As risk management continues to evolve, forward-thinking organizations are shifting from reactive approaches to strategic, technology-enabled practices. This webinar explores how advanced technologies—including AI and integrated risk platforms—are transforming the way risks are identified, assessed, and managed. We discuss how these innovations not only enhance risk visibility but also foster collaboration across departments, enabling a more holistic and proactive risk culture. Speakers: Sara Benwell, Editor, StrategicRisk Neil Scotcher, Director of Sales, EMEA, Origami Risk Roberto Zambelli, Head of Audit, UKI, Vodafonethree Kevin Morecroft, Head of Governance, Risk and Compliance, Skanska Good afternoon, everybody, and welcome to this strategic risk webinar in association with Origami, is on elevating risk identification and transfer. I’m joined by three excellent panelists today. You could just tell the audience a little bit about who you are and the perspective that you are coming from. Sorry. My notes have just disappeared. Cool. So first up is Roberto Zambelli, director of audit at Vodafone three. Hi, Roberto. Can you tell us a little bit about yourself? Yes. Hi. Good morning, everyone. Good afternoon if you’re joining from the UK. My name is Roberto. So, yes, I’m I work at Vodafone three, which is a recent merger between Vodafone UK and and three in the UK. My background is essentially audit, so external audit and internal audit for the last twenty odd years. I’m working in a variety of industries. So I’m in telco now, but before, I used to be in sort of manufacturing, and then I worked in marketing and advertising industries. So, hopefully, a wide range of of experience in terms of control environments, governance, and and risk management. Lovely. Thank you. Next, we’re joined by Neil Scotcher, practice lead international business at Origami. Hi, Neil. Hi. Yeah. Good good afternoon, everybody. Good morning to to Doris dialing in from somewhere else outside of Europe. Yeah. I’m I’ve I’ve been in the risk and insurance technology sort of forums for over way over twenty five years now working with large multinational organizations to help them with their their IT sort of solutions that they need across sort of their their distributed businesses, sort of working large companies within the UK or or globally. So, yeah, that’s my background. Lovely. Thank you. And then last but by no means least, we have Kevin Moorcroft, head of risk at Skanska. Hi, Kevin. Afternoon, everybody, or morning, evening, whatever it is. So I’m I’m a construction guy, essentially. And I’ve got lots of hats I wear, but, effectively, I look at all sorts of risks from project level all the way to to strategic and, frankly, sort of key things, work the knowledge across the business. We’re a very large international contractor and also work as part of a process where everything that Scouts is gonna essentially invest in, divest, or bid on goes through a process, and the really tricky ones come to us. And we get to explain our recommendations to the to the board, executive boards, the c suite every every two weeks. Lovely. Thank you. Obviously, I’ve got loads of questions to ask you, but just before I start, some housekeeping for our audience. Please feel free to ask questions yourself. You can do that at the bottom of the screen. There’s, like, a q and a button. If you click on that, you can put your questions in there, and I will put them to the to our panel. I will leave some time at the end for questions, but please do ask questions throughout, and I will come to them as and when they pop up. So, yes, if you if there’s something you specifically want to know, please feel free to ask it. Kicking on and, Kevin, I think I’m gonna come to you first on this one. I just want you to set the scene a little bit in terms of what some of the key trends are that are changing, what risk managers need from risk identification and assessment today. Yep. I I think, obviously, we’re now moving into a data driven sort of society, you know, in in pretty much every organization, And that comes with a lot of complexities. And I I think the other thing is not is a data driven mindset, but it’s also the interdependencies of risk. So, effectively, in construction, we have lots of interdependencies without anything else. But we’re starting to see how how something you know, a a butterfly flaps its wings in Brazil and something happens across the world. So and and, essentially, supply chain is is a huge thing. Effectively, something happens in one market, seems unconnected, and then you’ve got a shortage of copper, for example. So that’s one of the I I think the key thing is is a data driven mindset and and the interdependencies of, you know, the COVIDs of this world and and and everything else. Lovely. Lovely. Thank you. Coming to Neil next, same question. You know, what are what are your clients saying is shaping what they need from risk identification, risk assessment? What do think are some of those key change key trends that are really changing what people need? Yeah. It’s it’s a great question. We get asked it all the time, and we work with hundreds of risk managers, insurance professionals around the globe. And and I think, really, the way way I look at it is there’s sort of four key areas that we really focus on, and that is really real increased demand for real time data and analytics. And and that is really, really important for a lot of our clients now. They’re demanding sort of that that level of of of data. Greater focus on the quality of the data as well and integration. So there’s data everywhere, and they can get but getting hold of it is really, really difficult. So getting hold of quality data is even more difficult. So there’s all these systems all over the place. You know, a typical company like Skanska, they’ve got hundreds of systems, finance systems, operating systems, things like that. And having a connected view of all of that is is important to a lot of people. Security is also massive. So having all of this, you know, today, people work through spreadsheets. They work through emails, SharePoints, all these document all these areas, but, you know, security is massive as well. And then, really, the last part, I I think, is that we’re seeing a lot is regulatory and compliance automation as well, enabling those, so that the risk managers so they need deeper insights, faster response, stronger justification for risk decisions. And and this is where the likes of Origami IT enables this through, real time data, predictive analytics, integrated risk platforms, that that is confidence in what they’re they’re working with, basically. So Great. Thank you. Roberto, coming to you next with, again, you know, the same question. What what what’s what trends are changing? What you need from risk identification? What what do you see shaping the kind of this area? I fully agree with with Kevin and Neil, and they didn’t leave me a lot to go on about, to be honest, because they gave a very good answers. So I think slightly different angle from the same sort of conversation. So the data element, for sure, I think, not just the quality, which is extremely important, also the volume of data that we are receiving now is has has changed, and therefore, the whole conversation has shifted as well as to to to triage the data and to use what is meaningful versus what I call the noise and the signal kind of thing. So that’s for sure. Data is is one. On the regulatory point, I I it resonates a lot because telco is is a very regulated industry. So in the UK, you have Ofcom. For us, we have the FCA as well for the financial services part of the business. But also from an a AI point of view, there’s, you know, the new AI sort of EU act, just sort of a year or so old, is going to drive a lot more sort of regulatory requirements, ESG, etcetera. So there is very prescriptive sort of regulatory escalations now that that probably a few years ago, we we didn’t have as much or as detailed. And one point, I think, building on from what Kevin and and Neil said, I think the expectations of boards have changed as well because of this availability of data and because of these regulatory sort of escalations or shifts. I think the the boards expect now, you know, forward looking insights, up to date, you know, real time dashboards. Not as a nice to have, but almost as a given now. And I think that is also a very big trend that these changes the sort of stakeholder ex expectations as well as everything else that’s been said. Lovely. Thank you. I think that’s a good set of trends to be starting with. Roberta, I’ll come back to you with the next one so you’re not going last this time. It’s kind of a two parter. So the first part of it is, you know, what would you describe as some of the most significant operational challenges that that you’re facing today or that risk managers generally are facing today? And then secondly, you know, how can smarter technology perhaps help you try to address some of those challenges? Yeah. Maybe a couple of of things. So the data discussion, I think we can continue on that because there is a a theory, but the practice when it comes to data and data quality in organizations often means sort of inconsistent datasets between you know, even within the same company, had legacy systems, layers of datasets that sort of don’t quite talk to each other. So I think that presents a challenge because maybe the volume of data is there, but the lineage, is not necessarily natively there. So that’s for sure is how to exploit data in a meaningful way is is challenge number one in my view. Some of the challenges, to to be fair, haven’t evolved. So, like, silo working and, you know, sort of silo operational systems as well, I think that’s still a challenge to overcome because the the patterns of sort of in interconnected risks are more and more predominant. But if your organization still works in silo, I don’t think you can really structure that that that analysis in a in a a meaningful way these days. In a way, AI, I think, can help in that sort of pattern analysis stuff. But, obviously, depending on organizations and the maturity of risk management within an organization, not everyone is on that trajectory yet. And maybe another challenge for me is, which I link it to what I said earlier about expectations, is the speed of reporting. So I think in in some cases, there is still a certain degree of time gap between What we see and how we report it and how it flows into the organization. And I think the appetite for sort of real time reporting is is increasing a lot. And if you’re stuck on a sort of very slow manual set of reporting, that actually can become exponentially ineffective, quickly in the current environment. Lovely. Thank you, Kevin. Same question to you. You know, what are the operational challenges that you’re facing, and how are you thinking about smarter technology and how it might help you to begin to address some of those? Well, I I think we’re both in in excellent job of you know, I think we share a lot of the same sort of issues. Think one of the the main issues is is a cultural challenge of people actually putting the right information in the first place and then sharing it. You know? Well, I’ve heard stories of of young engineers, for example, look at an iPad and they said, oh, the iPads, it’s fine, so it’s fine. But the thing is, you know, at a forty five degree angle or something. So so and and, you know, if you take that analogy, you sort of go that across a a business, it it is a challenge in itself. I also think the collaborative sharing of information is is very important. I think that’s one of the key things that we will see in the future. You know? So for example, in the UK in the UK market, collaborative sharing of three d information across all the parties has been around for a long time. But in other markets, that’s still in its infancy. And simplistically, that one simple thing means that we put everything in the right place the first time versus three meters in the wrong direction if you’re looking at two two d plan. So so that, if you can imagine that the benefits you you get from collaborative working and all seeing the same information or quality information, I think, is the real benefit going forward. Yep. That makes perfect sense. Neil, you’re our tech expert. How’s the technology evolving? How is it do you know firstly, have you identified any other challenges amongst your clients that are operational that we perhaps haven’t covered? But, also, how do you see the tech evolving to help meet some of these challenges? What are some of the areas where it can make a real difference and perhaps overcome some of these friction points? Yeah. Well, to be to be honest, Kevin and Roberto, if I if we were doing sort of bingo scoring, they they just hit the nail on the head with all those key points, which is what we go after from a tech perspective to help our our clients. It’s not from an operational challenge, I don’t re regurgitate what they said, but from what we see and what we’ve really focused on with our with our clients, and and we’ve got hundreds of them, But the manual data entry fragmented systems is a massive issue out there. It keep it it creates inefficiencies, delays, higher error rates, and and that’s really, really important. You know, people work out spreadsheets are great, but they’re our biggest competitor out there. Email is a group, but they don’t track it limits audit trails and things like that. So these are huge risks within organizations. The other part, we just we’ve we’ve mentioned twice now, but lack of real time visibility, again, is a real danger or a real problem for organizations, especially when they’re trying to you know, regulations are changing or things are happening within the business world, and they’re and they’re still working on data that’s maybe three or four months old or six months old or a year old. Compliance and documentation bottlenecks. It’s it’s it’s a big issue for a lot of clients out there to meet regulatory requirements. And then the and and I think of Kevin sort of hit on it. It’s there’s a limited collaboration across departments. So everyone’s working in their own little silos, and this is where technology supports this. So this is where an integrated risk management platform centralizes data, allows for easy connectivity within the organizations. It provides automation. You know, we talk about AI. AI comes with their own risks and things like that. But AI automations allow you to to notice trends and things like that that happen in and automatically support your your business and support you as as a team. Collaboration tools, as I mentioned, cross team connections, all of that is is in one place now. And then the big part that I we we see a lot of is that audit trail as well. Is all well and good seeing emails and spreadsheets and things like like that and data coming in from other places. But if you have it all connected, it allows you to see what’s happened, why it happened, and allows you to make better and and quicker informed decisions. And that’s where technology is really, really helping. I’m just gonna ask you a very quick follow-up question just based on something you said. Are you seeing are you seeing that there are a lot of organizations, I suppose, probably bigger ones where they’ve got kind of a lot of legacy systems that don’t necessarily play nicely with each other, and that’s causing friction as well, like friction between technology. Yeah. Absolutely. Yeah. Yeah. And and, you know, there there’s solutions out there that may not be we we call it API connectivity or can talk to one another. It might be spreadsheets and all sorts of things. But, yeah, there’s lots of legacy solutions out there that that don’t talk nicely. So yeah. And you mentioned kind of in fact, everybody, I think, now has mentioned this sort of connected view of exposures and, like and the indicator. I mean, we started with Kevin talking about interconnectivity of risk, and then you mentioned it just now in terms of, like, painting that data picture and the delay. Where does is it the case that where you don’t have connected exposures, people are gonna, you know, have more losses, have more near misses? And and what do you think that actually meaningful visibility looks like? And and how does it then help with decision making? And I’ll come to you, I think, firstly. First to me? Yeah. It’s a it’s a it’s a real tricky one, that one, because visibility today or meaningful visibility today means real time integrated predictive insights into exposure, losses, near misses, all of that. It’s a connected view. It’s essential for strategic decisions. So if you’re making those decisions after, it becomes, you know, you’re just being reactive and and and not as as effective. And and it enables organizations to justify risk choices, like, why you buy an insurance and and those sort of things, comply with regulations, strengthen your resilience quicker in an environment where sort of the, you know, the the coverage is is tightening and and regulations are changing constantly. It allows you to be more proactive quicker. You know? And and that is really, really important. You know? That that that that is how how we see it from from a Origami perspective. Lovely. No. Roberto, I think. What do you what does, you know, what does meaningful visibility look like to you? And, you know, where how close do you think you are? And how close do you think you are in terms of what kind of visibility of interconnected risks you have and where you would like it to be, and how do you see it sort of as the ability to get quicker, better data? Like, how do you see it reshaping sort of how risk management happens and is done, I guess? Okay. Sorry. I’ll pass this question. The long question. It’s, like, two parts to that question. I’ll two parts to the answer. The visibility piece for me is is is devising two different sort of streams, if you like, From a board perspective where sort of I sit on board level conversations sometimes, the visibility piece is to be able to connect the risk all the way to the incident. So what is the risk? What controls are regarding our organization? How effective are those controls, and are they mitigating the risk? And how do we pick up when things go wrong across the organization? So that for me is, from a from a operational risk management, operational point of view is the definition of visibility. So to be able to have that trail of of audit trail, call it, or or risk management trail from the risk all the way to to picking up the the incident data in the organization. But then there is an all also another element, which is sort of pure risk management type visibility or notion of visibility, which is the forward looking being able to see what the future brings in terms of risks. So two different things. How does technology help? In the first case, it’s a it’s a very operational one, I think. So we need to be able to leverage tools and solutions that offer that sort of streamlined view of of risk management end to end and be able to capture that end to end information from all the different sources of information inside the organization and create that sort of one truth view at both level. That that’s one thing. More difficult is the forward looking conversation of trying to predict what the risk landscape is going to be or how is the risk landscape likely to evolve. In that space, I think there is a lot of work to be done leveraging AI, leveraging sort of collaborative information in terms of, you know, industry wide. I come from telco, but it’s equally applicable to sort of other areas, pharma, maybe, don’t know, SEM. Sorry. Logistics or construction, etcetera. So leveraging that those kind of external triggers into a meaningful pattern of forward looking risk definition, if you see. So to answer completely different in terms of what visibility means, but I think, yeah, in essence, I I think it needs a lot of work on the and leveraging of technology to to get to that view. Yeah. That makes sense, Kevin. Now you you know, what does meaningful visibility look like for you, and what do you how far do you think that the industry is on that journey from, like, where where it wasn’t to where getting to true meaningful visibility that impacts decisions? Yeah. I think, I mean, I think construction is a is a very slow moving oil tanker, essentially, most things. Right? And we’re certainly everyone is on on the way, but we our industry essentially is is incredibly diverse and tricky to sort of nail down. You know, we’re not we’re not a production line that buys x products and and controls the supply chain. Every project is different supply chain, different contract, different industry, different everything. So for us, certainly, the ambition is there. And I think we’re we’re, like many, many organizations, are certainly at the at the, you know, the beginning of that. I mean, we probably think we’re further than than we’d like to be. And I think, you know, I remember a few years ago reading something about essentially lessons learned and knowledge management, and and the paper seemed to insinuate the only people who any good at it were McKinsey, and it’s because they spent so much money on it. Right? And and that’s part of where we want to you know, we wanna tell I mean, right now, we have a gold rush in terms of data centers globally, and we have lots of clients we’ve been able to to bring and help into other in into new markets, but we had we certainly still have a lot of clients who still wanna operate in a very American way, which doesn’t even fit European milk. I couldn’t I could not replicate that model if I wanted to because the industry in that, you know, in that geography doesn’t doesn’t allow it. So those sort of things, lessons learned, being able to share the opportunities as well as the risks is a real benefit because then, you know, you get that knowledge hub and you can guide them on the way rather than, you know, why why not why not. I want to follow-up with a question, just like a further question on this area before I move on to sort of vendors, third parties. It’s just in a world where we have increasing amounts of data and all of the like, so much more information than we used to, how how easy is it and how are you finding it in terms of firstly translating that into something that’s actionable, but secondly, not overwhelming decision makers with too much data, like taking or building this picture that you’re this better picture that gets better all the time because we have more data, but actually translating it into something that’s, like, meaningful and and and actionable and isn’t an overwhelming data dump for people who probably don’t need to have all the nuance of every single thing. Yeah. Well, I think for me, I think it’s all about having an explicit objective. That’s the that’s the first key thing to say, hey. Rather than just like, you know, hey. Let’s come up with a sentence. Let’s have a brainstorming session. And this is that thing that’s still quite cloud shaped, and it’s difficult for us to to actually understand or actually have a target for. It needs to be something that I can actually get. It’s it’s something that can actually achieve. And then I really come down to effectively develop it, test it, and then, you know, come back and and review it, and then keep going on that cycle. And and I would say that, essentially, the key thing for me with all these sort of things is you gotta be brutal. If it doesn’t work, don’t try changing the question or trying to get it to fit. Start again or ask yourself if that was the right question. Because because the danger with all these great opportunities we have with AI and technology now in data management is the fact that if we ask the wrong question or we have the the wrong data, you know, actually, it’s worse than it was before because you’re making judgments based on that. So so it’s all about starting small and scaling it. And then that sort of works too. You know, I think for me, personally, that’s that’s the best way of doing these things. Yeah. That makes sense. Roberto, you’re nodding. Do you agree? Yeah. Yeah. I I agree. I think I’m probably saying the same thing in slightly different words, but the multitude the the the volume of data now allows also to pick and choose which data tells the right story, which is not a good thing. Right? Right. So I think it all starts with with a clear definition of sort of risk appetite to use some fancy language. But having clear sort of key risk indicators in the organization and then sticking to those measurable targets allows to sort of have a a solid benchmark. If free flow of data is not necessarily good news to Kevin’s point because they can create confusion. Right? And also can be inaccurate and be disguised as as as the, you know, a source of truth where maybe the data quality or whatever underlying issues make sure that, you know, it’s not that reliable. So I think having clear measurements, you know, key risk indicators in the organization and then using data and continuously refine the accuracy of those key risk indicators, I think, helps in in driving clarity. Neil, anything to add here in terms of translating this stuff into decisions or into in sort of cutting through some of the noise, I guess? Yeah. No. I I fully agree with Kevin in starting small and then working your way because trying to go with the big bang approach is is somewhat difficult. Culture is a huge issue in all of this as well. The the one thing I would say, when you start small and you start building out, this is where technology really strives because you can then build workflows into play into action that that streamlines things, make sure that people only get to see what they need to see or they only work on things that they need to work on. Other things that are low level could be handled by workflows, which is what an integrated solution can do. It can it can work through that. But if you but starting small and working your way up is is absolutely, you know, a critical part of all of that. If sorry. I’m now digging deeper into this. If something small is the answer, do any of you have a view on, like, good places that people might want to start? Like, if if if if there’s people in the audience who are thinking, yeah, we should be doing more of this, is there, like, a specific area that you think is well suited to start starting small? Where I I don’t know. Kevin, where did you start? Like, Oh, I I think for me, it’s it’s about actually, you know, coming back to very boring answer and not really answering the question. But, essentially Lovely. It comes down to to having that that objective because and the reason why I say this is because AI, you know, and the technology that sits before us, it can be used in so many different ways. So it could be I could look at a program, a schedule, for example, of of a project, and then there may be software down the line that works very well at being tell us to predict where it’s going. But at the same time, it could be the sense that I have a lot of documents that I need to go through or search. Can these guys you know, can I get that information? Can I get it quickly? Can you give me a subset? So I think, really, a lot of it comes down to to what the ask is each time. So but the answer, as I say, not really answering the question, but, essentially, it’s different. Everything is different because it depends what you want to do to to to make that that thing work better for you, and that’s what it all comes down to. It’s about getting that thing to work for you rather than against you. Great. I’m just gonna put a poll live if I can make it do. Yeah. So audience members, there is a poll. You’ll be able to see it by clicking on icons. Poles at the bottom, it should pop up. If you can vote, that would be great. People are voting. Hurrah. Technology works. Also, just a reminder that if you want to ask questions, do so in the q and a, and I will put them to our panelists. Okay. So now I want to talk about third party risk, vendor risk, etcetera. So one, sort of, are these risks that are top of mind for you? Are they evolving? Like, how are you thinking about them? And then two, you know, what role do you see tech playing in evaluating performance, in identifying issues before they happen, and basically managing third party slash supplier risk? And I have haven’t decided who I’m coming to first, so I’m gonna come to Neil first. Perfect. And so, yeah, again, a lot of our clients when we when we talk to vendor risk management, it’s a huge part of what we we do for our clients. It is very specific for a lot of our clients because, obviously, we work across all industries. I think the key challenges that we see, and I’ve listed a few down, but limited visibility. Risk teams are often relying on static questionnaires, sort of reviews that happen over time. They don’t capture real time information. I keep going on about it real time sort of, you know, data, but this is key for vendor performance. Fragmented data is also is also an issue here as well. So information about vendors is, you know, spread across procurement, legal, compliance, you know, all of these different areas, and and it makes a holistic risk assessment difficult. And then the the sort of reactive approach as well. So issues are only ever discovered when things go wrong or or something comes up and or in or into disputes or or whatever it is. So they’re they’re the three real issues. And and the way technology or the way Origami works with our clients is is allows you to continuously monitor sort of the the information that’s out there. So you can start, you know, whether it be credit ratings or ESG scores or whatever it is, you can constantly have that information to hand, then driving workflows off of that. So, you know, that goes down to the automated risk scoring process that allows you to sort of flag these things up. Predictive analytics is also, you know, I think Roberto sort of mentioned that that part of it is difficult, but the the the you you need sort of a foundation to be able to do the predictive side so that you’re getting that quality of data into in is always important. And then and then really sort of the so there’s a smart contracts in the blockchains as well is important as well. So ensure ensuring the transparency and enforcement terms is critical across all the vendors that you’re working with. So, yeah, I I’d say technology enables that risk teams to move from a a a a more of a reactive to a proactive approach by continually monitoring, looking at AI driven sort of processes around rescoring, things like that. So, yeah, that’s where that’s where we focus normally. But Great. Roberta, you’re nodding. Do you agree? I always nod, so you can always go to me and nod. No. I I agree with with Neil. The to be fair, vendor management, I don’t spend a huge amount of my time on, but the amount of time I spend always kind of flushes out two clear areas. And, again, building on Neil’s point, which sort of I was thinking about it as well just before before the question. So there are two areas. So for me, it’s evaluating the supplier and and onboarding the supplier and then the monitoring of the supplier. I think when it comes to evaluating the supplier, so what was Neil was talking about sort of the data coming through the ESG sort of scoring, etcetera, etcetera, is is extremely important. And when it comes to monitoring of the supplier, I think the linkage between the contract and the actual performance. So to be able to automate whatever has been agreed contractually into a a live sort of performance monitoring mechanism makes a huge difference, I think. So for me, those two areas are are are very important to to get better and better at if if you want. Kevin, what’s your perspective on this? You know, is suppliers, third party risks? Are they growing? How are they changing? What’s your I mean, you know, we so we operate across numerous markets. We employ thousands of people. We indirectly employ thousands upon thousands more. And, you know, health and safety, for example, is a is a huge thing for us. Everyone should go home safely. We no one should get injured. But but, obviously, in different markets, it that there’s greater challenges. So for the UK, you know, we have a very strong sort of powerful government body and processes and culture that goes with it, but in another market, that’s not the case. And so one of the the main issues we have is subcontractors. You know, we employ lots of contractors, and they’re told to do how they should discounts the way. But, essentially, you know, if you’re working for us ten percent of the time, you might go to another contractor who doesn’t want you to work that way. So, you know, they want you to, oh, why are you working so slow? Don’t do that thing. Do do this unsafe thing. Not quite to that extent, but it’s very similar. So one of the things that I’ve seen recently completely taking it off the tangent. You know? One thing that we have in in certain markets, we have cameras. We have camera systems set up that basically use AI to assess what’s an unsafe action. Right? So if Roberto was doing something that he shouldn’t be doing, it doesn’t get flagged straight away because, you know, we’re in the early the early days of this product and and and the process and technology. But at the end of the day, the site manager will get a a message saying Roberto did this thing. Neil did this other thing, and Kevin was perfect. But, you know, joking aside, the reality of it is these things only get will get better with time. So, you know, we will move towards a more real time process where someone will get an automated thing or could be attached to his cab. We have things like things with Volvo where we use automated systems on on cabs, they can’t move people over things on those lines. So I think it’s construction is slightly different, but safety is a is a is a key thing for us. And and that’s the that’s the start of the evolution as it is with with many other systems. Lovely. I’m just gonna pivot slightly to the poll results because I think they’re interesting. So we asked which technology is in the biggest potential to transform transform your risk function, and the options were AI slash machine learning, integrated risk platforms, automation tools, and then not sure yet. And so integrated risk platform, Neil, you’ll be delighted to hear, was the top answer. AI machine learning was second place, and then automation tools was quite a way behind it with just fifteen percent. So, like, integrated risk platforms was forty four, AI machine learning was thirty seven, and then automating automation was down at fifteen. I guess I’m interested, at least to start, and I’m gonna come to you, Neil. Why do you think that people are less convinced by automation tools? Or is it do they like, what do you think is going on here? Are you surprised by these results at all? Like, what’s your perspective? No. I am I surprised? No. No. I’m never surprised now after being in the industry a long time. The the the there’s a I’d say there’s a number of questions around that. It’s it’s this the unknown integrations, automation tools, things like that. That that’s a big concern for people automating tasks, automating things. You know? There’s the human in the loop is is really, really important for a lot of things that we do. And that’s why at Origami, we introduce, AI as human in the loop because you don’t want to completely and utterly take away the decision making and things like that, which is really, really important. So, yeah, I’m never surprised to hear that because that is part and parcel of what these guys do, and it’s really part a really important part of what they do. I think where we see automation coming in is those mundane tasks, the real maybe, you know, we got tools that allow you to read documents and just upload that document and read the information and pull that information out. It could be any document, any language. You can do it very, very quickly. You know, Kevin mentioned things like the identifying any issues before they even happen. So we have a partner that we we work with and and on a on the health and safety side of things, and it can monitor things and raise near misses and things like that. You know, if you’re sitting at your desk incorrectly or or whatever it is, it can raise that. So but but that look that is scary to a lot of people, that sort of automation, if you know what I mean. So, yeah, I I’m not surprised in in that sense. Roberto, what do you think? Do you think it’s the, like, the risk management industry is understandably not that convinced by, like, completely outsourcing their own jobs? Like, is it is it just that the other things feel more powerful? Like, is there stuff that you’d consider automated? Where where do you sort of stand on automation within risk management? I think there’s maybe I’m gonna give an unpopular answer here, but there is a a skill gap to an extent as well. So the tools are are there, and they’re developing really fast. Risk management type functions are willing to adopt those tools, but not necessarily, a, they have not just budget, but but the buy in in general to invest the time and the journey to get to those. So the I wasn’t surprised by the the first I don’t have the poll in front of me, but the the first answer that was, I think, around integrated tools or something similar. I’m not surprised because in reality, a, you need to have a massive scale to to sort of justify the investment. You need a a certain type of of buying from management to support the investment on these kind of things, and then you need to implement. So in reality, many organizations are still working off, as we were saying earlier, spreadsheets and disjointed bits of data. So, yeah, I think there is also that kind of call it skill gap, call it whatever you want, but that bridging of the technologies out here. But in reality, the pace is somewhere lagging behind. So that that is probably the the step that needs to happen next to to fully exploit the technology that is available. Yeah. That makes sense. Kevin, anything to add here? Only by the demographic who’s viewing this. I mean, you know, it would be interesting if this was a risk manager heavy sort of view and whether you’d actually get a different view if you had, you know, different kinds of leadership, for example, attending this thing or or coming without that sort of folks in the first place. So that’s, you know, that’s the I play devil’s advocate in in these sort of things at the best of times. That’s why I’m always in trouble. But, you know, I think that’s I I think that was quite interesting. I I I need and, you know, what is automation at the end of the day? So, you know, some of the people who who who ticked the automation box, they might have a very different view of what automation is to them versus what it is to me. Yeah. I think that’s reasonable. I’m just gonna remind the audience a final time. If you want question if you want to ask questions, get them in now, and I will put them to our panelists. I wanna ask you something just based on what Roberto just said, actually. And it’s about the the concept of a skills gap. So, like, risk managers are not necessarily tech experts. They’re not necessarily expected to be at the forefront of technology understanding. And as you say, this stuff is moving quite quickly. It’s evolving really fast, and it’s exponentially getting faster. Right? And and some of us work in industries that are not particularly quick anyway. Others might work in industries that are more quick, but even so. And I guess it’s just like, is there a I think well, you could have already said there is a skills gap, but, you know, how do how can we make sure that the risk profession has the skills that it needs to be able to take advantage of the opportunities and efficiencies that come with good technology? Like, how can we make sure that the risk profession is sufficiently tech skilled and tech minded for this stuff to be useful? And I don’t really mind who goes first. If somebody wants to jump in, you’re welcome to. Otherwise, I’ll pick on one of you. Roboto. Pick on me. I I think I’m not gonna give a very long answer here. But and Neil is probably the the best person to to speak on this. But I think the solutions are going towards what we low code, no code type solution. So the level of skills, technical skills required is sort of less and less dominant. Where I think there is a huge opportunity is to to work closely with vendors in this case to leverage the most we can out of a of a tool. The low code, no code thing, it basically means we can put together, for example, a reporting without being experts in Python or whatever. So that’s one thing. The second thing for me is also the start going back to Kevin’s point of start things more. I think there is the need to demonstrate value through sort of low hanging fruit, high impact type type projects. And those kind of unlock the the buy in and the investment on up upscaling, training, bigger, better tools. I think sometimes we are all culprits of going aiming for the stars, getting the whole big suite of tools, and getting everything to achieve something that maybe needs more than just the tool. So that progressive upskilling is is very important. But I think the technology is there now to to start from a position of trialing things without having to go through and going back to the end of no code thing being the best example. The technology is evolving so much that you don’t need to become a risk manager and Python expert. You can do things with what’s existing, but creating that ecosystem with your vendor is is very important, I think. Yeah. That makes perfect sense to me. Kevin, anything to add on this in terms of, like, skilling? Yeah. I I would say networking is always a a useful way. You know? I mean and and and both within and without your industry is very important as well. Don’t be don’t think that, you know, if you’re an oil guy or you’re a, you know, a, I don’t know, a taxation person, whatever whatever the thing is that you’re dealing with, I I think it’s very important to to network and share experiences and see where they’re coming from. Certainly, you know, I mean, I’ve I would spend some time with a guy risk head of risk for a big hotel chain. And and his main risk was actually the English language because or or a language because in a lot of the markets they operate in, there’s there’s almost zero language. So, essentially or a very low level of education. So a lot of their documents, materials, everything are pictures. Okay. That’s a pretty fascinating thing. You if you haven’t seen it with your own eyes or you wouldn’t even consider that. Well, I certainly wouldn’t. So, you know, risk management is a very diverse meta industry of its own. So feel free to reach out to other people, myself included. We’ve got a question from the audience. I’m oh, no. I’m gonna come to Neil first on this question, and then I’m gonna that’s what I’m gonna To to be to be honest, I think Roberto and and Kevin sort of answered a lot of it, but I would say that, you know, the demographics of what we got on this call and who we’re talking to, risk risk managers are, by nature, they’re risk averse, and new technologies, things like that is is a risk. So the upskilling of the teams gradually, the high impact task, make it get you know, getting wins quick on the table, things like that is really, really important. You know, there’s AI and things like that. There’s a lot of overhyping that goes on out there in the market with AI. So you you sort of work with vendors that have the integrated cross the platform and things like that is really, really important because then you see a gradual and a and a and a meaningful sort of approach around that. Lovely. Thank you. Okay. So we’ve got an audience member who has asked, are there enough use cases to demonstrate that a portfolio of risks can be monitored and escalated effectively through an automated AI system? What does it take to get to that level? I forgot. Any volunteers? Or I think I’m gonna throw it at Neil first, otherwise. Good start. No. Perfect. I I yeah. We we’ve got quite a few clients that that that are trying to get there, have got there in terms of case studies. And and sort of goes on to sort of the last question a little bit as well is that we we tend to see clients, they start cleaning and and getting existing data correct. They start they use low code, low cost cloud based analytics tools, which have AI features built in and are also evolving over time so that their data is evolving with it as they go. Automate and this goes to to the last question as well, really. Automate the simple high impact tasks to get wins very quickly and and really upskill teams gradually. So provide that training on on on sort of the AI, the interpretation of the data. Deep technical skills aren’t really required here, but it’s understanding sort of the process, the culture that’s going on. So so leveraging so really leveraging that existing data, adopting a cloud based analytics tool. We’ve got quite a few sort of case studies around how clients do that coming from Excel documents, you know, emails, things like that. We we’ve taken them all the way through that journey. Lovely. Roberto, anything to add to that? Not a lot to add, but I I agree. I think it’s all underpinned by data quality. So the answer to this question for me is there are use cases, but they are fragmented. And often the root cause is is the quality of data that needs fine tuning and needs work. Something that maybe Neil, I’m not sure if if he touched upon, but I think it’s very important when it comes to sort of enabling AI that the governance is is clear and set up early. Things like transparency, bias, and stuff like that. It needs to be tackled early on because, otherwise, you are sort of reacting to a poor outcome as opposed to sort of anticipate that. So I think there are to the question, I think there are cases, but there’s a lot more to sort of make sure this is not just isolated cases, but they become a, sort of, coordinated risk management landscape as opposed to sort of examples of AI being used in in in risk management. Yeah. There’s also just to you, Roberto, there’s a a second question that kinda says, if AI gave you complete control of your data and decisions, would you still hesitate to use it? Now I don’t know if you are hesitating to use AI, but I thought I’d just throw that into the mix. Like, if I guess or at least twist it slightly and say, what are governance is clearly one. Are there other hesitations around AI that are kind of holding risk managers back from using it? Governance is but by governance, I don’t mean sort of sitting in meetings for hours. By governance, I mean sort of having clear direction on what is acceptable for an organization versus what is not acceptable and where are the sort of standards when it comes to, again, you know, explainability bias, etcetera. So the governance for me is is paramount, is the most important thing. And then I go back to what I was referring to earlier, which is what I call the skill gap. That’s a timing thing. I think if you are as old as me, you probably have a natural reticence to AI, etcetera, etcetera. As we move on, there’ll be what, in other fancy world, AI native workforce, and therefore, that reticence will go away. But as the reticence and the sort of self scrutiny goes away, that’s where, again, the governance comes in because it puts clear lines in the sandal where we want to operate through AI. AI for me is a is a is a tool again. I mean, we can talk about the about it separately in another webinar, but AI is nothing different from a human thinking. It’s just a million times faster and a million times more powerful. But the same risks apply just multiply to to end power. So, yeah, yeah, I’m I’m waffling on now on on AI, but I think it goes back again to governance and skills and to to but each sort of organization is different as well, and the industry as well dictates the pace of of adoption of AI. So it’s a it’s a very interesting, very good question, but it has a complicated answer, I think, in my view. Yeah. Reasonable. Kevin, so yeah. So it was kind of firstly, what are your well, secondly, what are your hesitancies? But, also, do you think that there are use cases that demonstrate that portfolio risks can be, like, effectively monitored and escalated? Do you think that’s the future? Is that where this is heading? Well, I think I think that there obviously will be organizations doing it now. It’s probably within organizations which have a much simpler sort of model than we have. You know? I mean, if you if you were I I always come back to Six Sigma and things like that and, you know, car manufacturers. Potentially, I’m not saying car manufacturers not without risk, particularly if any of us are listening. But, essentially, you know, the fact is they control their they control almost in their their universe. They’re still at the the most of the supply chain, sure, but they know where the parts are coming from, when they’re gonna get the parts, when it’s gonna be put together, and everything else. Whereas construction, every job is is is that times a thousand, you know, in terms of uncertainties. So I think I think construction, unless you’re a dedicated person and working on a very specific thing with a cookie cutter process, I think it’s gonna be very difficult to get to that in the construction industry. Everyone’s gonna strive for it because every game is a game. There’s no doubt about it. Every every bit closer we get, then it’s it’s it’s more positive for your organization. And I think we’ll be still hearing you know, unless AIs have taken over, it’s all the latest rule today. In a hundred years’ time, we’ll probably still be hearing construction still plugging up. Okay. So I guess oh, we’ve got another another audience one has just popped in. Let me just read it. It’s more of a comment. A possible good use of AI as a risk management tool is to automate risk monitoring, I e monitoring at KRIs versus risk tolerance and appetite limits. Any thoughts on this? Does anybody have, like, initial thoughts on that? Does that seem like a good use case? Is it something that anybody’s doing or that their clients are doing? Yeah. I think we were sorry. I’m jumping in, but I I think we covered it before a little bit. I think defining clear KRIs and supported by good data quality in your organization is definitely one of those, in my opinion, sort of small targeted high value efforts that are worth considering if you take I don’t know. I don’t want to specify you know, I don’t want to speak about an industry in particular, but take, for example, complaints as an example. You could use AI to leverage this, provided you’ve got clear ARIs, clear sort of definitions, etcetera, then it’s definitely one use case where you’re able to see AI being quickly implemented and the most and be able to demonstrate success as well through through the implementation of AI. Yeah. That makes sense. Neil, Kevin, anybody want to jump in and add anything? Or No. That that was spot on. It was it’s we are seeing this a lot as well. But but having that sort of baseline of what you want and building on it and making it simple for AI is important. You know? If you’re going from spreadsheets to then trying to automate everything in AI, that’s never gonna happen because that is overwhelming straight away. And and small things, as as Roberto just mentioned there, is key wins. And then you see success, and that’s something that we absolutely do all the time using sort of AI features, understanding things, you know, building on patterns, but also keeping human in the loop on that as well. It’s very important. Okay. We’ve got about five minutes left, so I’m just gonna ask one more question. And if you can I was gonna ask you for steps, but I’m gonna ask you for one step because we need to wrap up in in five minutes? But as you know, okay. If if our risk management audience is wanting to move from a sort of reactive world of risk management to a proactive one by harnessing technology specifically, what what is the one step? What is the one thing that they should think about doing to begin integrating some of this stuff into the processes, but, you know, without, as you’ve said, running before they can walk, without spending money that they don’t have? You know, where do where does where do you think that people go from here, what’s the first thing they do, or what’s a practical thing that they can do as a result of watching this webinar? And, Kevin. Well, I’d say, you know, picking up on what Roberto said earlier, it’s low hanging fruit. It’s quick wins. It’s something to demonstrate that the thing works. So for and and, actually, you might you might go through two or three of these iterations, and it doesn’t work. But you’ll get the thing that does work for you. And then once you’ve got that, you’ve got something you can demonstrate to others even within your organization. Hey. This is the route we’re on. This is where we’re going. Because, you know, the one thing that that I’m sure lies with everything new is skepticism. Right? So whether you trust AI or you you don’t trust, that doesn’t matter, but we but you could still be skeptical about it, about whether it is the future or not. And the only way really of of getting people on-site is evidence ninety percent of the time, unless you’re a really good snake oil salesperson. You know? Essentially, you’ve gotta give them evidence. So start small, go for the big wins, or, you know, something enough to get enough of a thing. And it’s a cultural thing. You need to get that cultural revolution behind you. Lovely. Neil, what’s your one key takeaway? Well, the the obviously, I’m gonna say this, but avoid heavy upfront investment in infrastructure by leveraging cloud solutions. You know? But there’s a reason why why I say that because the cloud solutions offer AI features built in. They offer analytics built in. They offer connections built in. All of this is part of what they do, and you don’t have to use it all at once. So going on on what Kevin just mentioned, you can slowly implement it using that no code, low code approach of just configuring something to make it work here and then then build in something else. So that’s that that avoids that heavy upfront investment and allows you to roll it out very, very nicely. Lovely. Thank you, Roberto. Your final concluding thoughts. Final thoughts. The final concluding thoughts from any of the three of you, what’s the big takeaway? Very simply put, I think everything Neil and Kevin said applies, but also get your data right. Get your data quality, your data management processes, your your your your data environment right and and clean, and that kind of enables you to do anything else after that. If you have poor quality data, you’re gonna have poor quality poor poor outcome in the end. So I think the investing in in data quality is worthwhile in the end. Yeah. If you’re putting junk in, you get junk out. Right? So that’s where I stand. Yeah. Well, thank you so much, all three of you. Just as a reminder for our audience, our panelists were Roberto Zambelli, director of audit of Vodafone three Neil Scotcher, practice practice lead international business at Origami and Kevin Morecroft, head of risk at Skanska. I’m Sarah Mullen. I’m the editor of strategic risk. I want to thank Origami who are our cohosts, and I also wanna thank all of you for sticking around, for asking really interesting and insightful questions, for voting in the poll, etcetera. If you have follow-up questions after this, you can email me, and I can put them to our panelists. I’m more than happy to do that, and I’m sure that you can find all of our panelists on LinkedIn where they would be delighted to answer questions as well. So thank you very much, everyone. Thank you. Thank you.
Webinar Deepening Member Engagement: How Risk Pools Can Drive Value, Reduce Friction, and Ultimately Reduce Risk