Risk Chat: How Can Companies Mitigate ERM Data Risks?


CFOs are responsible for ensuring that their company’s financial disclosure is a trusted data source.

Sherlock Holmes author Sir Arthur Conan Doyle is supposed to have said, “It is a capital mistake to theorize before one has data.” But what about theorizing before one has clean, high-quality data? The answer is elementary: at least 40 percent of business initiatives fail due to poor-quality data, according to IBM.

The question should be on the minds of corporate finance executives and risk managers whose enterprise risk management (ERM) programs increasingly rely on data to fuel their operation and effectiveness. To sleuth out how data is reshaping ERM capabilities, I chatted with Darren Peterson, vice president, ActiveGRC Solutions, an R.R. Donnelley & Sons Company. Peterson identified common ERM-data risks and ways to address those issues.


Business Finance: What is the role of data in enterprise risk management (ERM)?

Darren Peterson:Behind almost every business decision is the evaluation of how that action will open the enterprise to risk. ERM relies heavily on data collected internally and from market sources, and the analysis of this data is used to mitigate risk. However, what happens if the data collected is erroneous or incomplete? Without consistent, quality data on which to base the analysis and ultimate action, enterprises are exposed to unnecessary risk.

The creation of consistent data for enhanced comparability between companies is one of the main drivers behind SEC adoption of the eXtensible Business Reporting Language(XBRL) financial filing format. Financial disclosures contain a wealth of information, and the new format of XBRL allows companies to easily analyze various data points within similar contexts. It also exposes the fact that data which appears to be the same is in fact different as it uncovers the context behind the numbers.

Prior to XBRL, companies were comparing figures that looked to be similar, but were not comparable, leading to faulty decision making. XBRL data provides a solid foundation for ERM and can help to optimize decision making.


What are some of the key data risks those overseeing ERM programs should keep in mind?

Peterson:Obviously any inaccurate data in a financial filing can lead to an inaccurate analysis of risk. When collecting and compiling data, the individual charged with evaluating it for risk management purposes must closely examine the source and assumptions used in its creation. For instance, SEC financial disclosures are a valid source for data collection and the detailed footnotes and tags within the documents clearly explain the meaning behind certain numbers.

Also, experts within various markets can help explain the nuances of a particular data set. A strong expert network – whether it is comprised of other risk managers, financial disclosure services providers or analysts – will assist in proper evaluation of the data and help alleviate risk.


What are some of the most effective ways to manage and mitigate ERM data risks?

Peterson:There are three steps enterprises may take to mitigate ERM data risks, including assessing the expertise of those involved in the tasks, the data collection process, and the technology tools that could aid in the analysis:

1. Assess what expertise is available internally.Who are the experts in your organization for certain areas of the business? Where do you need expert sources and where can you find these experts? Create a list and network of these individuals who have the expertise to gather and analyze specific data points. A chief risk officer with years of experience will have better insight and knowledge on what data is important than a junior-level employee. If that trusted individual does not exist internally, look to outside experts in the form of analysts and service providers who handle financial data on a regular basis.

2. Create a consistent data collection process. Develop the process by using trusted data sources and capturing that data using structured methods like XBRL to ensure its definition doesn’t get lost. Evaluate the source of any data collected, whether internally or in the marketplace. Is it a reputable source? SEC filings are a highly trusted and valuable source, whereas a blog post or social media post will not contain the depth or detail needed for proper evaluation.

3. Use technology tools to simplify the ERM data capture and analysis. Technology solutions that allow enterprises to create consistent financial disclosure data are critical to the analysis process. These tools produce the high-quality data needed for risk analysis.


Who in the organizations (i.e., job titles) typically work together to ensure that these data risks are effectively managed and communicated?

Peterson:All executives within an enterprise have a role in ERM. It is a joint effort amongst executives, including compliance officers, chief risk officers, chief financial officers and corporate counsel, to effectively evaluate risk associated with data points. CFOs have the added responsibility of ensuring that the company’s own financial disclosure is a trusted data source. CFOs must have a team of experts – consisting of individuals internally and externally – who can collaborate in the creation and communication of this data.

Discuss this Blog Entry 0

Post new comment
or to use your Business Finance ID
What's Full Disclosure?

GRC expert Eric Krell supplies the Business Finance community in-depth articles and commentary examining governance, risk, and compliance.

Blog Archive