Thursday, March 4, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Meet R.I.S.K.: Why Your Next Chief Risk Officer Will Be a “Smart” Robot

by James Bone
November 17, 2015
in Risk
Meet R.I.S.K.: Why Your Next Chief Risk Officer Will Be a “Smart” Robot

R.I.S.K. is the next-generation chief risk/audit/compliance/IT security officer who is capable of processing billions of bits of data, analyzing behavioral patterns, assessing changes in internal controls and tackling cyber risks within seconds of an attack. R.I.S.K. does not command a salary, go on vacation, require a pension or health care benefits, nor complain about not having enough budget or resources to get their job done.

What is R.I.S.K.? Risk Intelligent Systems Knowledgeware is a concept that I created to describe a collection of informatics applications that are in development today designed to tackle the challenge of tomorrow’s complex risk problems. If you think this is some far-fetched science fiction story about risk management, you simply have not done your homework. Let me explain why risk management as you know it today will never be the same and is going through a major transformation never before seen.

Intelligence and security informatics (ISI) is defined as the development of advanced information technologies, systems, algorithms and databases for international, national and homeland security-related applications, through an integrated technological, organizational and policy-based approach. Academics, military researchers, systems programmers and information security engineers are exploring a range of advanced technologies to address tomorrow’s threats. Disparate teams from around the world are separately, and in collaborative partnership, working on first-generation smart systems to redefine how risk management and cybersecurity will be prosecuted in the very near future. While it is true that much of this research is very early stage, it is also true that practical applications are being used today.

What is driving this change? Every organization is impacted by the speed of change, volumes of data generated by regulation and our 24/7 online, on-all-the-time, networked environment. Whether you work in a government agency, small business or global corporate enterprise, humans candidly cannot keep up without the assistance of technology. It would be naïve to assume that risk, audit, IT security and compliance professionals have the ability to assess the health of an entire organization by reviewing a fraction of the internal controls and enterprise threats that endlessly flow through every firm.

Risk professionals spend 80 percent or more of their time focused on high-frequency, low-impact risks because they are easy to capture; yet this only creates a false sense of security. The phenomenon is called cognitive overload and creates a distraction from the true risks that threaten organizations. This is the primary reason organizations are “surprised” when a major control failure disrupts business or security professionals fail to keep up with cyber threats. Conventional risk practice is not enough! Unfortunately, risk professionals cling to ineffective risk practice without questioning outcomes or seeking alternatives.

So what are the implications of this transformation in risk management? First of all, it is important to understand that this change has already begun and will speed up rapidly as new technology is brought to bear to address risks. Open source intelligence is increasingly being used in security-related applications. Hundreds of cybersecurity vendor applications have been launched in the last three to five years and behavioral defense systems have been deployed to identify patterns of insider threats to proprietary corporate data.

As these systems and their developers learn from their early-stage experience, more advanced applications will be deployed very rapidly. Artificial intelligence and machine learning are playing a larger role in cybersecurity, which can in theory help companies identify risks and anticipate problems before they occur. The idea is to create software that can adapt and evolve to combat ever-changing attack strategies or identify patterns of suspicious behavior.

Traditional security mechanisms have leveraged rule, pattern, signature and algorithm-based approaches to detect threats, and that’s a problem, according to Paul Stokes, CIO of the University of Victoria in British Columbia. “These approaches require constant care and feeding to identify and mitigate security threats,” he said. “I think machine learning changes the game.”

The risk professional of the future will be more defined in skill set and come from a diverse set of deep domain expertise beyond audit, legal, operations or generalist backgrounds. Risk engineers will increasingly become a new title bestowed on security professionals able to design or deploy systems with intelligence custom fit to the organization’s risk. The cost of risk, compliance and audit will be streamlined and spread across resources more effectively targeting real threats to the enterprise. These changes were unimaginable a mere five years ago, but are becoming a reality today.

The question is: are you prepared, or do you ignore the change until you are replaced by R.I.S.K.?


Previous Post

The New Ozone Standard: How We Arrived Here and Where We’re Headed

Next Post

Attributes of a Great Ethics and Compliance Leader

James Bone

James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors.
James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective. James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.  

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
leader marking territory with a red flag

Attributes of a Great Ethics and Compliance Leader

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Addressing systemic racism in the workplace SAI Global
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights