together to generate the data needed to identify, assess, and document risk. This integration of systems is way more prevalent among mature organizations than it is in immature ones.

It’s no surprise that a common platform gives organizations more confidence that they’re providing accurate, timely information to demanding stakeholders. Among mature organizations, about 50% say the workforce understands the importance of managing risk.

Head in the clouds, feet on the ground

Sure, telling teens to get their heads out of the clouds is good advice, but in the context of operational risk management, being in the clouds is a good thing. According to OCEG, organizations with cloud-based platforms are doing better overall—with greater agility and confidence in process communications than immature organizations.

One major differentiator: 58% of these organizations maintain data in a central repository to provide a “golden copy” to the business versus 34% that can’t.

The good news is 80% of OCEG survey respondents say they’re either already operating on cloud-based platforms for their operational risk management data needs or plan to in the next few years.

Building maturity takes consistent leadership

Organizations should commit resources and leadership to “develop mature processes and implement technology to support those processes,” concludes the OCEG report. In other words, it's time to stop managing operational risk with a teenage brain.

Read the complete OCEG report.

© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.