Process Intelligence can move businesses from reactive risk management to proactive risk mitigation. That was the conclusion of a roundtable discussion that focused on risk mitigation in the banking and insurance industries, hosted by Celonis and EY at Celonis Day NYC.
Facilitating the roundtable were Patrick McHugh, Lead Value Engineer at Celonis, David Palastro, Industry Principal Insurance at Celonis, Brian Clingen, Senior Manager Technology Consulting at EY, and Chris Lucado, Partner / Principal at EY.
Here are five key takeaways from the session on the role of Process Intelligence in risk mitigation.
Process Intelligence is the connective tissue of the enterprise. With the Celonis Process Intelligence Graph, businesses can analyze, improve, and monitor their processes — understanding exactly where value is hiding and how to capture it across areas like finance, IT and supply chain. Process Intelligence can be leveraged by risk management teams in very similar ways. With the entire organization accessing the same data and insights (provided by Process Intelligence), the business can function more effectively as a whole and risk management can be moved back into the business where it should be.
McHugh outlined several ways Process Intelligence can support risk management, including:
Analysis: Process Intelligence takes businesses away from an academic approach to what might go wrong, and allows them to see what actually goes wrong. This feeds more accurate information into procedures like risk and control self-assessments (RCSAs).
Monitoring: Control testing is often done six to nine months in money owed, but with Process Intelligence control monitoring can be continuous. Businesses get a better grasp of what’s actually going wrong and proactively fix it right away, instead of catching it retrospectively.
Process improvement: Process Intelligence allows risk management teams to standardize processes and ensure controls are actually working. As with any business processes, it enables nonconforming activities and bottlenecks to be removed.
External platforms: Process Intelligence can be used to enable external platforms including governance, risk and compliance (GRC) platforms, business process management (BPM) platforms like Symbio (which was acquired by Celonis in November 2023), and generative AI technologies.
Clingen explained how clients are reporting escalating costs in risk management, with an apparent disconnect between the first and second lines of defense in their opinions on true risk. The first line – the risk owners and managers – are reporting an inability to actually mitigate risk effectively with the tools available to them, and while the second line – those responsible for risk control and compliance – would agree, they still report a need for more focus on risk from the business.
He suggests one reason for this is a highly manual approach to risk management. As business complexity escalates, and technology is increasingly used behind the scenes, it becomes harder for first-line risk managers to do what they need to do in alignment with second-line frameworks. Expanding their teams and introducing more pods for risk identification and control management just balloons costs without providing the necessary scale.
Risk management teams need the right tools for the job, and Clingen believes Process Intelligence is that tool, saying:
“We can actually extract the data, extract the log files and generate how the business process is actually running versus the theoretical. And what you see is all of a sudden there's these steps happening that they don't realize are happening. There are risks occurring that they don't realize, there may be missing controls, and some actually have controls that they don't even know they have.”
Gaining visibility into the business processes is a game changer, allowing teams to understand risks and aligned controls, as well as who the process owner is and which systems are tied to the process. But this shouldn’t just be a one-and-done activity. By tying Process Intelligence into existing governance platforms, risk management teams can get the platform to do a lot of the compliance work while they focus on being more proactive around mitigating new emerging risks. This is relatively simple to achieve by getting systems to talk to one another, sending data back and forth through secure APIs.
McHugh gave the example of a customer who doesn't make their mortgage payments on time. After 45 days the mortgage provider must send the delinquent borrower a written notice to contact the servicer and, if applicable, provide a brief description of examples of loss mitigation options. This entire process can be automated and monitored using Process Intelligence, with data fed back into the provider’s risk rating, preventing them being exposed to millions in potential fines from regulators such as the CFPB .
Understanding audit findings can be a minefield if compliance teams don’t have access to the right data. As McHugh observed, teams regularly get audit findings that say a control has been deemed inefficient, oftentimes without enough detail to determine the root cause of the inefficiencies . With the data-driven visibility provided by Process Intelligence they can understand the root cause far more quickly. He explained:
“If they have access to Celonis data, if you understand how you can slice and dice process mining data, all that dimensional data, they can give you a little bit more pointed findings to fix that solution. So you don't spin your wheels for a couple of weeks, and have a bunch of meetings to figure out what needs to be changed.”
Clingen gave an example of a financial institution that gets fined every time an interaction with a technology platform company takes too long. The institution could just set up monitoring that shows response times to Amazon, but that wouldn’t show what is causing the latency issues. With Process Intelligence it can see the end-to-end flow and identify commonalities leading up to the latency issues. As Clingen outlined:
“Celonis gives you that sort of transparency.You're creating a digital twin of your business process and seeing all the different variants, not just doing the one sort of simple and stagnate process flow. You can see all the different instances that are occurring and really start to get to “how do we prune those variants, mitigate that risk and put new controls in place?”
Lucado shared a similar example in mortgage origination, where processing times are supposed to be 15-20 days but regularly exceed that target. He said:
“Once you model the process across Celonis from a data point of view, now you can start dissecting why the process is taking longer. So for example, if there are 30% manual overrides, well why are those manual overrides occurring? Why are there deviations in the process? So you get very quickly to what those root causes are from a data perspective.”
Learn more about Celonis for Finance and Shared Services.
Testing controls through sampling has never been effective. It takes time to request samples, as well as resources to do the actual testing. And with 95% confidence it’s still possible for issues to get through. With Process Intelligence there’s no need for sampling as the full population is being monitored in near-real time. Teams don’t need to spend time writing manual test scripts, requesting samples, and performing trailing control testing exercises that only look at a subset of data and are prone to human-error.
The increased confidence from Process Intelligence allows businesses to move from a reactive approach to a proactive approach, and can have a direct impact on the bottom line. As McHugh described, having a better grasp on what’s actually happening can be beneficial for risk exposure avoidance, and can even allow businesses to set aside less capital for operational loss.
Read about how Process Intelligence can help your business with risk mitigation: