- The SEC Mandatory Climate Disclosures Proposal & Its Impact on Risk Management
In another of what will be a long series of proposals related to oversight of corporate environmental impact, the U.S. Securities and Exchange Commission (SEC) recently announced its own proposal on disclosure. Joining the efforts of many other governing and regulatory bodies worldwide, including the recent Corporate Sustainability Reporting Directive (CSRD) and Sustainable Finance Disclosure Regulation (SFDR) out of Europe, the SEC has now stepped fully into the fray as stakeholders ranging from conservationists to institutional investors seek greater visibility into the actions of large corporations to manage their environmental impacts. This announced proposal from the SEC has several key aspects that beyond accelerating current ESG efforts, warrant special consideration for large organizations, including: Accountability for not only quantifying the progress towards their environmental goals, but also clear identification of the risks and opportunities to those outcomes Requirements that will emerge from the call for more, better, standardized data that can help create a normalized view of progress across organizations As environmental impacts are only one component the current ESG push, it is reasonable (if not responsible) for organizations to assume similar proposals that extend into other areas. If the direction set by the SEC’s proposal moves in a similar direction to other geographies, it is also wise for organizations smaller than those within current scope to assume “scope creep” down into their realm. Unsurprisingly, the proposal has been met with immediate push-back from both sides of the isles, and it would be wise to assume that this proposal will go through several iterations before being finalized. But it would be similarly unwise to not view this as another significant signal of accelerated involvement by regulators in ESG. With that in mind, the SEC’s proposal also has some very specific impacts for Risk Management professionals: The near-term need for a focus on data gathering, risk register and cataloging of controls, other common GRC or Enterprise/Integrated Risk Management practices Regulation will be a likely driver for some (but not all) integration of ESG into Enterprise/Integrated Risk Management This will require starting with an approach that scales bi-directionally: integration across the growing array of regulations AND that expands across various data sources covering not only environmental impacts but social as well Again, this is an early but undoubtedly a significant step in what is growing momentum around ESG. At Archer, we believe ESG is much more than another regulatory thorn-in-the-side but is in fact one of the biggest drivers for more involvement in strategic planning for the Risk Management function. To learn more about how Archer customers are looking at the likely near-term and longer-term impacts of ESG on the Risk Management function, register now for our webinar, “3 Things Risk Managers Need to Know About ESG,” at 11:00am Eastern on March 30.
- What Benjamin Franklin Said
You know the ‘Death and taxes’ phase? This is the full quote, from a letter Benjamin Franklin wrote in 1789 to Jean-Baptiste Le Roy – a French fellow tech guru and scientist of the time: “Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” How many infomercial articles have you read that start "In today's world, [blah blah blah] is more important than ever"? So trite. So, let me change things a bit: “In today's world, we still live with enormous uncertainty and using numbers to effectively manage risk is just as important as it has always been.” After a hiatus of twenty years (this July) of genuflection to SOX, the risk management world is beginning to remember numbers again. Beginning to remember that taking the right risks for the right reasons is an essential part of progress, of success, of creating value. It’s what risk management is meant to do and the secret sauce in rational risk-based decision-making is numbers. Boxes of long-forgotten ideas are being taken down from the attics of veteran risk analysts, the dust of sorry neglect blown away, and carefully opened – with a mixture of curiosity, expectation and trepidation. Inside we find a mysterious collection of tools that have lost none of their lustrous sheen with age. In fact, in today’s world, with the greater access to data and computing power, they offer more potential than ever. If only we’d learned how they work. We should be kicking ourselves that we were so collectively neglectful. Luckily there are lots of grey beards like me, raised in the pre-SOX era, who have kept the secrets alive. Luckier still, Archer has decided to add the full might of risk quantification to our GRC/IRM platform. It’s called Archer Insight and its awesome. I think Benjamin Franklin would have approved. About that mixture of curiosity, expectation and trepidation … Curiosity: what nuggets lie hidden in your data It takes time, care, effort and money to collect data. Your organization has lots of it. If you’ve been using Archer for any length of time you will lots and lots of risk-related data, all beautifully organized and safe. Don’t you wonder what those data might be able to tell you? One of the most common areas in which an organization can dramatically improve is to make use of the data it already collects. Risk management is no different. The discipline that turns data into knowledge is quantitative. Knowing how often your controls have failed helps you estimate their probability of success. Looking at how many of your historic risks actually occurred helps you see how much you over- or underestimate their likelihood. Looking at best and worst case scenarios helps you estimate the range and likely impacts. The list goes on and on. Expectation: will it really help our business? Yes, it will. It will help you manage risks far more cost-effectively simply because you can compare the size of a risk against the costs of different treatment options and pick the option that gives you the greatest bang for your buck. But it also means you can aggregate. Numbers can be added, risk scores cannot. Aggregation allows decision-makers to see the big picture, and that is an essential part of making the right big decisions. Trepidation: You never understood statistics and probability theory Don’t’ worry about that. For many people, when they hear the phrase “risk quantification” they think of their less-than-rewarding experience with statistics classes at university. They understand that probability theory can only be wielded safely by socially-awkward, sartorially-challenged, wild-haired geniuses working feverishly on equations nobody else can understand. To be fair, they do exist – but their natural habitats are academia and perhaps SpaceX, and some of them look like you and me too. We focus a bit too much on that Einstein photo. In the business world, the challenge is figuring out the best strategies for handling risk, not the math. The people who know the business and have a pragmatic, problem-solving head on their shoulders are best-placed to figure out these strategies. Perhaps that’s what you do already. Framed properly, the method used to evaluate risk can make it really simple to provide the right numbers. Archer Insight is set up this way and it builds the risk analysis models for you as you describe the problem. You don’t ever need to pick a probability distribution or write an equation. But it’s still a great idea to know the basics of probability. You’ll be more confident about explaining what’s been learned, checking the results and collecting the right data. It will take a couple of days of training, and Archer can provide that training. You might even find it fun. Archer Insight Delivers Enterprise-Wide Risk Quantification Archer® Insight is a suite of enterprise-wide risk quantification capabilities designed to deliver risk and business leaders a complete view of enterprise risks to improve resilience and ensure achievement of its strategic goals. For example, Archer Insight allows you to use built-in techniques like Monte Carlo simulation so you do not need to do all of the modeling yourself. Archer Insight can help you aggregate risk into meaningful quantitative measurements - and when you can add things, you can compare them. It allows you to compare risks and investments needed to mitigate, reduce, transfer or avoid risk. Archer Insight is entirely quantitative, enabling you to combine all the threats to your organization and truly understand the risks that matter. It makes quantitative risk management quick and easy to use by providing a full set of tools and features for understanding and managing all types of risk in one platform: operational, project, cyber-security, health and safety, investment and cashflow risk. Join us for an upcoming webinar Risk Quantification: Step Up Your GRC Game to learn more about how you can quantifying risk can change the conversation with your management team and business partners. Contact us to learn how Archer Insight can help you quantify your risk management.
- How to Achieve Integrated Risk Management Maturity
As new technologies are rapidly adopted, new opportunities open. At the same time technology also carries the burden of potential negative events. In addition, evolving regulatory environments add new compliance requirements, making the task of managing and mitigating risk ever-expanding. We wanted to know how the organizations are contending with digital risk management maturation, so we analyzed how our customers are dealing with evolving risks. We observed the majority felt that their organizations were able to manage at least some of their new, existing, and developing digital risks – in large part because of their path towards an integrated risk management strategy. This is a promising start and shows that even when facing unprecedented challenges, the road to maturing an integrated risk management program leads to not only reduced risk but more agile and informed business decisions Reaching a high level of maturity with integrated risk management can benefit an organization greatly. Managing a greater variety of risks across domains, and smaller categories of risk within domains are part of a maturing integrated risk management strategy. Maturity also means finding better ways for a risk management program’s findings to be communicated within a department or organization. Discover if your organization is making the right moves to mature your risk management program to guard against expanding risk by reading our report “The State of Integrated Risk Management.” Creating a Culture of Integrated Risk Management A risk management department doesn’t absolve stakeholders from managing the risk in their domains. In the same way that compliance is the responsibility of every person in an organization, integrated risk management strategies place risk reporting and mitigation in everyone’s hands. Today's challenges require managing a cultural shift from reactively checking boxes in a risk assessment program to a proactive risk management model that necessitates participation across the organization. Integrated risk management is a journey - not a destination. Even organizations with well-structured programs must continually monitor and evolve their program to ensure risk management is connected to business goals with cross-functional processes. Risk management processes and procedures that become fixed and no longer connect with the conditions on the ground can create more issues than they solve. When engaging front-line stakeholders, it is crucially important to ensure that when personnel report on evolving risks, that information is at the very least acknowledged and, ideally, acted on by the organization. In years past this would require taking time to fill out paperwork, something that might not always be practical if the front line is a warehouse or industrial site. The ubiquity of smartphones and wireless networks has created a powerful and rapid method to tighten the loop on reporting, monitoring, and communicating sources of risk. We developed Archer Engage to offer a straightforward risk analysis and treatment platform that allows any stakeholder with a smartphone to report and collect risk data in real-time. The process of engagement can extend to third parties as well. An understanding of the relationships you have with third parties to mitigate risk is key to managing risk and operational resiliency. Engaging a third party to report conditions in real-time helps make the priorities of an organization clear. How Risk Management Matures When an organization begins to develop an integrated risk management program, it is useful to focus on quick wins within the context of a broader strategy. This helps to establish that an integrated risk management program is effective and can deliver on the organization’s strategic goals. Risk is changing so dramatically across so many areas that siloed and manual processes make it difficult to get complete information to stakeholders quickly. Even the most successful point solutions will only magnify this challenge, with information stored in different locations and used in different ways by each department. As an integrated risk management approach matures, risk from multiple domains can be managed centrally, in a coordinated and consistent way. In fact, almost 80% of our customers manage multiple domains of risk on Archer. Expanding an integrated risk management program across and within domains doesn’t just mean taking the same cookie-cutter solution and thoughtlessly applying it. The process of expansion should be sensitive to what is novel about the different domains being managed. There is no guarantee that, for example, the threat of a cyberattack will map directly onto a compliance issue, so procedures to mitigate or manage one may not make sense for the other. However, even when the details differ, the platform on which those procedures are developed and deployed should offer a common interface for managing both. It is important to keep in mind that a mature integrated risk management approach will evolve over time. Steps that are taken to increase maturity will not deliver a final product, destination, or steady-state of risk management. Stakeholders in an organization need to understand that integrated risk management means constant vigilance for existing and novel risks to increase operational resilience. Mature integrated risk management is woven into everything an organization does. Think of how ubiquitous the use of digital technology is in a modern organization and you can start to get an idea of how deeply integrated mature risk management should be. Expanding and Extending Risk Management Strategies With a mature risk management strategy, risk is not a ‘black box’ but a key input into making decisions to exploit business opportunity. If your organization can successfully manage disruptions that sideline other players in the field, those disruptions become a chance to grow. Effective risk management is more than avoiding major failures and business disruptions. Creating a culture of risk awareness can protect your organization and enhance its value. An organization with a mature integrated risk management process that can maintain operations during a crisis is able to take advantage of the new opportunities the changing landscape offers. For example, Home Depot proactively distributes plywood, generators, and equipment to clear fallen trees to stores where hurricanes are expected to make landfall. While other hardware and lumber stores may struggle to meet demand or even stay open, Home Depot is the go-to business for people preparing for or recovering from a disaster (1). The individual components of mature integrated risk management are themselves beneficial to an organization. For example, organizations that engage front-line stakeholders in the risk management process were more likely to experience revenue growth and were faster to recover from disruptions (2). Make your organization more competitive and resilient by downloading our report, “The State of Integrated Risk Management,” which will teach you how the journey toward mature integrated risk management actually provides tangible benefits and better business outcomes. (1) https://fortune.com/2017/08/31/home-depot-hurricane-harvey-damage-impact/ (2) PricewaterhouseCoopers. Risk in Review: Managing Risk from the Front Line Correlates to Higher Revenue and Profit Growth, Says PwC. 2017. https://www.pwc.com/us/en/press-releases/2017/risk-in-review-managing-risk-from-the-front-line.html
- Customers Using Archer IRM
Proven Path Trusted by Industry Leaders Archer empowers organizations to manage multiple dimensions of risk Jesse Tucker, CRISC, Security+ ENT Credit Union Archer's GRC platform has enabled Ent to establish truly integrated risk management. We now walk alongside our business partners providing a strategic approach to managing their part of the IRM puzzle, ensuring true risk transparency for the organization. CUSTOMER STORIES Over 1,500 organizations globally trust Archer to establish and evolve their Risk Management function. Collectively, they represent one of the industry's largest user communities, numbering over 15,000, supporting one another in their journey towards integrated risk management. Multinational metals & mining company use Archer to report on environmental and sustainable risk Read the Story Intuitive Surgical Migrated to Archer SaaS for their journey to empowered risk management Read the Story Evalueserve Derives Dramatic Efficiency Gains from Archer Read the Story "Archer has helped us evolve from an organization that was constantly chasing data and information... Now we have a source of record where employees can more quickly access and consume data and make decisions based on it." Operational Resilience for Financial Services Institutions Read the Story du's Business Success is Enabled by Archer Read the Story Banorte Bank Gains Accurate Picture of Risk with Archer Read the Story Leading Bank in Turkey Relies on Archer for Integrated Risk Management Read the Story Eastern Bank Uses Archer to Drive Business Processes and Streamline Compliance Read the Story Customer Success program Start Your Journey 動画を再生 Facebook Twitter Pinterest Tumblr リンクをコピー リンクをコピーしました 再生中 02:01 動画を再生 再生中 02:44 動画を再生 再生中 04:00 動画を再生 再生中 02:10 動画を再生
- Integrated Risk Management | Archer
Request a Demo ESGと統合リスク管理 環境社会ガバナンス（ESG）イニシアチブは、過去1年間、ほぼすべての組織にとって戦略的に不可欠になっています。 焦点とプレッシャーの高まりにより、ESGは取締役会レベルで重要であるだけでなく、組織全体を運用上カスケードするために不可欠なトピックになっています。 ESGと統合リスク管理のホワイトペーパーを読んで、ESGの取り組みと統合リスク管理がどのように収束して不確実性を管理しているかを理解してください。 論文を読む Archer's 最新の統合リスク管理ソリューション 実績のある統合ソリューション リスク管理の全分野を網羅する数十年の経験と多数の導入実績に基づいて設計されています。 組織のニーズに柔軟に適応 高度な管理機能で統合的にリスクの状況を把握できるようにしたい組織のニーズにも、単一のリスク管理領域から始めたい組織のニーズにも対応することが可能です。 リスク管理に特化した最新プラットフォーム リスク分析およびリスク管理に特化したプラットフォームにより、ステークホルダー間の連携と、効率化を図ることができます。 統合リスク管理プラットフォーム 揺るぎないリスク管理文化を創出する共通言語 Archerにより、リスクについて共通の理解を得ることができ、連携したリスク管理の取り組みを実施することが可能です。すべてのリスク データの管理に同じ分類、ポリシー、およびメトリックを適用することで、全員の可視性が高まり、コラボレーションと効率性を向上させることができます。 Request a Demo 動画を再生 Facebook Twitter Pinterest Tumblr リンクをコピー リンクをコピーしました 対話的なオンラインデモ 統合型アプローチでリスクとコンプライアンスのきわめて複雑な課題に対応 Archerのセルフガイドツアーでは、包括的な統合リスク管理アプローチをご説明しています。実際のユーザー インターフェイス（UI）を見て、特長とダッシュボード、機能をご確認ください。オンプレミスまたはSaaSどちらの方式で導入するかにかかわらず、リスクおよびコンプライアンスの課題を効果的に対処できる仕組みをご確認いただけます。 オンラインデモを開始する SOLUTIONS A broad portfolio of solutions integrated into a single platform. Third Party Governance Automate and streamline oversight of vendor relationships. Learn more ESG Management Provides assessment, mapping, monitoring, reporting, and quantification. Learn more Business Resiliency Identify and catalog your organization's mission critical processes and systems. Learn more Enterprise and Operational Risk Management A single, central aggregation point supporting your risk management program. Learn more Operational Resilience A critical part of your approach to building an operationally resilient organization. Learn more IT & Security Risk Management The backbone of your strategy to manage technology risk. Learn more Regulatory and Corporate Compliance Consolidate your compliance and assurance activities into a single strategy. Learn more Audit Management Consolidates your entire audit process within one system. Learn more Public Sector Solutions Specifically designed to meet the unique needs of government agencies. Learn more PLATFORM A modern integrated risk management platform. Archer Engage Streamlined user experience for first line of defense. Intuitive User Experience Capture Key Data Stakeholder Participation Find Out More Archer Engage for Vendors Streamlined user experience for vendors. Mobile-optimized Interface Accurate Picture of Risk Vendor Participation Find Out More Archer Insight Enterprise risk quantification for business leaders. Focused Integrated Actionable Find Out More Archer Exchange Value-add offerings to help your program get on the right path. Solution Enhancement Adaptability Leverage Functionality Find Out More お客様の声 私たちのクライアントが私たちについて言うこと。 Archerのおかげで、データと情報を常に後追いする組織から進化を遂げることができました。今では、社員がデータにより迅速にアクセスして利用できる単一の情報ソースを整備し、それに基づいた意思決定を行うことができます。 Brian Drotleff ITセキュリティ責任者、St. Luke’s Health System
- Archer Audit Management Solutions
監査管理 リスクベースのアプローチを使用した監査の変革 組織のビジネスは日ごとに複雑化しています。潜在的なリスク領域を二重に監視できるようになると、事業運営に大きなメリットがもたらされます。監査機能により、その重要な二重の監視体制を実現し、ビジネス部門が見落としているリスクをとらえることが可能となります。 Archer Audit Management は、リスクベースの監査管理アプローチを提供し、監査プロセス全体を1つのシステムに統合することができます。監査チームがビジネスの最重要分野に重点を置いている場合は、監査チームと業務部門の連携方法を変革して、リスクにスコープを絞った監査の効果を最大限に高めることができます。Archerが内部監査管理プログラムの変革に役立つ仕組みをご確認ください。 Transform internal audit into a proactive, strategic enabler of the business. Request a Demo 動画を再生 Facebook Twitter Pinterest Tumblr リンクをコピー リンクをコピーしました 監査ライフサイクルのコントロールの強化 すべての監査管理ニーズに対応できる単一のシステムを確立し、監査ライフサイクルの管理を容易にします。 部門間の連携の向上 業界で実証済みのベスト プラクティスにより、監査チームはビジネス、リスク、コンプライアンスの各部門のメンバーと連携し、データを共有することができるようになります。 ビジネスをプロアクティブに管理 リスク チームとコンプライアンス チームからの情報、リソース、および結果にアクセスし、集計データと分析を通じて主要なリスクとパフォーマンスが低い統制を把握することができます。 Archer Audit Management のユース ケース ユース ケースの完全補完によって多面的な課題に対応 Issues management Archer Issues Management lays the foundation for your integrated risk management program to manage issues generated by audit, risk, compliance and other teams. It includes the business hierarchy to establish the corporate structure and accountability, and workflow and reporting to manage findings, remediation plans and exceptions. Audit engagements and workpapers Transform the efficiency of your internal audit function, complete better-scoped audits more quickly, and decrease external audit fees with Archer Audit Engagements & Workpapers. It facilitates audit engagements, helps you maintain workpaper documentation, and allows you to report on audit results consistently and quickly. Audit planning and quality Archer Audit Planning & Quality enables you to risk assess your audit entities, make audit plans for engagements, and puts you in control of the entire audit planning lifecycle. Integrated risk management and control information enables your audit team to easily align objectives with other stakeholders. Resources See more resources Analyst Report The Business Value of Archer Read the Report Analyst Report Understanding the Modern Needs for Risk Management Read the Report Analyst Report Taking Risk and Compliance Programs to the Next Level to Support the Modern Enterprise Read the Report Whitepaper The State of Integrated Risk Management Read the Paper Audit Management Get a demo to see how Archer can best address your organization's unique risk challenges. Request a Demo