Table of Content
1. Background
With economic and social development, along with advancements in science and technology, the environment, business models, and operational modes of enterprises have experienced significant changes, driven by the 'digital wave'. In this new development context, enterprise risk management, which serves as the 'escort' and 'guardian' of enterprise growth and value realization, must evolve and accelerate its transformation. Effective risk management now inherently requires extensive data support for processes such as risk identification, evaluation, simulation, and control decision-making.
Traditional enterprise risk management methods often result in shallow understanding, overcomplicated or manual assessments, and ineffective responses to risks.
Consequently, traditional practices face significant constraints in work modes, management techniques, and control methods, limiting the efficacy of risk management functions.
In the era of the digital economy, data processing tools for collection, computation, storage, mining, analysis, application development, and interactive display have become increasingly sophisticated. These tools offer practical solutions for rethinking and upgrading enterprise risk management logically. Utilizing data from smart, connected products underscores the importance of data as a key resource for achieving competitive advantages (Bilgeri et al., 2019; Hartmann et al., 2016). However, data privacy has emerged as a significant challenge for product-based companies.
The European General Data Protection Regulation (GDPR), regarded as the world’s strictest data-protection regulation, has set a global standard for data-privacy laws (AGodinho de Matos & Adjerid, 2022; Lee, 2021). This regulation safeguards personal data related to car usage, energy consumption, and machine operation. Due to such stringent data-privacy regulations, the collection of data from smart, connected products for data-driven businesses can be constrained, prompting recent research to call for further investigation into data privacy (Carrera-Rivera et al., 2022).
2. Definition of the concept of risk
In the course of research and discussions about the concept of risk, 'uncertainty' has consistently been associated with it. The definition of risk primarily revolves around several key terms: data-driven enterprise risk management, data-driven risk management, uncertainty environment, digital transformation, uncertainty, target, and impact. According to the ISO31000 and GB/T 23694 risk management standards, 'impact' refers to a deviation from expectations, which can be positive, negative, or both, leading to opportunities or threats. Objectives can vary in aspects and categories and can be applied at different levels.
While objectives and impacts are generally straightforward and widely agreed upon, the relationship between uncertainty and risk continues to be a major topic of interest in both academic and business circles.
The interpretation of uncertainty varies across different fields. In economics, uncertainty pertains to the unpredictability of economic conditions, such as future gains and losses. In risk management, uncertainty is closely intertwined with risk, often seen as synonymous to some extent. Marvin Lassander, a professor at the Norwegian University of Science and Technology (NTNU), describes uncertainty as a measure of confidence in the outcome of a risk assessment. The International Organization for Standardization (ISO) defines uncertainty as a state characterized by a lack of information or partial understanding of events and their potential outcomes or probabilities.
Thus, uncertainty arises from insufficient information and data, encapsulating the lack of certainty—a fundamental element in the concept of risk and risk management.
3. Data-driven transformation of enterprise risk management
3.1 The Nature of Digital Transformation for Data-Driven Risk Management
Business activities now leverage multi-dimensional data analysis to achieve knowledge accumulation, enhance the value of data, and expand traditional risk management scenarios. This evolution meets the modern needs of enterprise risk management, driving its transformation and upgrading. The ultimate goal is to use digital tools for real-time risk information perception and intelligent decision-making in risk prevention and control. Essentially, the digital transformation of enterprise risk management shifts from informatization to digitalization, and from process-driven to data-driven approaches.
Process-driven enterprise informatization employs classical process reengineering theories and methods to overhaul traditional management styles, which were based on departmental functions. This approach reconstructs management and business processes, ensuring the effective implementation of management rules and business operations through information management systems. It accelerates internal and external information dissemination, significantly improves work efficiency, reduces communication costs, and implements enterprise risk and control points. The development of system functions and settings ensures online constraints for risk points and control points, enhancing the standardization and effectiveness of risk management.
In contrast, data-driven enterprise digitization builds upon information infrastructure, further strengthening digital infrastructure like data centers and cloud computing platforms. It leverages big data, artificial intelligence, and other new technologies to maximize the value of data as a production factor. By linking data interfaces between information systems, it eliminates information silos, facilitates data transmission and interaction across departments, systems, and processes, and eradicates management vacuums. This approach improves risk control and prevention capabilities, uncovers the value of massive data, and drives business transformation and value enhancement through data enablement.
Data-driven enterprise risk management treats data as a new production factor, utilizing big data, cloud computing, artificial intelligence, and other technologies to upgrade and transform traditional risk management processes.
It integrates deeply into the enterprise's strategy and operational performance, driving strategic, operational, financial, and compliance risk management activities. This method facilitates the adaptive iteration of comprehensive risk management, transitioning enterprise risk management to a data-driven operation. It promotes automatic risk information perception, intelligent risk level analysis, predictive risk status forecasting, and collaborative risk strategy responses. These advancements effectively support the achievement of the enterprise's strategic objectives and business performance.
3.2 Staged programme for digital transformation of enterprise risk management
To adapt to the future stable development needs of enterprises, it is essential to establish an awareness of serving supervision, strategy, decision-making, and business. Enterprises must adopt a new data-driven mindset to accelerate digital transformation in areas such as risk information collection, major risk research and judgment, quantitative risk analysis, risk trend prediction, and risk control personnel training. Based on the roles and functions of enterprise risk management, digital transformation can be divided into three stages: digital risk perception, digital professional risk control, and digital decision support.
Digital Risk Perception is a stage involves digitizing risk management functions and processes. Tasks such as risk information collection and processing will become more automated and intelligent. This can be seen in scenarios like risk list management and risk level evaluation, where basic risk management work is enhanced through digital tools. At Digital Professional Risk Control stage, digitization extends to risk management scenarios within specific fields such as enterprise strategy management, operation management, project management, and marketing management. This involves creating specialized digital solutions to manage risks pertinent to these professional domains effectively. The final Digital Decision Support stage integrates risk management into major management activities at the decision-making level. It includes supporting significant operational decisions, major investments, and large-scale project arrangements through digital tools. By providing digital decision support, enterprises can ensure that risk management is embedded in the core decision-making processes, enhancing the ability to make informed, data-driven decisions.
By establishing this data-driven approach, enterprises can enhance their risk management capabilities, ensuring they are well-prepared to handle future challenges and achieve stable development.
4. Data value chain drives digital transformation of enterprise risk management
4.1 Definition of the enterprise data value chain
In the digital transformation of enterprise risk management, data is the core element. Utilizing massive data helps reduce information asymmetry and the 'uncertainty' caused by insufficient knowledge. It allows for deeper insights into the nature of risks and their characteristics, thereby enhancing risk awareness and improving prevention and control capabilities. To harness the role of data as a key production factor, enterprises must collect, process, and analyze extensive internal and external multi-source heterogeneous data. By integrating these data with typical risk management application scenarios, enterprises can unlock significant value and drive data-driven digital transformation in risk management.
Many experts and scholars have proposed methodologies for extracting and analyzing data value, based on Michael Porter's value chain theory. For instance, Miller, Kriksciuniene, and Curry have introduced models for the data value chain comprising three, four, and five links, respectively. These models generally encompass data collection (discovery), data processing (storage), data utilization (analysis), and data visualization. Chen Hu et al. further suggested that the data value chain includes activities such as business requirements analysis, data collection, data cleansing, data exploration, data algorithms, and data visualization.
The data value chain is central to the data-driven digital transformation of enterprise risk management.
This paper proposes a data value chain management model, which includes five core data management activities: data generation, data acquisition, data processing, data analysis, and value release. This model covers the entire process of closed-loop management within the data value chain, as illustrated in Figure 2.
Data Generation involves the creation of data from various sources, including operational activities, customer interactions, and external environments. Data Acquisition focuses on collecting data from multiple sources, ensuring the data is comprehensive and relevant for risk management purposes. Data Processing includes data cleansing, storage, and integration to prepare the data for analysis. Ensures data quality and consistency. Data Analysis utilizes advanced algorithms and analytical tools to uncover patterns, correlations, and insights. Helps in understanding risk characteristics and predicting trends. Value Release involves visualizing and applying the analyzed data to real-world scenarios, enabling informed decision-making and strategic risk management.
By implementing this data value chain management model, enterprises can effectively navigate their digital transformation journey. This approach ensures that data is systematically leveraged to enhance risk management processes, reduce uncertainties, and support the achievement of strategic objectives.
4.2 Application data value chain
Different enterprise risk management scenarios directly influence the application of the data value chain. The construction of the data value chain should align with various levels of enterprise risk management needs and be divided into phases: professional risk management digitization, business risk management digitization, and management decision support digitization.
Risk management digitization pertains to the operations within the risk management department. Business risk control digitization involves integrating the risk management department into the business activities of the enterprise, empowering the business sector with forward-looking risk management. Decision-making support digitization is focused on the highest decision-making level of the enterprise, providing critical support from the risk management department in major management decision-making scenarios.
4.2.1 Risk management professional digitalization
The basic functions of an enterprise risk management department include collecting risk information, conducting risk analysis and assessment, compiling and reporting risk reports, tracking major risks, controlling risks, and disclosing information related to the company's risk strategy. Additionally, the department regularly maintains risk lists, sets risk assessment standards, predicts and provides early warnings for major risks, and compiles and analyzes risk statements.
With digital tools, the risk management department can significantly enhance the efficiency of risk management processes and operations. Digitalization allows for the automatic transmission, storage, and integration of risk information and data. By linking systems and interfaces with front-end business departments, the risk management department can access more business data. This data is then collected, analyzed, and reported to formulate risk management plans, design risk control strategies, convey enterprise risk preferences, evaluate risk control effects, and predict major risk trends, ultimately improving the enterprise's overall risk management level and supporting value creation.
In the digital economy era, the scale of data generated and collected by enterprises has grown exponentially.
To meet the demand for risk information management, the risk management department can utilize data collection, processing, and analysis technologies to comprehensively integrate internal and external data sources. By uncovering data patterns, refining risk information, and applying it to risk management scenarios, the department can achieve digitized risk management.
Innovative applications in scenarios such as corporate risk appetite, major risk profiling, corporate risk mapping, and risk control evaluation enable the risk management department to establish a digital management mechanism for various major risks. This supports and optimizes planning, control, evaluation, and decision-making processes, ultimately achieving management-driven value creation.
4.2.2 Digitalization of business risk management
In the digital economy era, the innovative application of digital technology and tools provides essential technical support for integrating risk management into business operations and empowering business risk management. Leveraging data centers and risk control centers, enterprises extend their capabilities by offering professional risk management advice and major risk prevention and control support to business departments. The risk management department becomes deeply integrated into the production and operation activities of business units, contributing significantly to planning, production management, marketing services, supply chain management, financial management, project investment decisions, external supply chain collaboration, and safety production management.
Through collaborative efforts with business units, the risk management department identifies, analyzes, and evaluates risks associated with proposed investment projects, considering various factors such as policy regulations, operating environment, customer demand, and competition.
This collaboration helps the investment management department formulate project investment strategies and risk response measures.
Additionally, the risk management department supports the credit management department in constructing customer credit rating models and credit ratings. By utilizing customer credit risk information from external legal and compliant authoritative institutions and enterprise information systems, the department accurately assesses customer credit risk. This involves creating a comprehensive credit profile for each customer, enabling the enterprise to tailor credit policies to match the risk profile of important customers effectively.
Overall, the integration of digital technology in risk management enhances the risk management capabilities of the enterprise and empowers business units to operate more efficiently and make better-informed decisions, thereby supporting overall business growth and stability.
4.2.3 Digitalization of management decision-making support
The responsibilities of the risk management department are continuously expanding to further support major management decisions by deeply integrating risk management into business activities and enhancing the enterprise's level of risk management and control. On one hand, the department formulates medium- and long-term risk management plans, constructs enterprise-level KPI key indicator systems for major risks, and provides support for strategic development planning, major decision-making, important project arrangements, and major capital operations. On the other hand, it focuses on guaranteeing the realization of corporate strategic objectives by analyzing risk triggers and influencing factors, combining corporate risk preferences, tolerance, and business needs, and building a corporate risk early warning indicator system. The department breaks down major risk management objectives and responsibilities to business departments and key positions, adopts a multi-dimensional, multi-level data indicator system, conducts risk status analysis and monitoring, and prepares regular risk statements and risk management reports.
Utilizing business intelligence software (BI), the department builds a digital enterprise risk management reporting platform, integrating various risk management indicators into digital dashboards and visual risk reports. This platform provides real-time risk data analysis, insight into risk status, and decision support services for enterprise management. Through this platform, business managers gain strategic insights into the overall risk status of the enterprise and major risk situations, effectively supporting the achievement of established strategic objectives.
By leveraging the enterprise's digital center and business center, the risk management department can realize the digital transformation of risk management at three levels: the risk management profession, business risk management, and management decision support. This is achieved through a 'data-driven' model centered on the data value chain, providing the enterprise with insights into risks, guiding direction, and achieving goals.
5. Conclusion
In conclusion, the evolution of enterprise risk management in the digital era signifies a fundamental shift towards proactive, data-driven approaches. By deeply integrating risk management into business activities and leveraging digital technologies, organizations can enhance their risk awareness, control, and decision-making capabilities. The risk management department plays a pivotal role in this transformation, expanding its responsibilities to support major management decisions and strategic objectives. Through the formulation of risk management plans, the establishment of early warning systems, and the utilization of digital reporting platforms, enterprises can effectively identify, assess, and mitigate risks in real-time. The adoption of a 'data-driven' model, centered on the data value chain, enables organizations to gain valuable insights into risks, empowering them to navigate uncertainties and achieve their goals with confidence in the dynamic digital landscape.
References
Bilgeri, D., Fleisch, E., Gebauer, H., & Wortmann, F. (2019). Driving process innovation with IoT field data. MIS Quarterly Executive, 18(3). https://www.researchgate.net/publication/335551176_Driving_Process_Innovation_with_IoT_Field_Data
Hartmann, P. M., Zaki, M., Feldmann, N., & Neely, A. (2016). Capturing value from big data–a taxonomy of data-driven business models used by start-up firms. International Journal of Operations & Production Management, 36(10), 1382-1406. https://www.researchgate.net/publication/275892318_Capturing_value_from_big_data_-_a_taxonomy_of_data-driven_business_models_used_by_start-up_firms
Godinho de Matos, M., & Adjerid, I. (2022). Consumer consent and firm targeting after GDPR: The case of a large telecom provider. Management Science, 68(5), 3330-3378. https://doi.org/10.1287/mnsc.2021.4054
Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659-671. https://www.researchgate.net/publication/349050316_Cybersecurity_Risk_management_framework_and_investment_cost_analysis
Carrera-Rivera, A., Larrinaga, F., & Lasa, G. (2022). Context-awareness for the design of Smart-product service systems: Literature review. Computers in Industry, 142, 103730. https://www.sciencedirect.com/science/article/pii/S0166361522001270
Great insights! I completely agree that traditional risk management approaches are no longer sufficient. Data-driven risk management is indeed essential for businesses to stay competitive and mitigate potential risks. Thanks for sharing this great post!