Search
  • Steve Schlarman

Archer State of Integrated Risk Management Report

Updated: Oct 1


Whether you call it Integrated risk management or Governance, Risk and Compliance or just plain old organizational common sense, the idea to manage risk within today’s competitive and constantly changing environment is an absolute necessity. In the past year, technology shifts, market disruptions and unique obstacles have made keeping tabs on the barriers to strategic business goals a constant battle. Piling on top of the usual suspects of security, operational risk, and regulatory compliance are the topics of operational resilience, third party risk and Environmental, Social and Governance (ESG) risk. While those themes have been part of the risk landscape for years, they seem to have matured from precocious toddlers to full blown adolescence – wreaking havoc - overnight.


At this juncture, we felt it was important to take a step back and look at the risk management industry. The Archer State of Integrated Risk Management report is based on several inputs. We analyzed our customer base to identify trends and indicators. With over 1500 deployments, Archer is used by companies of all sizes, in all industries and across the globe. Additionally, we have customers that have deployments of over 15 years. This coverage gives us unique insights into what capabilities companies target as they mature their risk management programs. We also analyzed specific results from the 2020 RSA Digital Risk Survey relevant to integrated risk management priorities. This survey consisted of targeted questions regarding risk priorities today with responses from 1,100 risk, security and business professionals. Based on our own experiences working with our customers and these inputs, we identified four industry themes that provide a perspective on integrated risk management.

  • Compliance is still foundational, but operational resilience is the end game.

  • Convergence of digital and traditional business means organizations must not stop at IT and security risk management or disaster recovery.

  • Quantification based on well-established mathematical principles is the best way to calculate risk—and it’s easier than ever.

  • Risk management maturity over time is complex yet achievable.

We also noted how risk management technology has evolved in the face of change. Over the last 20 years, Archer has evolved from organizing catalogs of key elements of the risk management program into the enterprise business support tool with workflow, reporting and decision support that enables integrated risk management and bring significant ROI.


2020 brought tremendous disruption to organizations but also offered an extreme example on what it takes to be resilient. Disruption doesn’t play favorites – but those organizations prepared for it can not only survive but thrive. Operational resilience takes forethought, discipline and constant vigilance. Integrated risk management plays a critical role in developing these capabilities. Risk management is both a proactive and reflective process taking not only experience and expertise to learn from the past, but also commitment and focus to innovate for the future.


Download the report to learn more about the state of integrated risk management and see how your organization stacks up towards building the resilience it needs in today’s risk landscape.