How does low-code increase organisational agility, in relation to risk?
In any given market place, there will always be change that can bring new risks or change the nature of existing risks. Currently in a fixed, legacy, technology ecosystem organisations tend to react to change unsupported by the existing technology infrastructure. They rely on informal procedures, typically spreadsheets supported by word processors, commonly stored in folder structures that in many cases are not even backed up. These informal methods are usually subject to manual, analogue, risk assessment and controls that are time consuming and expensive (if they are done at all). This mend and make do approach, is largely due to the cost of changing existing systems. Low-code platforms assume ongoing change and are architected to facilitate such change while maintaining control – including risk assessment and management. In the FLOvate platform, internal audit and risk assessment sub processes can be configured quickly and easily and recorded in specific risk management datasets.
How does this improve flexibility and scalability, in relation to risk?
If you have a traditional hard coded system that is designed to model a business process, then chances are it only fits that process at the point the system was originally specified. Any accompanying assessment of risk surrounding this process may be part of the system but again would only be 100% valid at the point of specification. Often the management of risk in relation a given process is an afterthought and risk management, from day one, is in a separate system or in spreadsheets.
Low code platforms allow for the process to be changed easily or for risk assessment/management subprocess to be added/amended as required. That way your business process is always in sync with your market/customer requirements and your risk management framework for that business process is integrated from the start.
Where are the challenges that this can bring to risk management – and how can organisations counter these?
Integrated risk management can surface more adverse risk incidents and management of these need to be resourced correctly.
What does the future of risk reporting hold and how are new technologies e.g. AI and deep learning, being embedded within technological ecosystems at companies to change reporting?
The immediate challenge with AI/deep learning/machine learning is separating the reality from the fiction. There is Hollywood AI which is the type most commonly reported in the media and is largely fiction. Then there is the field of Machine Learning – this is real, proven and has enormous consequences for the future of risk management.
It requires skilled data scientists to implement/maintain the data/algorithms and there is a scarcity of those with the required skills.
Secondly the data used to deduce algorithms using machine learning needs to be clean, put simply if your training data misses 50% of risk instances or has 50% false positives then the algorithm generated using machine learning will have the same characteristic errors. The FLOvate low code platform can snapshot data when a process outcome or decision outcome becomes known. Decisions can be automatically double blinded to ensure the validity of the data. This means that snapshot data is ideal as an input for machine learning routines with the resulting algorithms giving a high degree of accuracy in real world situations.
Your algorithm will be affected by the data that you input:
Bad data in will result in a bad algorithm
Good data in will result in a good algorithm
At FLOvate we do workshops to explain AI/Machine Learning to executives. We use a model that can successfully identify fruit from three dimensions – length, width, colour. It is easy to visualise how machine learning performs this task because it can be illustrated in a 2D diagram.
Typically, real world machine learning scenarios have high single digit or early teens dimensions. The algorithm deduced by analysing the data is likely to be very complex and likely will not be readily understood by humans (however good their maths ability). This is especially relevant in regulated environments where a company might be required to explain a decision to a customer or regulator.