The third-party risk management (TPRM) market is dynamic and compelling. I’m often impressed at the way this market continues to evolve and develop, pushing the frontier of innovation and competency. There’s so much opportunity in this market for interesting, revelatory, and meaningful work. And technology, software, and services are adding additional dimensions to how to best manage third-party engagements and risks.
In this, and two follow-up blog posts, I’m going to explore AI for TPRM including how, why, and where we at Aravo see AI benefiting this industry in the near-term and mid-term. It is a very large topic that’s undergoing constant evolution. What I expect to write for the final post today may well change between now and then.
There are few market innovations that hold as much promise as artificial intelligence. I was a market analyst for years, and I saw hype cycles come and go around technologies that excited the market for a moment, but then tended to become more evolutionary than revolutionary.
I recall hyperventilating executives exclaiming that their business had to have an asset management, or marketing automation, or social media, or big data strategy RIGHT NOW or they’d be crushed by their competitors and the fickle minds of the market. In almost all cases, there was a rational, reasonable approach, backed up by use cases that might have taken a few years to shake out, but were ultimately beneficial to their businesses.
AI is different. It has been around in some sense or another for decades. We’ve seen software that adapts to user actions in video games, in auto-complete words in email and document management software, and in improving navigation in our Google Maps or Waze apps on our phones, as well as making recommendations in movie and music applications. And beyond enriching our personal experiences, AI has been applied to climate and weather mapping, traffic and energy usage balancing, diagnosing and predicting the spread of diseases and developing therapies for those diseases. Many of the information gleaned (and vetted) from these applications can potentially be used within TPRM programs as part of data input and risk scoring.
The promise of AI is grand and there are new ideas and new applications for AI being developed daily. I expect to see significant and measurable improvement in health care therapies, where treatment can be personalized based on each person’s unique conditions, where digital assistants can provide help to those with debilitating diseases without ever growing tired, needing a nap, or losing track of critical needs. I see a potential democratization of software development and artistic expression because AI helps reduce the need for precision coding, bug checking, and hundreds of programmers to build an app. It can put creativity into the hands of those who never had access to music, art, and expression.
On the business side, AI has benefitted investors with lightning-fast financial analysis, defining market trends and buyer intention, and combined with big data systems, it has captured the digital footprints we all create across social media and other platforms, delivering unique user profiles for each of us. For better or worse, the application of AI to massive data sets about us has allowed businesses to target ads and information (and misinformation) at us that has been developed to invoke a desired response.
The potential for AI, both within business spaces and outside of them, is endless and can be very exciting. There’s talk of AI being able to better predict climate change, human and animal migration, and creating best-case solutions for both. Due to its ability to quickly process massive amounts of data that would take humans and older systems a thousand times longer to calculate. We (collectively, and within TPRM) are at an inflection point, a time for cautious optimism.
There are, of course, many reasons to be cautious about AI as well. These days, when elite tech companies create new technologies that they say will benefit our lives, we can be excused for being suspicious. Many of these companies have not ultimately proven to be motivated by what’s best for us vs. their own benefits. Thus, when some talk about their AI technology creating extinction-level events, it legitimately causes concern. Those who do so should not be surprised when a substantial portion of society subsequently wants to shut down their tech and call their baby ugly.
An example of potential negative implications of AI is the excitement in the market a year ago, when ChatGPT was suddenly all over the news. This really changed the discussion. The rush of new attention to, investments in, and teams building new capabilities with AI was phenomenal. But, as much as it’s touted as positive and able to solve humanities problems, it has areas of concern of its own.
AI engines take in the information that we feed it and it finds, it processes that information and creates output that is based on it. If that input is not carefully controlled, which it isn’t when the inputs are not strictly controlled, we should question the validity of its output. If AI learns and develops from intaking random, unvetted, or inaccurate information, it’s going to put out things that are also inaccurate, untrue, and should not be trusted. While recognizing that it is a work in progress, we’ve seen the AI images of people with eight fingers on their hands, we’ve seen it miscalculate and make simple mistakes, and we’ve seen it generate content based on faulty or manipulated source content.
Despite all the challenges with AI, it holds immense promise for the future. Many of the existing challenges around input control, internal processes and how an AI engine “thinks,” and optimizes outcomes will come with time. We are cautiously optimistic about AI in general and deliberate in our viewpoint and expectations for AI in risk management and TPRM.
There are few processes that are as unique to a business and as sensitive to how it operates as risk management. The why and how a business identifies, evaluates, controls, manages, and reports risks can be distinct and protected across the organization. While good risk management practices can create opportunity and advantage for businesses, it also requires human intelligence and insight to do well.
While there are clearly elements within third-party risk management and the GRC industry as a whole where AI can benefit users, improve processes, clarity, and efficiencies, the risks associated with opaque AI data intake, processes, and output remain considerable. Handing over the reins of sometimes delicate, often confidential, and always strategic risk management to a machine is not recommended. There are and will likely remain critical elements in risk management that require human intervention and oversight – where AI engines should not tread.
This is the first of a series of blog posts on AI in the TPRM industry. It is an exciting and potentially transformational technological advancement. This post will be followed up with another focused on the TPRM industry and the double-edged sword of AI within it in the next few weeks.
Please let us know your thoughts. This is already a dynamic industry, and AI promises to keep it interesting and innovative for years to come.
Share with Your Friends:
