Key Takeaways
- AI skepticism remains a hurdle: While interest in AI is high, doubts about accuracy, safety, and trust persist. This emphasizes the need for accurate, transparent, explainable AI models with validation and governance.
- Focus on time savings for overworked teams: A major draw of AI is automating repetitive tasks and finding pain points. This frees up Third Party Risk Management (TPRM) teams to reduce friction with the business and tackle the increasing burden of assessments, including Nth party risk.
- Contract risk: AI’s ability to analyze and extract data from complex contracts fills a significant gap, helping manage risks often overlooked by traditional risk management programs.
- Earning trust in AI is key: Risk management professionals crave accurate and reliable solutions. AI adoption depends on providing transparency, demonstrating explainability, and building confidence through meticulous validation.
- Strategic empowerment: AI isn’t about replacing risk managers but enabling them to make proactive, informed decisions about risk. This transforms the profession and opens the door to embracing calculated risks for the organization’s success.
- The journey starts with the basics: Organizations often need help finding where to begin. Understanding how AI automates assessments and pinpointing specific pain points is the first step toward targeted solutions.
The Shared Assessments Summit, a leading risk management conference, brought together experts to discuss the latest trends and best practices. Sam Abadir, a risk management and governance, risk & compliance (GRC) solutions specialist, and Jason Eubanks, a risk consulting manager, were among those in attendance. In this article, we explore key takeaways from the conference, focusing on how artificial intelligence (AI) and automation can transform your approach to risk management. We explain how AI-powered tools, like Krista, can automate repetitive tasks, improve knowledge accessibility, and shift the focus of risk management professionals to strategic activities. We will also explore AI’s potential to unlock new ways of approaching risk. By using AI and automation, risk management professionals can streamline processes, improve efficiency, and contribute more effectively to the success of their organizations.
Automating Repetitive Tasks
A significant amount of time in risk management is spent on repetitive tasks such as data extraction, report generation, and document review. AI-powered tools can automate these tasks, freeing up valuable time for professionals to focus on more strategic work. For example, AI can automatically extract key data points from contracts, policies, and other documents, reducing the risk of human error and improving the efficiency of the risk assessment process.
Improving Knowledge Accessibility and Streamlining Processes
One of risk management’s biggest challenges is ensuring everyone has access to the most up-to-date information and procedures. AI addresses this challenge by providing virtual assistants that can answer questions about policies, procedures, and risk management best practices. This empowers staff to find answers independently and reduces the risk of errors caused by outdated or incomplete information. Additionally, automating workflows such as event reporting and mitigation plan execution further streamlines the risk management process.
Shifting Focus to Strategic Risk Analysis
By automating routine tasks, AI frees up risk management professionals to focus on more strategic activities. These include analyzing risk trends, identifying emerging threats, and developing proactive mitigation strategies. AI can also assist with risk modeling, helping organizations quantify potential losses, make data-driven decisions about risk tolerance, and effectively manage more risk.
Unlocking New Possibilities with AI
The true value of AI in risk management lies in its potential to unlock entirely new ways of approaching risk. As organizations experience the benefits of AI-powered automation and enhanced data analysis, they will begin to envision applications that were never before possible. This could involve using AI to predict potential risks before they occur or to develop dynamic risk management strategies that adapt to changing circumstances.
Getting Started with AI and Automation
Risk management professionals interested in exploring AI and automation should identify repetitive tasks and areas where information gathering is cumbersome. These areas are prime targets for automation. Several AI-powered risk management solutions are now available, and many risk management associations offer resources and guidance on implementing AI. By embracing AI and automation, risk management professionals can transform their role from reactive to proactive, ultimately contributing to the success of their organizations.
Links and Resources
Speakers
Transcript
Scott King: Hello everyone, and thanks for joining our Shared Assessments office hours. I’m Scott, along with Sam and Jason. We’re here to discuss how we can help you tackle those time-consuming risk management tasks. Specifically, we’ll cover how to drastically reduce the workload of vendor assessments. Feel free to leave comments below, and we’ll address them shortly.
Sam, you mentioned getting some intriguing feedback at the summit. People were skeptical about how they could save 80% of their time answering assessments or filling out SIGs. Can you elaborate on that?
Sam Abadir: Absolutely. Some people simply didn’t believe it was possible, especially after trying some basic desktop chat tools for this task. Others doubted the accuracy and safety of AI-powered solutions.
But what was really interesting is how many people came back the next day, completely converted! They brought their colleagues along for demonstrations because they were so convinced by what they saw.
Scott King: That kind of instant win with new technology is always exciting. Jason, from your perspective, what was the most interesting conversation you had at the summit, and what was this person particularly keen to understand?
Jason Eubanks: It was great to be back in person after such a long break. A lot of the conversations revolved around where to begin with implementing AI. Specifically, people wanted to know how AI could enhance their existing risk management tools (whether it’s specifically for vendor risk, cyber risk, or broader solutions). I had one in-depth discussion with a large insurance company where we mapped out different AI use cases within our Krista platform to streamline their pain points.
Scott King: It seems the shift from AI being just a buzzword to a real solution is a significant change for people returning to the summit after a few years. Sam, what stood out to you the most in your conversations?
Sam Abadir: Just to add some background, both Jason and I worked for a GRC (governance, risk, and compliance) company before joining Krista. A common challenge with GRC tools is getting all the necessary data into them. While the Standard Information Gathering (SIG) assessment is excellent, it can be time-consuming, and vendors may simply provide documentation instead.
That’s where Krista comes in. I was excited to demonstrate how Krista can directly answer SIGs by reading any documentation provided. Many were surprised because they assumed Krista was solely a SIG answering tool. The ability to orchestrate other processes, like Know Your Customer (KYC) validation, was really eye-opening for a risk manager who felt overwhelmed by a vast workload and limited resources. It was rewarding to show how AI can make a significant impact on their risk awareness efforts.
Scott King: Yeah, the time commitment for those assessments is staggering. Eight hours for one, multiplied by a thousand… that could be someone’s full-time job for years!
Sam Abadir: Exactly, and most teams can’t afford that kind of resource drain.
Scott King: On a similar note, Jason, I remember you mentioning the complementary solutions aspect and how Krista can work with existing tools. Could you elaborate on that?
Jason Eubanks: Definitely. Many companies already have some GRC and risk management tools in place. But, there’s often still a gap when it comes to these in-depth assessments. Krista excels at filling that gap and can then seamlessly integrate the results back into existing solutions, whether it’s GRC, third-party risk management, or even ticketing systems. That kind of integration was a big differentiator for us at the summit.
Scott King: It makes sense. Solving specific problems is valuable, but the real power lies in streamlining the entire process. So, Sam, apart from “how do I get started with AI?”, were there any other common themes or pain points that stood out in your conversations?
Sam Abadir: One major blind spot we uncovered was contract risk management. While many programs have assessment tools in place, the contract process often bypasses the risk manager. Lawyers review contracts for legal risk, and sometimes the business just signs them without deeper scrutiny.
The problem is, unlike standardized assessments like SIGs, there’s no single format for contracts. That means it’s vital to compare what you’ve agreed to against your own internal controls. Krista can do that analysis for you, flagging things like discrepancies in background check lengths. This helps close a critical gap in many risk management programs.
Jason Eubanks: I want to add to that. I attended a session where the topic was managing risk within your vendor’s own vendor network – the whole chain of interconnected businesses. Krista’s ability to extract and analyze that contractual data is key to mapping those risks throughout the whole chain. It also helps you understand your obligations to your clients.
Sam, you were talking about friction with the business – how does this tie into that?
Sam Abadir: Risk teams want to be enablers, but the constant need for assessments and documentation can cause friction. Krista and other advanced automation tools can reduce that burden by streamlining processes. For example, instead of repeatedly asking a vendor for the same SIG, Krista can pull it from their existing documentation. This improves relationships on all sides and builds trust.
Scott King: Can you elaborate on the impact of that friction between risk management and other departments?
Sam Abadir: Absolutely. It sometimes leads to frustration when assessments feel like roadblocks. But vendors also get overwhelmed with repetitive requests. Krista fosters collaboration. You get the data you need, and the vendor feels like a partner, not just a form-filler.
Jason Eubanks: And from an auditing perspective, advanced automation makes those requests for evidence far less intrusive for the teams you’re interacting with.
Scott King: We’ve talked about how time-saving Krista can be. Let’s explore some specifics to make the impact clear.
Jason Eubanks: Absolutely. One key area is automating repetitive tasks. Many businesses still use manual methods in their risk management workflow. Krista can streamline processes like extracting data from documentation or aggregating and sending findings to existing systems. This removes tedious tasks from the human workload.
Sam Abadir: Exactly, Jason. There are often pain points that are obvious starting points: tasks repeated over and over, or finding information from multiple sources. I also ask people “What do you find hardest about using your current software?” Identifying these high-friction areas is key to targeting where automation can make the biggest difference.
Scott King: This ties back to a point about risk reporting. People get frustrated if they don’t know the process or have to keep remembering logins. A simple way to solve this would be…
Jason Eubanks: Definitely. Imagine a risk manager being able to simply ask Krista, “What’s the policy for event management?” and Krista immediately provides the information and links the official policy document. That streamlines the whole process and empowers employees to find the answers to questions themselves.
Sam Abadir: So true. Finding and correctly applying information is a major source of friction and potential errors. Krista makes this far easier and less prone to human mistakes.
Scott King: So, if we remove these time-consuming activities, what can risk management professionals do with the time they gain back?
Jason Eubanks: The fun stuff! Analyzing risks, designing mitigation strategies – the proactive work that makes a real difference to an organization. That’s what people go into risk management for!
Sam Abadir: Exactly. Risk isn’t just about avoiding bad things. It’s about understanding how much risk is acceptable when pursuing business goals. AI like Krista helps remove uncertainty, enabling risk managers to guide the business on taking calculated risks to achieve greater success.
Scott King: That’s a powerful change in perspective. Jason, can you wrap things up with a real-world example and a call to action for our listeners?
Jason Eubanks: Absolutely. We’re working with an advisory firm specializing in ESG and cybersecurity. They used to spend 40 hours on each initial assessment. Krista now does that first pass, automatically flagging issues like missing documentation or where she’s less confident in the answer. This gives managers a focused starting point. That kind of time saving across multiple clients translates to major ROI. The time for AI in risk management is now, and Krista is a solution that works.
Sam Abadir: And it’s not just about the initial wins; that’s when the possibilities open up. Once organizations understand the potential, they start asking “What else can we do?” Because of Krista’s speed and accuracy, they begin envisioning things they never thought feasible before. That’s where the true transformation happens.
Scott King: That’s a great point, Sam. If you’re intrigued by these possibilities, visit krista.ai or, specifically, krista.ai/summit for risk management resources. You can also connect with Sam on LinkedIn. Thanks again to Sam and Jason for the insightful discussion!
Read our comprehensive LLM testing guide
See how several LLMs fared in our test and steps to run your own tests for each of your use cases.
