Series: Part 2 of 4 (Read Part 1 here)
In Part 1 of our series, we outlined the top five priorities for a risk manager in their first 90 days. We discussed building trust, auditing the program, analyzing history, and evaluating partners.
Today, we are deep-diving into priority number five: Demystifying the Existing Tech Stack and Data Flow.
For many new risk leaders, this is the most daunting task on the list. It’s common to walk into a new role and find a "Frankenstein’s monster" of technology, a legacy system patched together with spreadsheets, emails, shared drives, and disconnected vendor portals.
You often hear the phrase, "We are data-rich but information-poor."
If you cannot see your risks clearly, you cannot manage them actively. To move from a reactive cost center to a proactive strategic partner, you must turn that data chaos into clarity. Here is your guide to auditing and understanding your new technology landscape.
Before you can introduce a modern Risk Management Information System (RMIS) or advanced analytics, you have to understand the current state of your data.
In many organizations, critical risk data lives in silos:
The danger here isn't just administrative inefficiency (though the pain of spending a week compiling a monthly report is real). The real danger is the insight gap. When data doesn't flow, you miss the correlations between leading indicators (like near-miss reports) and lagging indicators (like workers' comp claims), making it impossible to prevent future losses.
Your first tactical step is to map the journey of a data point. Don't just ask what systems are used; ask how they connect.
Pick a common scenario, such as an employee slip-and-fall incident, and trace its path:
If you find multiple points where data is manually re-entered, you have found a high-risk area for errors and a major drain on productivity.
Corporate IT knows about the major systems (HRIS, ERP). But they often don’t know about the Shadow IT that risk departments rely on.
Identify the crucial spreadsheets that run the department. Who owns the Master Allocation Spreadsheet? What happens if that person leaves?
If your risk program relies on an Excel file named FINAL_v4_ACTUAL_FINAL(2).xlsx stored on someone's desktop, that is a critical operational risk you need to flag immediately.
Once you have mapped the current state and identified the gaps, you can begin to define the future state.
The ultimate goal for a modern risk manager is a Single Source of Truth. This is a centralized platform where incident reporting, claims management, safety data, and exposure metrics converge.
When you demystify the stack, you aren't just looking for software problems; you are building a business case for a solution that provides:
You cannot manage what you cannot measure, and you cannot measure what you cannot see. By taking the time early in your tenure to demystify the tech stack, you lay the foundation for everything else you want to achieve.
In Part 3 of this series, we will move from the technical to the interpersonal. We’ll discuss how new risk managers can successfully navigate legacy relationships with long-standing brokers and carriers to ensure alignment with the new vision.