Recap of Inclus breakfast event: Efficiency to ERM through digital collaboration and AI

A recently held Inclus breakfast seminar in Helsinki showcased insightful case studies from Purmo and the Patent and Registration Office of Finland, illustrating the integration of digital collaboration and AI tools to enhance the inclusivity of enterprise risk management practices.

The event featured two insightful case presentations: Purmo, a global leader in heating and cooling solutions, and the Patent and Registration Office of Finland.

Additionally, Inclus delivered a brief presentation on enhancing risk management efficiency leveraging AI. Here’s a brief recap of the key insights and strategies shared during the seminar.

Case Purmo: Experiences from collaborative enterprise risk management with Inclus

Prioritizing inclusivity and engagement, Purmo (www.purmo.com) has developed a comprehensive enterprise risk management (ERM) approach that aligns with the needs of a publicly listed company. The journey from scattered practices to a collaborative framework illustrates the importance of aligning vocabulary, processes, and action plans.

Presenting at Inclus’ breakfast seminar was Tuomas Laine, Head of Strategy Deployment and Enterprise Risk Management at Purmo.

Background for risk management at Purmo

When Purmo was publicly listed on the Helsinki Stock Exchange in 2022, compliance with listed company requirements became a priority. In risk management, this required the implementation of e.g. standard processes, an annual calendar, and clearly defined responsibilities. Previously, risk management was scattered throughout the organization with little central oversight.

Tuomas Laine explains, “Inclusivity and engagement became priorities, as we wanted to move from a narrow, top-management-driven approach to involving a broad range of stakeholders from different parts of the organization.”

He continues, “We selected Inclus as the risk management tool to first and foremost facilitate this broader engagement. At the same time, we also thought it was important to have a dedicated tool for risk management that we could use for not only collecting and storing information but also to produce robust support to our analytical conclusions and action planning.”

Roadmap to inclusive collaborative risk management

Launching into risk analysis rounds with Inclus, Purmo recognized that perceived risks varied greatly depending on who was assessing them, highlighting the importance of considering both global and local perspectives.

Standardizing and aligning the vocabulary was also crucial. Key concepts like ’likelihood’ and ’impact’ weren’t necessarily clear to all participants initially, so Purmo developed a shared understanding of the terminology used. Initial training sessions demonstrated how assessments and perspectives could influence risk management outcomes, ensuring that all stakeholders were aligned.

Temporary bias toward compliance risks over strategic risks

Over time, Purmo noticed an evolution in risk perception. “Two years ago, we noticed that compliance risks dominated our risk assessments, while strategic risks, somewhat counterintuitively, seemed less important,” says Tuomas Laine.

“This discrepancy was largely attributed to timing: compliance issues were at the forefront due to the company’s stock listing in 2022, temporarily overshadowing strategic risks. However, as the awareness and understanding improved about our company-wide risk management efforts, strategic risks became more prominent,” Laine continues.

Repetition, continuous learning, and process adjustments

Purmo emphasizes action-oriented risk management, believing that value is only realized by taking action based on risk assessments and integrating risk management into daily operations.

“While documentation remains important, action must occur at the operational level rather than being dictated by global risk management,” emphasizes Tuomas Laine.

Continuous improvement and iteration are fundamental to Purmo’s risk management practices. Repetition and learning curves have proven essential in refining the process. While baseline global risk management updates are conducted annually, country risk management and business impact analyses are carried out throughout the year.

Case PRH: Comprehensive risk management and shared responsibilities with the help of digital tools

The Finnish Patent and Registration Office (PRH) works for the benefit of companies and organizations. PRH registers companies, associations, foundations and other organizations and corporations, as well as enterprise mortgages and LEI codes. PRH also examines and grants patents and register utility models, and trade marks.

Presenting at Inclus’ seminar was Riikka Harjula, Director of Risk Management and Compliance at PRH.

Starting point for risk management and documentation

At PRH, traditional silo effects between departments have also impacted risk management. The organization began managing risks from an overall perspective about 3-4 years ago, moving beyond business unit-level management to achieve a more comprehensive view. Internal audit, results orientation, and legal obligations served as primary drivers for this shift.

PRH set clear principles and goals for its risk management, such as:

• Goal-orientedness

  1. Forward-looking leadership

  2. Integrating risk management into regular operations and processes rather than treating it as an isolated activity

Developing risk management

PRH followed the ISO 31000 standard, establishing a robust risk management framework with defined processes, responsibilities, and reporting practices.

Initially, the risk management process was documented in Excel. While Excel files provided structure, it was challenging to extract meaningful insights for analysis and decision-making. The Excel data was subsequently migrated into Inclus, offering a more practical solution.

Results orientation as the primary driver of ERM  efforts at PRH

Results orientation at PRH means risk management is incorporated into all goal-driven activities.

Riikka Harjula explains: “Our Director General is ultimately responsible for setting targets, while business unit leaders are accountable for integrating risk management into essential projects and processes. Comprehensive risk management works in a loop between target setting, monitoring results, and revisiting targets.”

Risk management at PRH encompasses both service and governance processes. Moreover, risk management is considered during the target-setting phase to ensure that targets are realistic.

PRH identified typical project risks, such as timeline delays or the need to secure additional financing, that necessitate considering risks already during the project planning phase. The organization has learned to focus not only on potential sources of risk but also the root causes these risk sources.

Experiences and observations, and next steps

PRH has now completed a second annual planning round using Inclus. Training needs have been identified on a case-by-case basis, reflecting the insights gained.

Riikka Harjula mentions several observations from the use of collaborative digital tools:

• Transparency and reminders: Enhances participant awareness and engagement

• Aligned risk categories: Risk categories are now aligned with organizational targets

• Communication: Preparing risk management forms and questionnaires communicates the activity effectively to stakeholders

• Individual risk owners: Risk ownership is assigned to individuals rather than departments

• Risk types overview: Offers an overall picture at the group level

Like in the case of Purmo, a uniform risk management vocabulary has proven essential for creating a shared understanding within the PRH organization as well.

An important lesson learned has also been that personal drivers and incentives can influence risk assessments. Individuals may overstate the risks in their own projects to stress their importance, while downplaying risks in projects they are not involved in.

PRH recognizes it is on a learning curve with Inclus. Yet as Riikka Harjula put it: “We see substantial untapped potential in using Inclus for further developing our comprehensive risk management.”

Speed, coverage, and structure to processing risks with the help of AI

Finally during the seminar, Mikaeli Langinvainio, CEO of Inclus, highlighted a recent study showing that already today, GPT-4 boosts the efficiency of skilled consultants by 40% compared to those not using AI in similar tasks. He emphasized that these efficiency gains will accelerate as we approach generic AI.

Mikaeli in his presentation ran a quick demonstration of how AI can enhance risk identification by complementing human thinking. Participants listed out risks their industries and businesses currently face, and AI was used to process this data, identifying additional risks and structuring the topics.

AI was found to add value by recognizing potentially overlooked risks, adding speed to formulating and processing the risks, and providing topic grouping.

However, humans still remain superior in interpreting facts, so focusing on judgment and interpretation remains crucial in enterprise risk management.