As your organization evolves, so too does your risk landscape. Risk is inherent in all types of initiatives within business operations such as the expansion of digital processes can increase security risk and outsourcing business operations to third-party vendors creates complexities in your supply chain. For any organization to thrive in these transformative times, it must have a solid risk management strategy.
The growing recognition that all risk is connected has led to companies realizing that they need coordination across all risk functions – including leveraging the same data, platform, taxonomy, and output. This coordinated strategy is called an integrated risk management approach.
Integrated risk management gives organizations the ability to navigate risks and deal with them effectively (should they arise) without hindrance in business operations. An integrated risk management approach gives senior management and executives actionable and detailed data so that they decide on an action plan that is best for the organization ultimately improving overall performance.
The pandemic put a spotlight on the need for companies to have an integrated risk management approach with emphasis on operational resilience, or a company’s ability to absorb and adapt to sudden disruptions and continue to meet business goals.
We recently analyzed the Archer customer base to discover how our customers not only survived but thrived during this global upheaval. What we found fundamentally accentuated the need for integrated risk management strategies. When respondents to the RSA 2020 Digital Risk Survey were asked about the need to coordinate risk management, the “extremely coordinated” response jumped more than 90% in the short time between the question being asked in a 2019 survey and the 2020 survey. The key learnings and the four integral themes of integrated risk management are outlined in our new whitepaper, “The State of Integrated Risk Management”.
Digital Transformation, the Pandemic and Major Forces on Risk
Change is constant, but the alarming rate at which the world is digitally transforming has major impacts on existing business models and operations. Almost 55% of respondents in the 2020 RSA Digital Risk survey stated their organizations were extensively engaged in digital transformation initiatives highlighting the pervasive use of technology to advance business operations. The pace of digital efforts were accelerated in light of the pandemic, forcing organizations to find alternative, technology enabled methods to support their workforce and deliver products and services to customers.
As Gartner found, “The momentum of digital transformation projects is outpacing the ability of organizations to accommodate the changes and will introduce additional complexity of threats.” (1)
This rapid digital transformation also makes organizations more vulnerable to cyber-attacks and virtual disruption. A more fluid risk landscape has emerged requiring a more holistic and integrated approach to risk management. The pressure to manage risk is evident with over 60% of respondents in the 2020 RSA Digital Risk survey stating their companies' integrated risk management programs were somewhat or quite extensive. Obviously, integrated risk management approaches have become the norm – not the exception.
How did COVID Affect Risk Management?
The COVID 19 pandemic had a severe negative impact on organizations all around the globe. COVID brought about major changes in the technological, social, economic, and political aspects of the world. These changes have made organizations pay more attention to overseeing, anticipating, and mitigating threats caused by unfavorable interruptions to business operations. A PwC study found that respondents that shifted risk management responsibilities to the first line were more likely to show profit and revenue growth over the next two years and were able to recover from adverse events more quickly. (2)
While the pandemic affected multiple areas of risk, two areas of risk highlight the coordination needed to address today’s risk environment.
The pandemic forced many companies to go remote and conduct business virtually. Opportunistic cyber breaches increased in 2020 and adopted technologies put more undue pressure on business and IT resource availability making it more important than ever to have solid and effective recovery plans. Often, IT disaster recovery teams are on a different page than business continuity teams of what’s critical to protect and recover, highlighting the need for an integrated approach and improving cyber resiliency. Additionally, remote working promotes fraudulent activities like phishing. The cybercrime economy thrives in times of chaos, with unchecked growth in fraud attempts and other risks. 79% of respondents in the RSA 2020 Digital Risk Survey expect to rely more heavily on the IT and security risk management portions of their risk programs over the next two years.
This remote working environment then made it even more difficult to enforce compliant behavior among staff. In addition, regulators saw how the pandemic affected different industries and have begun addressing some of the gaps they have observed through new regulations. The result is a more complex regulatory environment with a challenging enforcement playing field.
In response, risk-based approaches are necessary to identify the most impactful compliance requirements. This played out in the RSA Digital Risk Survey with more than 1/3 of respondents in the survey stating a risk-based compliance methodology is a priority for them in the next two years. In addition, the technology operations have a tremendous impact on the compliance strategy. Therefore, the overlap in compliance and IT and security risk management is obvious.
A coordinated strategy, via Integrated risk management, needs to focus on compliance measures that are suitable for the present working environment. The convergence of compliance and IT and security risk management is evident within the Archer customer base. Of the 1100+ deployments Archer has for IT and security risk management, more than 80% utilize compliance processes on the Archer platform.
How to Achieve Resilience Through Integrated Risk Management
One thing is certain, the pandemic has highlighted the need for resilience, especially as other high-magnitude disruptions continue to mount.
Achieving resiliency, however, is another matter – it requires forethought, discipline, and constant vigilance.
These five steps are key to building resiliency:
Develop and adopt a holistic enterprise-wide integrated risk management system and governance.
Develop a risk profile, assess your risk landscape, and a strategy for operational resilience.
implement change initiatives that are focused on proactive instead of reactive.
Lead from the top to maintain and adopt management protocols that ensure the company's growth.
Ensure compliance via enforcement of organization standards, policies, and regulations across all sectors of the organization.
The State of Integrated Risk Management
While many companies were caught off guard by the pandemic, a lucky few were able to quickly pivot and thrive in their ongoing business operations and digital transformation efforts. Our whitepaper, “The State of Integrated Risk Management”, outlines key themes related to operational resiliency and integrated risk management and the underlying success factors of those who were able to take advantage of extraordinary opportunities presented. Download the paper now, and contact us today and begin your journey to operational resilience.
(1) Gartner: Predicts 2021: Operational resiliency. January 2021.
(2) PricewaterhouseCoopers. Risk in Review: Managing Risk from the Front Line Correlates to Higher Revenue and Profit Growth, Says PwC. 2017. https://www.pwc.com/us/en/press-releases/2017/risk-in-review-managing-risk-from-the-front-line.html