Risk Management Framework for DDO - Pt 3
by Leica Ison
Executive boards and Chief Product Officers are recognising that they need a next generation solution for product oversight.
Every product in an organisation’s portfolio mix moves through an increasingly dynamic lifecycle profile and that makes product monitoring an even more essential part of managing the end-to-end product lifecycle. The dynamic product lifecycle can be broken down into stages, and using these stages makes it easier to monitor and control product risks. These product lifecycles stages are:
- Product planning stage
- Product development,
- Product introduction
- Managing the lifecycle risk of new and existing products.
- Product oversight & Leadership
Inadequate planning at each stage can lead to poorly structured product oversight and higher risks and costs for an organisation.
Data specialists use the acronym GIGO or garbage-in-garbage-out to reinforce the point that good analysis requires timely and unadulterated data. This was a problem at Westpac where a combination of disparate legacy systems and the failure to maintain them rendered the data quality poor and the reporting a nightmare.
The EY CPS220 report on Westpac's risk management framework rates the bank's IT Infrastructure as partially adequate and partially effective after finding poor data quality, manual workarounds and system capacity issues. It recommends the bank elevate the resourcing of IT as a priority to address the issues. A lack of technological stability and grunt would be frequently cited as a “root cause” of many issues at the bank. It paints a picture of a risk team that was so consumed with putting out spot fires that it never saw the AML-CTF iceberg until it was too late.
Proper analysis of a product lifecycle requires unadulterated timely data. The traditional approach to management was built around annual business or strategic plans developed with the boards, they dealt mainly with product planning and budgeting cycles. However, with speed change and the uncertainty we are now experiencing with more frequency, we will see Directors and Chief Product Officers move towards a quarterly or 90-day product review cadence. At Skyjed, we call this modern approach – product auditing.
“Data used for risk reporting is sourced from many disparate sources, and in some cases, the data resides outside systems (e.g. manual spreadsheets) .... there are challenges in data aggregating due to the manual process of extracting data from paper-based files,” the report said.
In one instance of rickety systems and poor practices, a piece of work being performed on a large amount of data in a sandbox environment was accidentally deleted. Permanently.
In Skyjed, product planning and monitoring is conducted as a consistent process and includes the automation of product risk assessments. The combination of auditing cycle and automated risk assessment gives business leaders a unique and transparent view of their product portfolios,
Product planning and forecasting become 90-day activities set with risk action plans – in combination with a cross-functional team that joins a virtual workspace. The entire process is automated and supported by new technology to provide data and insights that aren’t available in other solutions.
This enables the C-suite and product leaders to be more dynamic and productive in our current economic circumstances. Skyjed dovetails into your product and risk management with ease as businesses become acutely aware of operational and non-financial risk in their product portfolios. Product and risk reviews that may have taken weeks in the past culminating in lengthy reports or PowerPoint decks can now be visualised, measured and compared in product health-check index.
The Skyjed product lifecycle management and governance platform provides organisations with a 360-degree view of their product portfolios health and risk status while facilitating collaboration, transparency and product trust in the day to day operations of the organisation.