Intelligentere Risiken, stärkere Geschäfte: Zusammenfassung des Gartner®-Berichts von Januar 2025.
In the face of increasing uncertainty, risk management can no longer rely on spreadsheets and gut instinct. A new era requires a data-driven mindset. Here’s how forward-thinking companies are using data and analytics to stay ahead of the competition.
Below is the summary of the January 2025 Gartner® report “5 Ways to Apply Data and Analytics to Risk Management” by thebrokernews, from the research and insights of Joel Backaler and Devanshu Mehrotra.
A surprising trend is emerging: many companies are taking more risks instead of reducing them. According to a recent survey by Gartner, 58% of board members plan to increase their risk appetite in the years 2024-2025 in order to boost growth and gain market share. But while executives are ready to move quickly, many risk managers are still stuck in the old structures.
The gap between management expectations and traditional risk management capabilities is widening. To close this gap, risk professionals need to evolve – moving away from workshop-heavy, spreadsheet-dependent approaches to agile, technology-driven systems. Here are five best practices for integrating data and analytics into your risk management process.
1. identify: Going beyond the spreadsheet
Today, risk identification is often limited to structured data, such as CSV files and manual reports. However, this is just the tip of the iceberg. True insight into risks lies in semi-structured and unstructured data, such as audit reports, news feeds, minutes of stakeholder meetings and even video content.
By integrating these richer sources, companies can better identify weak signals and emerging threats. For example, geopolitical event feeds and sentiment analysis from social media can alert organizations to reputational or operational risks before they make headlines.
Insight: Cast a wider net to identify risks earlier and more precisely.
2. evaluation: from gut feeling to hard figures
Qualitative assessments, i.e. scales from 1 to 5 and best estimates, are still widely used in enterprise risk management (ERM). However, their limitations are obvious: they have problems with consistency, aggregation and relevance for decision-making.
This is where risk quantification comes into play. By assigning real monetary values and using statistical models such as Monte Carlo simulations, risk managers can express in monetary terms what is at stake and how likely each scenario is. This allows for clearer communication with senior management, more precise prioritization and smarter trade-offs.
Insight: The quantification of risks transforms abstract threats into concrete findings that serve as the basis for measures.
3. mitigation: update your technology
Many risk teams are still juggling PowerPoint presentations, spreadsheets and shared drives. As risk increases, these tools can no longer cope with the complexity. For this reason, two thirds of ERM departments now use at least one governance, risk and compliance (GRC) tool.
Modern GRC platforms can do more than just manage data, they automate workflows, test controls across multiple domains and integrate seamlessly with compliance systems. Whether from corporate giants like IBM or agile disruptors like LogicGate, these tools provide teams with a structured, scalable way to mitigate risk.
Insight: A solid GRC infrastructure is the backbone of modern risk mitigation.
4. monitoring: Real-time or backlog
Quarterly reports are no substitute for crises that occur in real time. Leading companies such as Etihad Airways have implemented continuous performance and risk monitoring and integrated dashboards that track key risk indicators along with business performance metrics.
With Etihad’s Flight Deck app, executives and business unit leaders can monitor KPIs and risks at a glance and escalate threats as soon as they occur. This proactive approach transforms ERM from a back-office function into a real-time strategic partner.
Insight: Real-time risk information enables faster and more intelligent decisions.
5. reports: Let your data do the talking
Reporting is still a problem for risk managers. Endless hours are spent preparing data for different target groups. Standard GRC reporting tools are rarely sufficient. The solution? A unified data ecosystem that consolidates structured, semi-structured and unstructured data in a data lake and combines it with advanced analytics tools such as Power BI or Tableau.
This approach enables customizable dashboards, drill-down analysis and faster, tailored reporting, from executive summaries to detailed analysis. The result is clarity and speed instead of confusion and delays.
Conclusion: Improve your risk reporting by consolidating your data sources and visualizing the essentials.
It’s time to rethink risks
Risks are no longer a side issue in the back office. They are a strategic necessity, and data is the new currency. From better identification to real-time monitoring and meaningful reporting, these five practices can fundamentally change the way your organization manages risk.
Those who invest in data-driven risk management today will be market leaders tomorrow. Those who don’t? They may not live to see it.
Binci Heeb
Read also: Calvin Risk: Innovative AI governance and risk management for companies
