Lauren Doyle, product and platform specialist at Whyaye, explores what is behind the rise of automation in IRM and what it means for risk managers

In the financial services sector, the pace of innovation and the widespread adoption of cloud technology has vastly increased the number of third-party suppliers an organisation may rely on.

Banks which outsourced services to a handful of providers in the early 2000s may now have thousands of third, fourth and fifth-party suppliers across the world.

data automation

Indeed, according to Interos’s ‘The future of financial services: transforming operational resilience’ report, 57% of FS executives admit that they don’t have visibility over their supply chains.

Supply chain complexity is one of the reasons why IRM teams are facing an increasing workload. And it’s pushing automation further into the IRM space…

Picture an organisation that may have relationships with an increasing number of vendors, and an extensive, sprawling global supply chain.

”Supply chain complexity is one of the reasons why IRM teams are facing an increasing workload”

In this case, there clearly needs to be a way of efficiently handling the extensive array of data – from disparate sources – that this scenario generates for the business’s IRM team.

Technology is available which can connect data sets and improve how this is processed and managed by an organisation.

Automation can then be applied to data assessments – for instance in vendor risk management – which helps organisations to process this information more rapidly and mitigate risks more effectively.

The human factor

Organisations invest heavily in experienced risk management professionals. And again, automation is playing a key role.

Technology which automates some common third-party risk management processes can help save a risk management team’s time and resources, and enable them to focus their efforts on high-value tasks.

Their experienced IRM specialists’ knowledge and skills can be put to better use in areas which require a high level of intervention.

Increased automation can also have a positive effect on staff retention.

”In a competitive market for talent, an organisation that frees up time for its team to truly use their skills could attract the best people”

If a highly skilled risk management professional is spending all day, every day on data processing and manually testing controls, the likelihood is that they’ll be tempted to take their specialist talents elsewhere.

However, by automating some of the more laborious IRM processes, that professional can engage in more stimulating tasks – increasing the chances of a business keeping that staff member on board for the long term.

In a competitive market for talent, an organisation that frees up time for its team to truly use their skills could attract the best people, who will help it to improve its risk management capabilities.

Peace of mind

Risk reporting is the linchpin between operational process outputs and critical risk reduction and investment decision-making.

Organisations need to be able to trust in the accuracy of their risk reporting, gain timely insight and have a consistent view of their risk positions.

In the financial services sector, the introduction of The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) operational resilience regulations, which came into force in March 2022, and The Digital Operational Resilience for the Financial Sector Regulation (DORA), which comes into force in the European Union in January 2025, are pushing organisations to focus more on the data outputs of risk management.

Automation can help organisations be less reliant on the manual management of data.

Mistakes made in data inputting, or unconscious bias, can result in inaccurate risk reports. However, automating data processing in IRM improves accuracy, and standardises outputs. Thus, management teams and company boards can have more confidence in risk reporting.

”Automation can help organisations be less reliant on the manual management of data.”

Automating control monitoring can also ensure data sources are regularly monitored and assessed for compliance.

Risk managers can therefore gain a real time view of their organisation’s risk positions, and will be able to act more quickly to mitigate a risk and take a more proactive stance as a result.

Automation can support the operational processes of control monitoring risk management through key risk indicators and it can also support the aggregation of operational data to generate robust and accurate risk reports.

Key risk indicators can automatically flag up trends which may cause thresholds to be breached: this will trigger risk managers to reassess their controls, ‘plug the gaps’ and help the organisation to be in a stronger, more resilient position going forward.


Geopolitical upheaval, the impact of the Coronavirus pandemic, complex supply chains, increased regulation, technological innovation… they are all contributing to a shifting risk landscape: and it can be difficult for risk management teams to navigate this (and simply stay on top of the workload).

Automation is able to take some of this weight off the shoulders of risk specialists, while allowing organisations to benefit from more accurate and timely reporting, comply with regulations and identify and mitigate risks… before they can cause harm.

Lauren Doyle is product and platform specialist at whyaye.