Search Results

In another of what will be a long series of proposals related to oversight of corporate environmental impact, the U.S. Securities and Exchange Commission (SEC) recently announced its own proposal on disclosure. Joining the efforts of many other governing and regulatory bodies worldwide, including the recent Corporate Sustainability Reporting Directive (CSRD) and Sustainable Finance Disclosure Regulation (SFDR) out of Europe, the SEC has now stepped fully into the fray as stakeholders ranging from conservationists to institutional investors seek greater visibility into the actions of large corporations to manage their environmental impacts. This announced proposal from the SEC has several key aspects that beyond accelerating current ESG efforts, warrant special consideration for large organizations, including: Accountability for not only quantifying the progress towards their environmental goals, but also clear identification of the risks and opportunities to those outcomes Requirements that will emerge from the call for more, better, standardized data that can help create a normalized view of progress across organizations As environmental impacts are only one component the current ESG push, it is reasonable (if not responsible) for organizations to assume similar proposals that extend into other areas. If the direction set by the SEC’s proposal moves in a similar direction to other geographies, it is also wise for organizations smaller than those within current scope to assume “scope creep” down into their realm. Unsurprisingly, the proposal has been met with immediate push-back from both sides of the isles, and it would be wise to assume that this proposal will go through several iterations before being finalized. But it would be similarly unwise to not view this as another significant signal of accelerated involvement by regulators in ESG. With that in mind, the SEC’s proposal also has some very specific impacts for Risk Management professionals: The near-term need for a focus on data gathering, risk register and cataloging of controls, other common GRC or Enterprise/Integrated Risk Management practices Regulation will be a likely driver for some (but not all) integration of ESG into Enterprise/Integrated Risk Management This will require starting with an approach that scales bi-directionally: integration across the growing array of regulations AND that expands across various data sources covering not only environmental impacts but social as well Again, this is an early but undoubtedly a significant step in what is growing momentum around ESG. At Archer, we believe ESG is much more than another regulatory thorn-in-the-side but is in fact one of the biggest drivers for more involvement in strategic planning for the Risk Management function. To learn more about how Archer customers are looking at the likely near-term and longer-term impacts of ESG on the Risk Management function, register now for our webinar, “3 Things Risk Managers Need to Know About ESG,” at 11:00am Eastern on March 30.

You know the ‘Death and taxes’ phase? This is the full quote, from a letter Benjamin Franklin wrote in 1789 to Jean-Baptiste Le Roy – a French fellow tech guru and scientist of the time: “Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” How many infomercial articles have you read that start "In today's world, [blah blah blah] is more important than ever"? So trite. So, let me change things a bit: “In today's world, we still live with enormous uncertainty and using numbers to effectively manage risk is just as important as it has always been.” After a hiatus of twenty years (this July) of genuflection to SOX, the risk management world is beginning to remember numbers again. Beginning to remember that taking the right risks for the right reasons is an essential part of progress, of success, of creating value. It’s what risk management is meant to do and the secret sauce in rational risk-based decision-making is numbers. Boxes of long-forgotten ideas are being taken down from the attics of veteran risk analysts, the dust of sorry neglect blown away, and carefully opened – with a mixture of curiosity, expectation and trepidation. Inside we find a mysterious collection of tools that have lost none of their lustrous sheen with age. In fact, in today’s world, with the greater access to data and computing power, they offer more potential than ever. If only we’d learned how they work. We should be kicking ourselves that we were so collectively neglectful. Luckily there are lots of grey beards like me, raised in the pre-SOX era, who have kept the secrets alive. Luckier still, Archer has decided to add the full might of risk quantification to our GRC/IRM platform. It’s called Archer Insight and its awesome. I think Benjamin Franklin would have approved. About that mixture of curiosity, expectation and trepidation … Curiosity: what nuggets lie hidden in your data It takes time, care, effort and money to collect data. Your organization has lots of it. If you’ve been using Archer for any length of time you will lots and lots of risk-related data, all beautifully organized and safe. Don’t you wonder what those data might be able to tell you? One of the most common areas in which an organization can dramatically improve is to make use of the data it already collects. Risk management is no different. The discipline that turns data into knowledge is quantitative. Knowing how often your controls have failed helps you estimate their probability of success. Looking at how many of your historic risks actually occurred helps you see how much you over- or underestimate their likelihood. Looking at best and worst case scenarios helps you estimate the range and likely impacts. The list goes on and on. Expectation: will it really help our business? Yes, it will. It will help you manage risks far more cost-effectively simply because you can compare the size of a risk against the costs of different treatment options and pick the option that gives you the greatest bang for your buck. But it also means you can aggregate. Numbers can be added, risk scores cannot. Aggregation allows decision-makers to see the big picture, and that is an essential part of making the right big decisions. Trepidation: You never understood statistics and probability theory Don’t’ worry about that. For many people, when they hear the phrase “risk quantification” they think of their less-than-rewarding experience with statistics classes at university. They understand that probability theory can only be wielded safely by socially-awkward, sartorially-challenged, wild-haired geniuses working feverishly on equations nobody else can understand. To be fair, they do exist – but their natural habitats are academia and perhaps SpaceX, and some of them look like you and me too. We focus a bit too much on that Einstein photo. In the business world, the challenge is figuring out the best strategies for handling risk, not the math. The people who know the business and have a pragmatic, problem-solving head on their shoulders are best-placed to figure out these strategies. Perhaps that’s what you do already. Framed properly, the method used to evaluate risk can make it really simple to provide the right numbers. Archer Insight is set up this way and it builds the risk analysis models for you as you describe the problem. You don’t ever need to pick a probability distribution or write an equation. But it’s still a great idea to know the basics of probability. You’ll be more confident about explaining what’s been learned, checking the results and collecting the right data. It will take a couple of days of training, and Archer can provide that training. You might even find it fun. Archer Insight Delivers Enterprise-Wide Risk Quantification Archer® Insight is a suite of enterprise-wide risk quantification capabilities designed to deliver risk and business leaders a complete view of enterprise risks to improve resilience and ensure achievement of its strategic goals. For example, Archer Insight allows you to use built-in techniques like Monte Carlo simulation so you do not need to do all of the modeling yourself. Archer Insight can help you aggregate risk into meaningful quantitative measurements - and when you can add things, you can compare them. It allows you to compare risks and investments needed to mitigate, reduce, transfer or avoid risk. Archer Insight is entirely quantitative, enabling you to combine all the threats to your organization and truly understand the risks that matter. It makes quantitative risk management quick and easy to use by providing a full set of tools and features for understanding and managing all types of risk in one platform: operational, project, cyber-security, health and safety, investment and cashflow risk. Join us for an upcoming webinar Risk Quantification: Step Up Your GRC Game to learn more about how you can quantifying risk can change the conversation with your management team and business partners. Contact us to learn how Archer Insight can help you quantify your risk management.

As new technologies are rapidly adopted, new opportunities open. At the same time technology also carries the burden of potential negative events. In addition, evolving regulatory environments add new compliance requirements, making the task of managing and mitigating risk ever-expanding. We wanted to know how the organizations are contending with digital risk management maturation, so we analyzed how our customers are dealing with evolving risks. We observed the majority felt that their organizations were able to manage at least some of their new, existing, and developing digital risks – in large part because of their path towards an integrated risk management strategy. This is a promising start and shows that even when facing unprecedented challenges, the road to maturing an integrated risk management program leads to not only reduced risk but more agile and informed business decisions Reaching a high level of maturity with integrated risk management can benefit an organization greatly. Managing a greater variety of risks across domains, and smaller categories of risk within domains are part of a maturing integrated risk management strategy. Maturity also means finding better ways for a risk management program’s findings to be communicated within a department or organization. Discover if your organization is making the right moves to mature your risk management program to guard against expanding risk by reading our report “The State of Integrated Risk Management.” Creating a Culture of Integrated Risk Management A risk management department doesn’t absolve stakeholders from managing the risk in their domains. In the same way that compliance is the responsibility of every person in an organization, integrated risk management strategies place risk reporting and mitigation in everyone’s hands. Today's challenges require managing a cultural shift from reactively checking boxes in a risk assessment program to a proactive risk management model that necessitates participation across the organization. Integrated risk management is a journey - not a destination. Even organizations with well-structured programs must continually monitor and evolve their program to ensure risk management is connected to business goals with cross-functional processes. Risk management processes and procedures that become fixed and no longer connect with the conditions on the ground can create more issues than they solve. When engaging front-line stakeholders, it is crucially important to ensure that when personnel report on evolving risks, that information is at the very least acknowledged and, ideally, acted on by the organization. In years past this would require taking time to fill out paperwork, something that might not always be practical if the front line is a warehouse or industrial site. The ubiquity of smartphones and wireless networks has created a powerful and rapid method to tighten the loop on reporting, monitoring, and communicating sources of risk. We developed Archer Engage to offer a straightforward risk analysis and treatment platform that allows any stakeholder with a smartphone to report and collect risk data in real-time. The process of engagement can extend to third parties as well. An understanding of the relationships you have with third parties to mitigate risk is key to managing risk and operational resiliency. Engaging a third party to report conditions in real-time helps make the priorities of an organization clear. How Risk Management Matures When an organization begins to develop an integrated risk management program, it is useful to focus on quick wins within the context of a broader strategy. This helps to establish that an integrated risk management program is effective and can deliver on the organization’s strategic goals. Risk is changing so dramatically across so many areas that siloed and manual processes make it difficult to get complete information to stakeholders quickly. Even the most successful point solutions will only magnify this challenge, with information stored in different locations and used in different ways by each department. As an integrated risk management approach matures, risk from multiple domains can be managed centrally, in a coordinated and consistent way. In fact, almost 80% of our customers manage multiple domains of risk on Archer. Expanding an integrated risk management program across and within domains doesn’t just mean taking the same cookie-cutter solution and thoughtlessly applying it. The process of expansion should be sensitive to what is novel about the different domains being managed. There is no guarantee that, for example, the threat of a cyberattack will map directly onto a compliance issue, so procedures to mitigate or manage one may not make sense for the other. However, even when the details differ, the platform on which those procedures are developed and deployed should offer a common interface for managing both. It is important to keep in mind that a mature integrated risk management approach will evolve over time. Steps that are taken to increase maturity will not deliver a final product, destination, or steady-state of risk management. Stakeholders in an organization need to understand that integrated risk management means constant vigilance for existing and novel risks to increase operational resilience. Mature integrated risk management is woven into everything an organization does. Think of how ubiquitous the use of digital technology is in a modern organization and you can start to get an idea of how deeply integrated mature risk management should be. Expanding and Extending Risk Management Strategies With a mature risk management strategy, risk is not a ‘black box’ but a key input into making decisions to exploit business opportunity. If your organization can successfully manage disruptions that sideline other players in the field, those disruptions become a chance to grow. Effective risk management is more than avoiding major failures and business disruptions. Creating a culture of risk awareness can protect your organization and enhance its value. An organization with a mature integrated risk management process that can maintain operations during a crisis is able to take advantage of the new opportunities the changing landscape offers. For example, Home Depot proactively distributes plywood, generators, and equipment to clear fallen trees to stores where hurricanes are expected to make landfall. While other hardware and lumber stores may struggle to meet demand or even stay open, Home Depot is the go-to business for people preparing for or recovering from a disaster (1). The individual components of mature integrated risk management are themselves beneficial to an organization. For example, organizations that engage front-line stakeholders in the risk management process were more likely to experience revenue growth and were faster to recover from disruptions (2). Make your organization more competitive and resilient by downloading our report, “The State of Integrated Risk Management,” which will teach you how the journey toward mature integrated risk management actually provides tangible benefits and better business outcomes. (1) https://fortune.com/2017/08/31/home-depot-hurricane-harvey-damage-impact/ (2) PricewaterhouseCoopers. Risk in Review: Managing Risk from the Front Line Correlates to Higher Revenue and Profit Growth, Says PwC. 2017. https://www.pwc.com/us/en/press-releases/2017/risk-in-review-managing-risk-from-the-front-line.html

Proven Path Trusted by Industry Leaders Archer empowers organizations to manage multiple dimensions of risk Jesse Tucker, CRISC, Security+ ENT Credit Union Archer's GRC platform has enabled Ent to establish truly integrated risk management. We now walk alongside our business partners providing a strategic approach to managing their part of the IRM puzzle, ensuring true risk transparency for the organization. CUSTOMER STORIES Over 1,500 organizations globally trust Archer to establish and evolve their Risk Management function. Collectively, they represent one of the industry's largest user communities, numbering over 15,000, supporting one another in their journey towards integrated risk management. Multinational metals & mining company use Archer to report on environmental and sustainable risk Read the Story Intuitive Surgical Migrated to Archer SaaS for their journey to empowered risk management Read the Story Evalueserve Derives Dramatic Efficiency Gains from Archer Read the Story "Archer has helped us evolve from an organization that was constantly chasing data and information... Now we have a source of record where employees can more quickly access and consume data and make decisions based on it." Operational Resilience for Financial Services Institutions Read the Story du's Business Success is Enabled by Archer Read the Story Banorte Bank Gains Accurate Picture of Risk with Archer Read the Story Leading Bank in Turkey Relies on Archer for Integrated Risk Management Read the Story Eastern Bank Uses Archer to Drive Business Processes and Streamline Compliance Read the Story Customer Success program Start Your Journey 동영상 보기 Facebook Twitter Pinterest Tumblr 링크 복사 링크 복사 완료 재생중 02:01 동영상 보기 재생중 02:44 동영상 보기 재생중 04:00 동영상 보기 재생중 02:10 동영상 보기

Request a Demo ESG 및 통합 리스크 관리 ESG(Environmental Social & Governance) 이니셔티브는 지난 한 해 동안 거의 모든 조직에서 전략적으로 필수적이 되었습니다. 집중도와 압력이 높아짐에 따라 ESG는 이사회 수준에서 중요할 뿐만 아니라 운영상 조직 전체에 걸쳐 중요한 주제가 되었습니다. ESG 및 통합 위험 관리 백서를 읽고 ESG 노력과 통합 위험 관리가 불확실성을 관리하기 위해 어떻게 수렴하는지 이해하십시오. 논문 읽기 Archer's 현대적인 통합 위험 관리 솔루션 검증된 솔루션을 통합. 모든 도메인의 리스크 관리 영역에서 수십 년의 경험과 수백 건의 배포를 기반으로 구축했습니다. 조직의 요구 사항에 맞게 유연하게 적용 가능 조직에 가시성을 통합하거나 한 리스크 분야에서 시작하기 위한 최신 리스크 관리 기능이 있는지 여부. 특별히 설계된 모던 플랫폼 리스크 분석 및 관리를 위해 최적화된 플랫폼에서 이해 관계자 간의 효율성과 조정이 향상됩니다. 통합 리스크 관리 플랫폼 리스크에 대한 공통 언어로 강력한 리스크 관리 문화 조성 Archer를 사용하면 리스크에 대한 공통적인 이해가 가능하므로 협업을 통해 보다 쉽게 리스크를 관리할 수 있습니다. 모든 리스크 데이터 관리에 동일한 분류 체계, 정책 및 측정 지표를 적용함으로써 모든 인력이 정확한 정보를 파악할 수 있으므로 협업이 개선되고 효율성이 향상됩니다. Request a Demo 동영상 보기 Facebook Twitter Pinterest Tumblr 링크 복사 링크 복사 완료 대화형 데모 가장 복잡한 리스크 및 컴플라이언스 문제에 대한 통합 접근 방식 Archer에 대한 자가 학습 방식으로 통합 리스크 관리에 대한 포괄적인 접근 방식을 살펴보십시오. 어떤 형태의 구성(On-Prem 또는 SaaS)인지 관계없이, 조직의 고유한 리스크 및 컴플라이언스 문제를 얼마나 문제를 잘 해결할 수 있는지를 UI와 기능들을 통해 확인해 보시기 바랍니다. 데모 시작 SOLUTIONS A broad portfolio of solutions integrated into a single platform. Third Party Governance Automate and streamline oversight of vendor relationships. Learn more ESG Management Provides assessment, mapping, monitoring, reporting, and quantification. Learn more Business Resiliency Identify and catalog your organization's mission critical processes and systems. Learn more Enterprise and Operational Risk Management A single, central aggregation point supporting your risk management program. Learn more Operational Resilience A critical part of your approach to building an operationally resilient organization. Learn more IT & Security Risk Management The backbone of your strategy to manage technology risk. Learn more Regulatory and Corporate Compliance Consolidate your compliance and assurance activities into a single strategy. Learn more Audit Management Consolidates your entire audit process within one system. Learn more Public Sector Solutions Specifically designed to meet the unique needs of government agencies. Learn more PLATFORM A modern integrated risk management platform. Archer Engage Streamlined user experience for first line of defense. Intuitive User Experience Capture Key Data Stakeholder Participation Find Out More Archer Engage for Vendors Streamlined user experience for vendors. Mobile-optimized Interface Accurate Picture of Risk Vendor Participation Find Out More Archer Insight Enterprise risk quantification for business leaders. Focused Integrated Actionable Find Out More Archer Exchange Value-add offerings to help your program get on the right path. Solution Enhancement Adaptability Leverage Functionality Find Out More 고객 추천사 고객의 평가. Archer를 사용한 후로 데이터와 정보를 추적할 필요가 없어졌습니다. 이제는 단일의 기록 저장 소스가 있기 때문에 데이터 액세스 및 사용과 데이터 기반의 의사 결정을 더욱 신속하게 수행할 수 있습니다. Brian Drotleff IT 시큐리티 총괄, St. Luke’s Health System

감사 관리 리스크 기반 접근 방식으로 감사 혁신 비즈니스는 날이 갈수록 복잡해지고 있습니다. 비즈니스 운영은 잠재적인 리스크 분야를 모니터링하여 큰 이점을 얻을 수 있습니다. 감사 기능은 중요한 관점을 제공하고 비즈니스에서 놓친 부분까지 포착할 수 있습니다. Archer Audit Management는 감사 관리에 대한 리스크 기반 접근 방식을 제공하고 전체 감사 프로세스를 하나의 시스템으로 통합합니다. 감사 팀이 비즈니스의 가장 중요한 분야에 집중하면 가장 영향력 있는 리스크 영역에 대한 감사를 위해 운영 팀과 협업하는 방식을 혁신할 수 있습니다. Archer를 통해 내부 감사 관리 프로그램을 혁신하는 방법을 알아보십시오. Transform internal audit into a proactive, strategic enabler of the business. Request a Demo 동영상 보기 Facebook Twitter Pinterest Tumblr 링크 복사 링크 복사 완료 감사 수명주기에 대한 통제 강화 모든 감사 관리 요구 사항을 충족하는 단일 시스템을 구축하며, 이를 통해 감사 수명주기를 쉽게 관리할 수 있습니다. 기능 전반의 협업 개선 감사 팀이 비즈니스, 리스크 및 컴플라이언스 기능을 통해 동료와 협업하고 데이터를 공유할 수 있도록 업계에서 검증된 모범 사례를 활용할 수 있습니다. 사전 예방적으로 비즈니스 관리 집계된 데이터 및 분석을 통해 리스크, 컴플라이언스 팀의 정보, 리소스 및 결과에 액세스하여 주요 리스크와 성과에 미치지 못하는 통제에 대한 가시성을 확보할 수 있습니다. Archer Audit Management 활용 사례 다양한 문제에 대한 전체 활용 사례 모음 Issues management ​ Archer Issues Management lays the foundation for your integrated risk management program to manage issues generated by audit, risk, compliance and other teams. It includes the business hierarchy to establish the corporate structure and accountability, and workflow and reporting to manage findings, remediation plans and exceptions. Audit engagements and workpapers Transform the efficiency of your internal audit function, complete better-scoped audits more quickly, and decrease external audit fees with Archer Audit Engagements & Workpapers. It facilitates audit engagements, helps you maintain workpaper documentation, and allows you to report on audit results consistently and quickly. Audit planning and quality ​ ​ Archer Audit Planning & Quality enables you to risk assess your audit entities, make audit plans for engagements, and puts you in control of the entire audit planning lifecycle. Integrated risk management and control information enables your audit team to easily align objectives with other stakeholders. Resources See more resources Analyst Report The Business Value of Archer ​ ​ ​ Read the Report Analyst Report Understanding the Modern Needs for Risk Management ​ ​ Read the Report Analyst Report Taking Risk and Compliance Programs to the Next Level to Support the Modern Enterprise Read the Report Whitepaper The State of Integrated Risk Management ​ ​ Read the Paper Audit Management Get a demo to see how Archer can best address your organization's unique risk challenges. Request a Demo