Search Results

He thought he had it all under control. From deep within his confines of the Chateau de Fontaineblue, Napoleon Bonaparte did during a particularly critical juncture of the Napoleanic Wars exactly what he had always done; what had always brought him success in past. Throughout the battles that raged between France and England from 1793 through 1815, Napoleon maintained close control of the moves of his army applying what by now had become one of history’s most accomplished military minds. Only at key moment in the war, the dynamics had changed in ways that he hadn’t carefully considered in terms of operational impact. While up until late 1805 the majority of the war had played out on fields across western Europe, the battle had taken to the seas, and the Battle of Trafalgar would prove a key turning point forever changing the course of Europe’s history. In the best-selling book Nelson’s Trafalgar: The Battle that Changed the World , Rod Adkins describes how Napoleon was “used to organizing grand projects that relied on the fast and reliable transmission of orders to move large armies across the landscape.” Some would say Napoleon’s error was one of strategy, of not trusting in the French Navy, led by Admiral Pierre-Charles Villeneuve. In fact, Adkins writes “while trying to impose tight control on his ships at seas through a constant stream of orders, he produced more chaos than if he had left his admirals to their own devices. ” While it’s hard to argue against the validity of this point, the eventual shortcomings of Napoleon’s approach also point towards some important factors that in many ways are relatable to the challenges facing business and risk professionals in managing today’s complex operational environments. Specifically, I see two failures: Understanding the changing dynamics of the battlefield Understanding the opportunities and limitations of technology to stay engaged with front lines If you’ll forgive the melodramatic metaphor, the changing dynamics of business operations compare favorably to the shifting battlefield that challenged the French strategy. A Gartner, Inc. survey of 317 CFOs and Finance leaders last March revealed that 74% will move at least 5% of their previously on-site workforce to permanently remote positions post-COVID 19. Understanding how that new reality, one which many were planning for but has been dramatically accelerated, is essential to maintaining effective first-line coordination and collaboration. When you consider further the additional shifts in outsourced dependencies represented by the move to third party and vendor execution, the challenge becomes even more complex. According to media coverage of a 2020 Ponemon survey , the typical enterprise has an average of 5,800 third parties, and that number is expected to grow by 15 percent in the next year. Both of these dynamics present new realities of limited visibility and have dramatic impact on identification of new risks and the responsiveness of various branches of far-flung operation and execution. The second lesson is around understanding how the technology requirements for achieving first-line and vendor management are different. In Napoleon’s case, he continued to rely on frequent and granular changes in orders, which for land-based battles could be more reliably delivered by horse-driven carriers. The sea-based troops needed a different approach, as the small crafts meant to carry new orders swiftly proved ineffective in keeping pace with the changing risks on these front lines. The needs highlighted by these lessons are at the forefront of the innovation within the recent launch of Archer Engage . My colleague Jeremy Fisher recently covered in great detail the need to ‘meet the first line’ where and how they are accustomed to working. And so as we continue to share the details of Archer Engage with our customers we are working to help them explore key questions related to first-line collaboration, such as: How much more effective would your risk function be if you could increase the response rate on first-line assessments by 25%? By 50% To what degree would risk be reduced if you had double or triple the visibility into your third party readiness for new risks as they emerge? How valuable is speed in responding to risk? What if your assessment or incident notification process could be dramatically sped up? Archer Engage provides a solution for our customers with a streamlined user experience across the organization that enables broad stakeholder participation in risk management . This simplified and efficient collection of risk data from cross-functional stakeholders is fed into the Archer platform for analysis and treatment. Learn more about Archer Engage and how you can streamline risk management collaboration .

Building business resiliency in today’s complex organizations is like trying to put together a championship team. It is comprised of many inter-related moving parts: owners to support a common goal to succeed; a general manager to oversee team operations and ensure recruitment of the right coaches; a head coach and assistant coaches to develop the best players and provide an effective game plan the team can execute; and a roster of players that are well prepared to perform when the time comes. To get it right, this level of teamwork requires coordinated resources, effort, and sometimes trial and error. Similarly, building a resilient organization also requires significant coordination. It requires a common goal for the board of directors and C-level executives to build a resilient organization; designated champions with the authority to drive this resiliency initiative throughout the organization and help clear obstacles; And a leader to execute a coordinated plan working with corresponding leaders and their teams across business operations, IT, risk management, compliance, third-party management and other departments.. While building a resilient organization can seem like a daunting task, a well thought plan and playbook can make all the difference. We recommend you consider the following areas in creating your resiliency playbook: Aspects of your organization that are most critical to ensure they are resilient. It is important to determine which of your customer-facing products and services and supporting business processes would have the greatest impact on your organization if they were interrupted for any reason. First, identify which products and services are most critical; then determine the negative impacts – or impact tolerances -- your organization would be able to absorb. This should account for the duration of the disruption (recovery time objective), as well as the impact on other business metrics. For example, if your organization was not able provide that product or service, how much revenue could you afford to lose or how many transactions could you afford to not process before the impact becomes intolerable to the business. These impact tolerances are important drivers in determining which resiliency and recovery strategies your organization puts in place. Risks that could impact your organization. It is important for your organization to have methods to identify and understand which risks could affect the achievement of your business objectives, as well as the likelihood of the occurrence of those risks. This can help your organization understand to what extent the risks need to be dealt with. It is also critical to identify the scenarios (combinations of risks or threats) that could impact the business, such as a pandemic that results in loss of key resources, loss of customers, regulatory restrictions, and more. This is more than assessing and managing one type of risk, it is also identifying those ‘perfect storms’ that combine multiple risks and threats that could negatively impact your organization. Understanding your third-party risk. Third parties can play an integral role in helping to achieve your business objectives, yet today’s supply chains and third-party ecosystems are becoming increasingly complex. In building business resiliency, it is critical to identify, understand and track your third parties, particularly those that support your organization’s most critical products and services. Once you know who your most important third parties are, it is vital to understand the vulnerabilities they present and their resiliency capabilities and gaps. The importance of business and IT recovery . The best assumption is not “if” your organization will experience a disruption at some point, but “when” there will be a disruption. Starting with the parts of your business that are most critical, consider the potential disruptive scenarios and risks and whether you have resiliency and recovery strategies to recover your business and IT functions. This extends to people, locations, data and any other elements that are vital to running your business. These strategies must be translated into concrete plans and tested against the scenarios you have defined. Tracking your business resiliency progress and gaps . There are many moving parts in an initiative to build resiliency into the way your business operates. It must be managed like a cross-organization project until it becomes “muscle memory” for your organization. Tasks, assignments, issues, gaps and next steps must be tracked, assigned owners, driven to resolution, and reported. This discipline is required to successfully implement a program of this magnitude. Business resiliency is difficult to build and maintain without the help of automation. Archer is purpose-built to help organizations of all sizes and scope quickly deploy the standards-driven industry best practices needed to establish effective business resiliency. For example: Archer Business Impact Analysis helps you determine which of your business processes are most critical, including the supporting infrastructure, so you can protect and recover what is most important to your organization. Archer Risk Catalog allows you to record and track risks across your organization and establish accountability for those risks. It lets you take a top-down, qualitative approach to assessing inherent and residual risk and enables a three-level rollup of risk, from a granular level up through enterprise risk statements. Archer Third Party Catalog allows you to document all third-party relationships, engagements, and associated contracts, as well as the business units and named individuals in your organization that are responsible for each third-party relationship. Archer Business Continuity & IT Disaster Recovery Planning enables you to document and test business continuity and IT disaster recovery plans with a coordinated, consistent, and automated approach to recovery, allowing you to respond swiftly in crisis situations. Archer Issues Management lays the foundation for your business resiliency program, enabling you to manage issues generated by multiple groups and establish accountability, workflow and reporting to improve the management of findings, remediation plans and exceptions. Building resiliency for your organization requires shared objectives, dedicated ownership, leadership buy-in, cross-functional coordination, consistent execution, and, well, resilience! Learn more about Archer’s approach to Building Business Resiliency . Patrick Potter is a subject matter expert who works with customers, analysts and partners on integrated risk management best practices, as well as provides strategic input into the development and marketing of Archer.

In a year filled with unprecedented challenges and uncertainty beyond our control, I find it especially rewarding to focus on outcomes where things have fallen naturally into place. That's why I feel incredibly fortunate to be Archer's new CEO as we lead our business into its next chapter. Just a few months ago, I couldn't have predicted the opportunity to join an iconic leader in the risk management software industry where I've spent my career and be able to continue my partnership with Symphony Technologies Group - RSA's primary portfolio sponsor. I was equally excited by the opportunity to address the passionate Archer customer base (albeit virtually) today at the Archer Summit 2020. For those unable to join this year's event, let me recap some of the main points. First and foremost, my message to customers is to reinforce our commitment to Archer's leadership and innovation in the Integrated Risk Management arena. As an independent company, we have a better opportunity to focus on that singular objective and drive on the collective energy and passion of our employees and this entire community towards that mission. Since my arrival at Archer just a few short weeks ago, I've been incredibly impressed by the recent momentum around the offerings, all of which has only reinforced what I knew of Archer's reputation. Not only have recent innovations in the product been huge drivers of value for customers, but they also act as a foundation for new areas of development and value creation. For example, the move to Archer's Cloud has enabled a major online retailer to be implemented within 90 days. We have the ability to be more agile and responsive to the changing needs of risk managers, and more fully committed to ensuring long-term customer success. I shared our focus on four strategic pillars which will guide our efforts and investments in the future: Modern Cloud Offerings: we have already seen tremendous improvements in time to value for our customers using Archer Cloud and will continue to advance our capabilities as a preferred deployment method. Integrated Risk Management for the Enterprise: we believe our capabilities are unmatched and create tremendous differentiation, and we plan to compound that advantage to engage more stakeholders in the risk process and improve communication and outcomes through broad use of the Archer platform. Analytics: with nearly 1,500 customers globally, we plan to share depersonalized insights across our vast customer network to help how our clients think about risk and the usage of Archer. Customer Success: we have formally launched our Customer Success Program (CSP) offerings to create a formal process to ensure our client objectives are known and whether we are collectively realizing the benefits expected through our proven, developed methodology. Finally, I communicated our independent brand identity for the Archer business. Although there have been many advantages being part of Dell and RSA, that association has led some to think our capabilities are solely focused on IT risk management. Our newly relaunched Archer brand gives us the opportunity to renew a connection to the broader elements of operational risk and reinforce the importance of integration of risk across the entire organization, not just IT. These are just a few areas where you will be seeing and feeling the positive impacts of our independence, and so I look forward to building upon today's news and the many highlights of the Archer Summit 2020 to work with all of you in writing Archer's next chapter.