Search Results

In another of what will be a long series of proposals related to oversight of corporate environmental impact, the U.S. Securities and Exchange Commission (SEC) recently announced its own proposal on disclosure. Joining the efforts of many other governing and regulatory bodies worldwide, including the recent Corporate Sustainability Reporting Directive (CSRD) and Sustainable Finance Disclosure Regulation (SFDR) out of Europe, the SEC has now stepped fully into the fray as stakeholders ranging from conservationists to institutional investors seek greater visibility into the actions of large corporations to manage their environmental impacts. This announced proposal from the SEC has several key aspects that beyond accelerating current ESG efforts, warrant special consideration for large organizations, including: Accountability for not only quantifying the progress towards their environmental goals, but also clear identification of the risks and opportunities to those outcomes Requirements that will emerge from the call for more, better, standardized data that can help create a normalized view of progress across organizations As environmental impacts are only one component the current ESG push, it is reasonable (if not responsible) for organizations to assume similar proposals that extend into other areas. If the direction set by the SEC’s proposal moves in a similar direction to other geographies, it is also wise for organizations smaller than those within current scope to assume “scope creep” down into their realm. Unsurprisingly, the proposal has been met with immediate push-back from both sides of the isles, and it would be wise to assume that this proposal will go through several iterations before being finalized. But it would be similarly unwise to not view this as another significant signal of accelerated involvement by regulators in ESG. With that in mind, the SEC’s proposal also has some very specific impacts for Risk Management professionals: The near-term need for a focus on data gathering, risk register and cataloging of controls, other common GRC or Enterprise/Integrated Risk Management practices Regulation will be a likely driver for some (but not all) integration of ESG into Enterprise/Integrated Risk Management This will require starting with an approach that scales bi-directionally: integration across the growing array of regulations AND that expands across various data sources covering not only environmental impacts but social as well Again, this is an early but undoubtedly a significant step in what is growing momentum around ESG. At Archer, we believe ESG is much more than another regulatory thorn-in-the-side but is in fact one of the biggest drivers for more involvement in strategic planning for the Risk Management function. To learn more about how Archer customers are looking at the likely near-term and longer-term impacts of ESG on the Risk Management function, register now for our webinar, “3 Things Risk Managers Need to Know About ESG,” at 11:00am Eastern on March 30.

As new technologies are rapidly adopted, new opportunities open. At the same time technology also carries the burden of potential negative events. In addition, evolving regulatory environments add new compliance requirements, making the task of managing and mitigating risk ever-expanding. We wanted to know how the organizations are contending with digital risk management maturation, so we analyzed how our customers are dealing with evolving risks. We observed the majority felt that their organizations were able to manage at least some of their new, existing, and developing digital risks – in large part because of their path towards an integrated risk management strategy. This is a promising start and shows that even when facing unprecedented challenges, the road to maturing an integrated risk management program leads to not only reduced risk but more agile and informed business decisions Reaching a high level of maturity with integrated risk management can benefit an organization greatly. Managing a greater variety of risks across domains, and smaller categories of risk within domains are part of a maturing integrated risk management strategy. Maturity also means finding better ways for a risk management program’s findings to be communicated within a department or organization. Discover if your organization is making the right moves to mature your risk management program to guard against expanding risk by reading our report “The State of Integrated Risk Management.” Creating a Culture of Integrated Risk Management A risk management department doesn’t absolve stakeholders from managing the risk in their domains. In the same way that compliance is the responsibility of every person in an organization, integrated risk management strategies place risk reporting and mitigation in everyone’s hands. Today's challenges require managing a cultural shift from reactively checking boxes in a risk assessment program to a proactive risk management model that necessitates participation across the organization. Integrated risk management is a journey - not a destination. Even organizations with well-structured programs must continually monitor and evolve their program to ensure risk management is connected to business goals with cross-functional processes. Risk management processes and procedures that become fixed and no longer connect with the conditions on the ground can create more issues than they solve. When engaging front-line stakeholders, it is crucially important to ensure that when personnel report on evolving risks, that information is at the very least acknowledged and, ideally, acted on by the organization. In years past this would require taking time to fill out paperwork, something that might not always be practical if the front line is a warehouse or industrial site. The ubiquity of smartphones and wireless networks has created a powerful and rapid method to tighten the loop on reporting, monitoring, and communicating sources of risk. We developed Archer Engage to offer a straightforward risk analysis and treatment platform that allows any stakeholder with a smartphone to report and collect risk data in real-time. The process of engagement can extend to third parties as well. An understanding of the relationships you have with third parties to mitigate risk is key to managing risk and operational resiliency. Engaging a third party to report conditions in real-time helps make the priorities of an organization clear. How Risk Management Matures When an organization begins to develop an integrated risk management program, it is useful to focus on quick wins within the context of a broader strategy. This helps to establish that an integrated risk management program is effective and can deliver on the organization’s strategic goals. Risk is changing so dramatically across so many areas that siloed and manual processes make it difficult to get complete information to stakeholders quickly. Even the most successful point solutions will only magnify this challenge, with information stored in different locations and used in different ways by each department. As an integrated risk management approach matures, risk from multiple domains can be managed centrally, in a coordinated and consistent way. In fact, almost 80% of our customers manage multiple domains of risk on Archer. Expanding an integrated risk management program across and within domains doesn’t just mean taking the same cookie-cutter solution and thoughtlessly applying it. The process of expansion should be sensitive to what is novel about the different domains being managed. There is no guarantee that, for example, the threat of a cyberattack will map directly onto a compliance issue, so procedures to mitigate or manage one may not make sense for the other. However, even when the details differ, the platform on which those procedures are developed and deployed should offer a common interface for managing both. It is important to keep in mind that a mature integrated risk management approach will evolve over time. Steps that are taken to increase maturity will not deliver a final product, destination, or steady-state of risk management. Stakeholders in an organization need to understand that integrated risk management means constant vigilance for existing and novel risks to increase operational resilience. Mature integrated risk management is woven into everything an organization does. Think of how ubiquitous the use of digital technology is in a modern organization and you can start to get an idea of how deeply integrated mature risk management should be. Expanding and Extending Risk Management Strategies With a mature risk management strategy, risk is not a ‘black box’ but a key input into making decisions to exploit business opportunity. If your organization can successfully manage disruptions that sideline other players in the field, those disruptions become a chance to grow. Effective risk management is more than avoiding major failures and business disruptions. Creating a culture of risk awareness can protect your organization and enhance its value. An organization with a mature integrated risk management process that can maintain operations during a crisis is able to take advantage of the new opportunities the changing landscape offers. For example, Home Depot proactively distributes plywood, generators, and equipment to clear fallen trees to stores where hurricanes are expected to make landfall. While other hardware and lumber stores may struggle to meet demand or even stay open, Home Depot is the go-to business for people preparing for or recovering from a disaster (1). The individual components of mature integrated risk management are themselves beneficial to an organization. For example, organizations that engage front-line stakeholders in the risk management process were more likely to experience revenue growth and were faster to recover from disruptions (2). Make your organization more competitive and resilient by downloading our report, “The State of Integrated Risk Management,” which will teach you how the journey toward mature integrated risk management actually provides tangible benefits and better business outcomes. (1) https://fortune.com/2017/08/31/home-depot-hurricane-harvey-damage-impact/ (2) PricewaterhouseCoopers. Risk in Review: Managing Risk from the Front Line Correlates to Higher Revenue and Profit Growth, Says PwC. 2017. https://www.pwc.com/us/en/press-releases/2017/risk-in-review-managing-risk-from-the-front-line.html

You know the ‘Death and taxes’ phase? This is the full quote, from a letter Benjamin Franklin wrote in 1789 to Jean-Baptiste Le Roy – a French fellow tech guru and scientist of the time: “Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” How many infomercial articles have you read that start "In today's world, [blah blah blah] is more important than ever"? So trite. So, let me change things a bit: “In today's world, we still live with enormous uncertainty and using numbers to effectively manage risk is just as important as it has always been.” After a hiatus of twenty years (this July) of genuflection to SOX, the risk management world is beginning to remember numbers again. Beginning to remember that taking the right risks for the right reasons is an essential part of progress, of success, of creating value. It’s what risk management is meant to do and the secret sauce in rational risk-based decision-making is numbers. Boxes of long-forgotten ideas are being taken down from the attics of veteran risk analysts, the dust of sorry neglect blown away, and carefully opened – with a mixture of curiosity, expectation and trepidation. Inside we find a mysterious collection of tools that have lost none of their lustrous sheen with age. In fact, in today’s world, with the greater access to data and computing power, they offer more potential than ever. If only we’d learned how they work. We should be kicking ourselves that we were so collectively neglectful. Luckily there are lots of grey beards like me, raised in the pre-SOX era, who have kept the secrets alive. Luckier still, Archer has decided to add the full might of risk quantification to our GRC/IRM platform. It’s called Archer Insight and its awesome. I think Benjamin Franklin would have approved. About that mixture of curiosity, expectation and trepidation … Curiosity: what nuggets lie hidden in your data It takes time, care, effort and money to collect data. Your organization has lots of it. If you’ve been using Archer for any length of time you will lots and lots of risk-related data, all beautifully organized and safe. Don’t you wonder what those data might be able to tell you? One of the most common areas in which an organization can dramatically improve is to make use of the data it already collects. Risk management is no different. The discipline that turns data into knowledge is quantitative. Knowing how often your controls have failed helps you estimate their probability of success. Looking at how many of your historic risks actually occurred helps you see how much you over- or underestimate their likelihood. Looking at best and worst case scenarios helps you estimate the range and likely impacts. The list goes on and on. Expectation: will it really help our business? Yes, it will. It will help you manage risks far more cost-effectively simply because you can compare the size of a risk against the costs of different treatment options and pick the option that gives you the greatest bang for your buck. But it also means you can aggregate. Numbers can be added, risk scores cannot. Aggregation allows decision-makers to see the big picture, and that is an essential part of making the right big decisions. Trepidation: You never understood statistics and probability theory Don’t’ worry about that. For many people, when they hear the phrase “risk quantification” they think of their less-than-rewarding experience with statistics classes at university. They understand that probability theory can only be wielded safely by socially-awkward, sartorially-challenged, wild-haired geniuses working feverishly on equations nobody else can understand. To be fair, they do exist – but their natural habitats are academia and perhaps SpaceX, and some of them look like you and me too. We focus a bit too much on that Einstein photo. In the business world, the challenge is figuring out the best strategies for handling risk, not the math. The people who know the business and have a pragmatic, problem-solving head on their shoulders are best-placed to figure out these strategies. Perhaps that’s what you do already. Framed properly, the method used to evaluate risk can make it really simple to provide the right numbers. Archer Insight is set up this way and it builds the risk analysis models for you as you describe the problem. You don’t ever need to pick a probability distribution or write an equation. But it’s still a great idea to know the basics of probability. You’ll be more confident about explaining what’s been learned, checking the results and collecting the right data. It will take a couple of days of training, and Archer can provide that training. You might even find it fun. Archer Insight Delivers Enterprise-Wide Risk Quantification Archer® Insight is a suite of enterprise-wide risk quantification capabilities designed to deliver risk and business leaders a complete view of enterprise risks to improve resilience and ensure achievement of its strategic goals. For example, Archer Insight allows you to use built-in techniques like Monte Carlo simulation so you do not need to do all of the modeling yourself. Archer Insight can help you aggregate risk into meaningful quantitative measurements - and when you can add things, you can compare them. It allows you to compare risks and investments needed to mitigate, reduce, transfer or avoid risk. Archer Insight is entirely quantitative, enabling you to combine all the threats to your organization and truly understand the risks that matter. It makes quantitative risk management quick and easy to use by providing a full set of tools and features for understanding and managing all types of risk in one platform: operational, project, cyber-security, health and safety, investment and cashflow risk. Join us for an upcoming webinar Risk Quantification: Step Up Your GRC Game to learn more about how you can quantifying risk can change the conversation with your management team and business partners. Contact us to learn how Archer Insight can help you quantify your risk management.

Request a Demo Maximieren Sie Ihren Risikomanagement-ROI mit Archer Um Ihnen dabei zu helfen, die praktische Effektivität der integrierten Risikomanagementlösungen von Archer zu beurteilen, hat IDC Untersuchungen durchgeführt, die den Wert und die Vorteile für Unternehmen untersuchen, die Archer zur Unterstützung ihrer Risikomanagementbemühungen einsetzen. Laden Sie den Bericht zum Geschäftswert von Archer herunter, um mehr über den Geschäftswert von Archer zu erfahren. Lies das Papier Archers moderne integrierte Risikomanagementlösung Integrierte bewährte Lösungen Basierend auf jahrzehntelanger Erfahrung und Hunderten von Bereitstellungen in allen Bereichen des Risikomanagements. Flexibel anpassungsfähig an die Anforderungen der Organisation Ob Ihr Unternehmen bereits über fortgeschrittene Funktionen für das Risikomanagement verfügt und die Sichtbarkeit konsolidieren möchte, oder ob Sie mit einem Risikobereich beginnen möchten. Moderne zweckmäßige Plattform Steigern Sie die Effizienz und Koordination zwischen den Stakeholdern auf einer für Risikoanalyse und -management maßgeschneiderten Plattform. Integrierte Risikomanagementplattform Eine gemeinsame Sprache rund um Risiken für eine starke Risikomanagement-Kultur Archer ermöglicht ein gemeinsames Verständnis von Risiken und erleichtert die Zusammenarbeit bei deren Bewältigung. Das Anwenden derselben Taxonomien, Policies und Metriken für das Management aller Risikodaten verbessert die Sichtbarkeit für alle, optimiert die Zusammenarbeit und steigert die Effizienz. Request a Demo Video abspielen Facebook Twitter Pinterest Tumblr Link kopieren Link kopiert Interaktive Demo Ein integrierter Ansatz für die komplexesten Risiko- und Compliance-Herausforderungen Entdecken Sie unseren umfassenden Ansatz für ein integriertes Risikomanagement mit einer selbstgeführten Tour durch Archer. Lernen Sie die Benutzeroberfläche kennen und entdecken Sie, wie die Funktionen, Dashboards und Möglichkeiten die speziellen Risiko- und Compliance-Herausforderungen Ihres Unternehmens am besten lösen können, unabhängig davon, ob Sie unser On-Premise- oder SaaS-Angebot bereitstellen. Starten Sie die Demo SOLUTIONS A broad portfolio of solutions integrated into a single platform. Third Party Governance Automate and streamline oversight of vendor relationships. Learn more ESG Management Provides assessment, mapping, monitoring, reporting, and quantification. Learn more Business Resiliency Identify and catalog your organization's mission critical processes and systems. Learn more Enterprise and Operational Risk Management A single, central aggregation point supporting your risk management program. Learn more Operational Resilience A critical part of your approach to building an operationally resilient organization. Learn more IT & Security Risk Management The backbone of your strategy to manage technology risk. Learn more Regulatory and Corporate Compliance Consolidate your compliance and assurance activities into a single strategy. Learn more Audit Management Consolidates your entire audit process within one system. Learn more Public Sector Solutions Specifically designed to meet the unique needs of government agencies. Learn more PLATFORM A modern integrated risk management platform. Archer Engage Streamlined user experience for first line of defense. Intuitive User Experience Capture Key Data Stakeholder Participation Find Out More Archer Engage for Vendors Streamlined user experience for vendors. Mobile-optimized Interface Accurate Picture of Risk Vendor Participation Find Out More Archer Insight Enterprise risk quantification for business leaders. Focused Integrated Actionable Find Out More Archer Exchange Value-add offerings to help your program get on the right path. Solution Enhancement Adaptability Leverage Functionality Find Out More Kundenberichte Was unsere Kunden über uns sagen Archer erspart uns das ständige Suchen nach Daten und Informationen… Jetzt verfügen wir über ein Dokumentationssystem, das Mitarbeiter schneller mit Daten zur Entscheidungsfindung versorgt. Reid Stephan Vizepräsident und Chief Information Officer, St. Luke's Health System

Bewährter Weg, dem Branchenführer vertrauen Archer versetzt Unternehmen in die Lage, mehrere Risikodimensionen zu managen Jesse Tucker, CRISC, Security+ ENT Credit Union Archer's GRC platform has enabled Ent to establish truly integrated risk management. We now walk alongside our business partners providing a strategic approach to managing their part of the IRM puzzle, ensuring true risk transparency for the organization. KUNDENGESCHICHTEN Über 1.300 Unternehmen weltweit vertrauen Archer beim Aufbau und der Weiterentwicklung ihrer Risikomanagementfunktion. Zusammen stellen sie mit über 15.000 eine der größten Benutzergemeinschaften der Branche dar und unterstützen sich gegenseitig auf ihrem Weg zum integrierten Risikomanagement. Multinational metals & mining company use Archer to report on environmental and sustainable risk Read the Story Intuitive Surgical Migrated to Archer SaaS for their journey to empowered risk management Read the Story Evalueserve Derives Dramatic Efficiency Gains from Archer Read the Story "Archer has helped us evolve from an organization that was constantly chasing data and information... Now we have a source of record where employees can more quickly access and consume data and make decisions based on it." Operational Resilience for Financial Services Institutions Read the Story du's Business Success is Enabled by Archer Read the Story Banorte Bank Gains Accurate Picture of Risk with Archer Read the Story Leading Bank in Turkey Relies on Archer for Integrated Risk Management Read the Story Eastern Bank Uses Archer to Drive Business Processes and Streamline Compliance Read the Story Customer Success program Start Your Journey Video abspielen Facebook Twitter Pinterest Tumblr Link kopieren Link kopiert Wird abgespielt 02:01 Video abspielen Wird abgespielt 02:44 Video abspielen Wird abgespielt 04:00 Video abspielen Wird abgespielt 02:10 Video abspielen

Auditmanagement Transformation Ihrer Audits mit einem risikobasierten Ansatz Ihr Geschäft wird von Tag zu Tag komplexer. Der Geschäftsbetrieb kann sehr davon profitieren, wenn eine zweite Person einen Blick auf potenzielle Risikobereiche wirft. Auditfunktionen bieten diese kritische Perspektive und können die Dinge erfassen, die dem Unternehmen entgehen. Archer Audit Management bietet einen risikobasierten Ansatz für das Auditmanagement und konsolidiert den gesamten Auditprozess in einem System. Wenn sich Ihre Auditteams auf die kritischsten Bereiche des Unternehmens konzentrieren, können Sie die Zusammenarbeit mit den operativen Abläufen für die wirkungsvollsten risikobasierten Audits verändern. Erfahren Sie, wie Archer Ihnen bei der Umgestaltung Ihres internen Auditmanagementprogramms helfen kann. Transform internal audit into a proactive, strategic enabler of the business. Request a Demo Video abspielen Facebook Twitter Pinterest Tumblr Link kopieren Link kopiert Verbessern Sie die Kontrolle über Auditlebenszyklen Entwickeln Sie ein einziges System für all Ihre Anforderungen an das Auditmanagement, wodurch die Verwaltung des Auditlebenszyklus erleichtert wird. Verbessern Sie die funktionsübergreifende Zusammenarbeit Nutzen Sie in der Branche bewährte Best Practices, die es Ihrem Auditteam ermöglichen, zusammenzuarbeiten und Daten zu Geschäfts-, Risiko- und Compliancefunktionen mit Kollegen auszutauschen. Verwalten Sie das Geschäft proaktiv Gewinnen Sie mithilfe aggregierter Daten und Analysen Zugang zu Informationen, Ressourcen und Ergebnissen von Risiko- und Complianceteams Einblick in Schlüsselrisiken und unzureichende Kontrollen. Archer Audit Management Anwendungsbeispiele Umfassende ergänzende Anwendungsbeispiele für vielfältige Herausforderungen Issues management ​ Archer Issues Management lays the foundation for your integrated risk management program to manage issues generated by audit, risk, compliance and other teams. It includes the business hierarchy to establish the corporate structure and accountability, and workflow and reporting to manage findings, remediation plans and exceptions. Audit engagements and workpapers Transform the efficiency of your internal audit function, complete better-scoped audits more quickly, and decrease external audit fees with Archer Audit Engagements & Workpapers. It facilitates audit engagements, helps you maintain workpaper documentation, and allows you to report on audit results consistently and quickly. Audit planning and quality ​ ​ Archer Audit Planning & Quality enables you to risk assess your audit entities, make audit plans for engagements, and puts you in control of the entire audit planning lifecycle. Integrated risk management and control information enables your audit team to easily align objectives with other stakeholders. Resources See more resources Analyst Report The Business Value of Archer ​ ​ ​ Read the Report Analyst Report Understanding the Modern Needs for Risk Management ​ ​ Read the Report Analyst Report Taking Risk and Compliance Programs to the Next Level to Support the Modern Enterprise Read the Report Whitepaper The State of Integrated Risk Management ​ ​ Read the Paper Audit Management Get a demo to see how Archer can best address your organization's unique risk challenges. Request a Demo