“Risk Intelligence is probably one of the most important of the core elements which must be established when building a successful and effective governance, risk and compliance (GRC) program”, said Lynn Mattice, Managing Director of Mattice and Associates, a keynote speaker at The Great Conversation in Security – 2017.
According to Mattice, Risk Intelligence is often confused with Business Intelligence. They have similarities. Business Intelligence is often applied to data mining within company databases. It is used to drive competitive intelligence, customer relationships, and supply change behavior.
Risk Intelligence is more expansive. There are risks, threats and hazards within the environments an organization operates. They must be extrapolated from external and internal data. If mined and understood, they can clarify opportunities for value generation as well.
Most security executives are challenged with developing a Risk Intelligence program. Government agencies will often speak about collaboration, but most will not share timely and vital information that could make the difference in formulating strategic risk programs.
Mattice suggests that the evolution of an intelligence program start with an assessment of the culture. This will become an essential data point in determining the value path that a leader should take. One of the cultural data points is leadership at the top. Mattice often acts as the advisor to the leader encouraging collaboration and a deliberate assessment of the data and the subsequent actions that must be taken.
Analysts must be hired or strategically contracted to help with the data analysis.
With this foundation in place, the next step is to act as an informed advisor to the business leaders. This will provide a rich layer of requirements that are aligned with how the company operates and generates value. Risks to people, processes, assets and markets are omnipresent. The role of the advisor is to help the business leaders quantify, manage and persistently manage those risks. Alignment with the leader’s business and market intelligence team is critical. Your eyes will interpret the data differently and provide valuable insights.
The bottom line is an attitude and capabilities adjustment is in order before the security executive’s team can provide trusted and valuable advice to business leaders. This evolution is necessary to ensure the budget spend is strategically aligned with the objective of running a valuable organization. Failure translates to brand and value dilution at the worst. At the best, your contribution creates opportunities that will help guide the future of the organization.
And, according to Mattice, that is the future of Security.
Lynn Mattice is Managing Director of Mattice and Associates, a management consulting firm and trusted advisor assisting enterprises in navigating a world full of risks. Developing Risk Intelligence Programs for clients is one of the services provided by Mattice & Associates.