Search Results

Provision 29 of the UK Corporate Governance Code has established a new benchmark for risk management and internal control systems. While initially designed for UK-listed companies, its principles offer valuable insights for organizations worldwide. As businesses face increasingly complex risks, the core elements of Provision 29 provide a framework that transcends geographical boundaries. The universal value of robust risk management At its core, Provision 29 requires Boards to implement procedures for managing risk, overseeing internal control frameworks, and determining acceptable risk appetites to achieve strategic objectives. These foundational activities are relevant to any organization, regardless of industry, size, or location: Regular monitoring of risk management systems Annual effectiveness reviews Comprehensive coverage of financial, operational, and compliance controls Board-level accountability for risk oversight Transparent reporting on risk management approaches For global businesses, these activities are not mere compliance exercises but essential practices that promote sustainable growth and resilience. Third- and fourth-party risk -- the extended enterprise challenge Organizations depend on a complex network of suppliers and partners to deliver services to end consumers. The provision’s emphasis on material controls is particularly relevant when applied to third- and fourth-party risk management. The pandemic, geopolitical tensions, and supply chain disruptions have exposed vulnerabilities in global business relationships. Applying Provision 29 principles to third-party management involves: Identifying third-party relationships that pose material risks Establishing continuous monitoring systems beyond initial due diligence Implementing appropriate controls aligned with vendors' risk profiles Ensuring Board visibility into significant third-party risks Developing contingency plans for critical supplier failures Fourth-party risk—the vendors of your vendors—introduces an additional layer of complexity. While Provision 29 does not explicitly address this layer, its principles naturally extend to these hidden dependencies such as: Mapping critical fourth-party relationships that could impact business continuity Establishing contractual obligations for third parties to manage their supply chains effectively Implementing monitoring systems that provide visibility beyond direct suppliers Collaborating with industry peers to address common fourth-party risks Building global operational resilience Operational resilience—an organization's ability to adapt, respond to, and recover from disruptions—relies on effective risk management across geographies. Applying Provision 29 globally often involves the following strategies: Break down geographic silos:  Ensure consistent risk approaches across regions while allowing for local adaptations where necessary. Leverage technology:  Utilize GRC platforms and monitoring tools for real-time visibility into global operations. Clarify accountability:  Establish governance structures that define risk ownership across multinational organizations. Promote risk culture:  Foster a shared understanding of risk appetite and management approaches across all locations. Develop scenario-based resilience plans:  Prepare for disruptions that may cross geographic and organizational boundaries. The business case for global implementation Beyond regulatory compliance, organizations that embrace Provision 29 principles often realize significant benefits: Strategic agility:  Access to accurate risk information enables faster, more confident decision-making in uncertain environments. Resource optimization:  Prioritizing material controls reduces wasted effort on low-impact compliance activities. Improved stakeholder confidence: Demonstrating strong risk management attracts investment and strengthens stakeholder relationships. Competitive differentiation: Superior risk management capabilities can become a competitive advantage in volatile industries. Moving forward: from compliance to capability For global organizations, applying the principles of Provision 29 requires shifting from a compliance mindset to embedding risk management as a core capability. Steps to consider in making this shift include: Identify material risks:  Understand the most critical risks across your global footprint. Develop consistent frameworks: Build unified risk management frameworks with flexibility for regional adaptations. Invest in technology:  Implement platforms that provide enterprise-wide risk visibility. Ensure Board engagement:  Establish oversight that spans geographic boundaries. Embrace continuous improvement: Regularly test and refine your approach through scenario planning and ongoing learning. Provision 29’s emphasis on proactive, integrated risk management offers a universal model for resilience. By applying these principles to manage extended enterprise risks, global businesses can navigate today’s complex risk environment with confidence and agility. Learn more Discover how Provision 29 is shaping risk management practices by registering for our April 29 webinar, “ The UK Corporate Governance Code: Balancing Risk, Control & Assurance.” Our expert panel, featuring Michael Rasmussen, GRC Pundit and Analyst, GRC 20/20 Research LLC; Kirsty Hart, Archer’s Global Head of Risk; and Graeme Keith, Archer’s Vice President of Quantitative Risk, will explore practical applications and insights from the UK Corporate Governance Code. Register

The opening keynotes and "Southern Charm" welcome reception at Archer Summit 2024 on Monday night kicked off events in typical fashion – fun, friends, and lots of sharing of risk and compliance ideas! Today was equally amazing as we jumped into everything, from product keynotes to client panels to user groups to breakout sessions and more: Industry user groups for Public Sector, Energy, Healthcare, Supply Chain/Manufacturing and Financial services gave participants a chance to interact with like-minded folks and discuss topics relevant to their industries. The Archer Product team delivered a view into the groundbreaking capabilities available now and coming soon. Highlights included presentations on Archer’s next generation risk experience and a client panel discussion with executives from Truist, Allied Irish Bank, Rakuten, and Cardworks giving us a glimpse into the challenges their organizations face and how they’re overcoming them with Archer. Breakout sessions featured speakers from Saudi Aramco, Ally Bank, Best Buy, Fannie Mae, Rakuten, TD Bank, Truist, Kellanova, Haleon, Highmark Health. Archer partners CastleHill, NiSource, and Cential joined Archer clients and staff to present insightful perspectives on using Archer. Session topics included how to elevate your internal controls with Archer; how Archer RMIS AI can reduce costs and enhance the value of your GRC program; how to build efficient GRC frameworks; and the importance of data driven insights in risk management. The Archer Executive Forum, a group of 23 chief risk, compliance, audit and security officers, met with Archer executives to discuss the importance of AI in GRC, how to drive value using risk quantification, and how Archer can help organizations strategically deploy their risk and compliance capabilities as real business differentiators and drivers. We’re grateful for our valued partners and their partnership with Archer and our clients. If you haven’t stopped by the Partner Pavilion yet, check it out. The day ended with dine around dinners at some renowned New Orleans restaurants – great food and company!

Mark your calendars for the premier GRC event! Archer Summit 2025 is set to take place from September 15-18, 2025, in the vibrant city of Chicago.   This annual gathering of Archer clients, industry leaders, and experts is your opportunity to deepen your GRC expertise, network with peers, and discover cutting-edge strategies that will reshape the way you approach risk management and compliance in your organization.    Archer has long been a trailblazer in enterprise GRC software, empowering global organizations to achieve operational resilience and address their most critical challenges. And Archer Summit is where this innovation comes to life!   Building on the success of last year’s event, which featured over 50 thought-provoking sessions, dynamic keynotes from industry pioneers, and hands-on workshops, Archer Summit 2025 conference promises to deliver an unparalleled experience for attendees.    Why Attend Archer Summit 2025?  Archer Summit is more than a conference. It’s a community. Whether you’re an established GRC professional or just starting your compliance and risk management journey, Archer Summit offers tailored experiences for attendees at every stage.   Here’s what you can expect this year and why attending should be a top priority for all Archer clients:   1. Gain critical insights from industry leaders  The Archer Summit 2025 agenda will be packed with keynote presentations from recognized experts in GRC, risk management, and regulatory compliance. Learn about the latest trends, future challenges, and visionary solutions that are shaping the industry.    2. Take advantage of deep-dive learning opportunities Archer Summit features diverse breakout sessions that cater to all experience levels. Participate in hands-on workshops, engage in technical training, and explore real-world case studies that will help you tackle complex GRC scenarios with confidence. And don’t forget – CPE credit, too!   3. Engage in networking and collaboration Join hundreds of your peers from across the globe to share best practices, discuss challenges, and build your professional network. Archer Summit fosters a collaborative environment where attendees can connect meaningfully, creating opportunities for partnerships and knowledge exchange.    4. Exciting product announcements and demonstrations  Be the first to hear about Archer’s exciting product roadmap and newly launched solutions that are driving the future of enterprise GRC. From advanced analytics innovations to AI-driven insights, Archer is redefining how organizations address governance, risk, and compliance. And Archer Summit 2025 gives you a front-row seat!    5. Experience Chicago Set against the energetic backdrop of Chicago, Archer Summit 2025 is not just an industry event but an experience. Beyond the action-packed agenda, enjoy your time exploring Chicago’s stunning architecture, iconic landmarks, and exceptional dining options.      Register Today! Don’t wait to secure your spot at Archer Summit 2025! Whether you’re looking to gain new perspectives or contribute to the GRC conversation, attending Archer Summit 2025 is a pivotal step in moving your organization ahead for strategic growth and success.    Invest in your professional development and your organization’s future by registering today. Join the Archer client community at Archer Summit 2025, September 15-18, and prepare to elevate how you manage enterprise risk and compliance.    Visit our event page to explore the detailed agenda, learn more about hotel accommodations, and register now. The countdown is on! See you in Chicago!

Greetings from the dynamic and vibrant city of New Orleans. Today is the opening stanza to Archer Summit 2024, our annual user conference set in a city where the rhythm of jazz echoes the heartbeat of endless possibilities.  New Orleans is picture-perfect backdrop – culturally rich, steeped in history, full of life and always willing to invent anew.   In a world of seemingly non-stop change, risk and compliance teams often find themselves in uncharted territory. At Archer Summit, we explore strategies to not only manage but anticipate risks in a world where unpredictability is the new normal. There’s no better place to delve into these discussions than New Orleans, a city that has rebounded from its own complex challenges, demonstrating resilience and adaptability. This vibrant location provides an inspiring backdrop for our discussions on risk, resilience, and innovation.   This year’s Archer Summit kicked off in grand style with CEO Bill Diaz announcing a truly exciting strategy to help our clients transform their risk management strategies.  On the heels of record expansion and growth for the Archer business, Bill announced Archer Evolv , an innovative SaaS solution that brings together transformative enhancements to help our clients transcend today’s challenges. Archer Evolv incorporates deep learning AI capabilities to provide guidance and insights throughout the risk management program. Built on our SaaS platform, Archer Evolv is global, scalable, easy to integrate and mobile. Our clients can address emerging challenges and quickly leverage the capabilities they need throughout their business.  With a next generation user experience and intelligent workflows, Archer Evolv empowers users at all levels with real-time data insights that guide them to make informed decisions and take action. Our compliance and risk solutions help clients turn siloed, reactive and transactional risk and compliance approaches into strategic, proactive and opportunistic business differentiators.  A key element of our strategy is our unmatched ability to automate   staying informed about regulatory developments and anticipate changes that may impact operations, compliance obligations, and risk profiles.  Bill outlined the transformative approach delivered by Archer Assurance AI as we announced last month .  Bill also elaborated on the differentiated capabilities we have developed for risk quantification with Archer Insight and the expansion of capabilities of Archer RMIS AI. The result is an integrated approach to risk, compliance and audit that transforms risk management programs from being seen as simply a cost center driving administrative overhead to a core business function that delivers strategic value. Across industries, regulatory requirements are intensifying. Compliance teams must navigate stringent regulations, ensuring that compliance is not merely reactive but embedded into the organization’s culture and processes. At the same time, risk managers face the challenge of preparing for events that can cause sudden, widespread disruptions, from natural disasters to geopolitical events.  Set against the background of New Orleans’ enigmatic charm and diverse influences, Day One was just the start as Archer Summit 2024 unveils more innovations that will help our clients unmask boundless opportunities lying beneath the surface of uncertainty.

We’re nearing the end of another successful Archer Summit and it’s been an extraordinary three days of sharing ideas, making connections, and having fun! Day 3 of Archer Summit 2024 marked a pivot from product roadmap updates and customer panels to breakout sessions and learning labs where ‘the rubber meets the road.’ On the heels of industry user group meetings earlier this week, breakout sessions led by Archer clients and the Archer Executive Forum focused on how Archer can help address today’s most critical business challenges. Topics ran the gamut from assessments to AI, regulatory topics to resilience, and intelligence to next-generation risk management. Attendees gleaned practical knowledge from real-world success stories from Archer clients and partners, including: Ally Apollo Best Buy CastleHill Corebridge Financial Crowe Electric Reliability Council of Texas (ERCOT) Ent Credit Union EY Federal National Mortgage Association (Fannie Mae) Fifth Third Bank Haleon HESTA & Securus Home Depot Intuitive Surgery KPMG Maersk Mars Inc. MTN Group Nationwide Mutual Insurance Company NiSource Raiffeisen Bank Rakuten Saudi Aramco South Side Bank State Farm TD Bank The MITRE Corporation Truist Vanguard Bank of the Philippine Islands Verterim Zions Bancorporation The crescendo for the day was the announcement of Archer Summit 2024 Award winners – stay tuned for more to come on that later. This evening, attendees are invited to a Client Appreciation event at the historic Generations Hall to indulge in the vibrant local cuisine and enjoy an electrifying performance by Cowboy Mouth, a beloved band from New Orleans. Although parting with the lively spirit of the Big Easy for Archer Summit 2024 is bittersweet, anticipation is already building for Archer Summit 2025! We extend our heartfelt gratitude to all of our clients, partners, and colleagues for making Archer Summit 2024 compelling and rewarding. Your involvement and engagement have been invaluable, and we eagerly await the next Archer Summit!

Regulatory updates feel like a never-ending treadmill—just as businesses adapt to one rule, another change emerges. Compliance teams struggle to keep up, and executives worry about unseen risks slipping through the cracks. But what if AI could shift compliance from a reactive headache to a proactive advantage? Organizations face the constant challenge of staying compliant with a complex patchwork of requirements without losing momentum or efficiency. Leveraging advanced AI tools can transform compliance management, making it easier to navigate regulatory changes, improve operations, and stay ahead of the curve. Understand What Really Matters to You Whether at a global, national, regional, or local level, regulations are constantly added, changed, and removed. This ecosystem evolves as governing bodies respond to new technologies, political shifts, and economic threats. AI can help organizations sift through this data and highlight what matters most. By analyzing factors like industry, geographic location, risk appetite, and business priorities, AI surfaces the most relevant regulations, helping compliance teams focus on what needs attention and address emerging requirements before they become risks. Knowing which regulations matter is only the first step. The real challenge is translating that knowledge into action—ensuring compliance policies and controls adapt in real time. That’s where AI makes a real difference. Understand How It Impacts What You Do Identifying relevant regulatory updates is valuable, but that’s only part of the story. The next question is—now what? Connecting the dots between policies, controls, and regulatory obligations is a critical part of a compliance strategy. This connection helps organizations respond effectively to obligations and avoid critical oversights. AI automates this process by mapping existing policies and controls to new and updated regulatory requirements. This ensures nothing falls through the cracks and reduces the manual burden on compliance teams. AI can identify control gaps and policy conflicts, propose resolutions, and prioritize remediation efforts. This gives compliance analysts a head start in assessing the impact of regulatory changes at the organizational level. By scaling this process, AI ensures that controls align with business requirements while reducing redundancy and enhancing consistency. Once the gaps are addressed, how can you ensure controls are working and obligations are met? Use an End-to-End Compliance Solution for Effective Outcomes An end-to-end AI-powered compliance solution ensures organizations don’t just react to regulatory changes—they stay ahead, delivering measurable improvements in risk management and efficiency. Understanding where regulators focus their attention helps organizations prioritize remediation when control failures occur. AI-driven solutions collect enforcement action data from relevant jurisdictions and link that data to obligations and controls. This makes it easier to pinpoint high-priority compliance areas and allocate resources efficiently. Additionally, AI highlights which controls are most critical and confirms they are regularly in scope for compliance testing or independent audits. This ensures testing efforts focus on the right areas, allowing organizations to course-correct proactively before falling short of regulatory expectations. Why It Matters AI has the potential to transform how your organization handles compliance. Instead of being a cumbersome cost center, compliance becomes an integrated, manageable part of the business that delivers strategic value. With AI, businesses can track regulatory changes, adjust their policies and controls efficiently, and remain compliant without bogging down operations. In the coming years, compliance won’t just be about avoiding penalties—it will be a competitive differentiator. Organizations that embrace AI-driven compliance today will be better equipped to handle tomorrow’s regulatory landscape, turning risk management into a driver of business success. Interested in learning how Archer leverages AI to maximize efficiency? Read the whitepaper AI Powered Risk and Compliance.

Compliance teams are responsible for monitoring regulatory changes, managing tasks, producing reports, and minimizing risk. But with outdated tools and manual processes still in play, many organizations find themselves stuck in a reactive cycle, constantly trying to catch up. Manual compliance work often involves juggling spreadsheets, reviewing documents line by line, and pulling data from disconnected systems. These tasks are time-consuming and prone to errors. A missed update, delayed report, or overlooked exception can result in audit findings or regulatory penalties. As the volume of data increases and regulations continue to evolve, this approach becomes even harder to manage. Artificial intelligence (AI) is helping compliance teams break this cycle. AI doesn’t replace the need for human oversight. Instead, it supports it by automating time-consuming tasks and surfacing insights faster. This shift helps compliance teams move from reactive to proactive and from fragmented to connected. The benefits include greater efficiency, improved accuracy, reduced costs, and stronger decision-making. Track new and changing regulations Regulatory updates are constant. Organizations must track new laws and amendments to existing regulations across multiple jurisdictions. AI can take on this task by using horizon scanning to monitor global developments, while automated workflows categorize and deliver the most relevant updates to your team. This allows compliance professionals to stay informed without the need for manual tracking. Prepare audits efficiently Audit preparation requires gathering documentation, organizing data, and ensuring accuracy across systems. It is one of the most resource-intensive activities in compliance. AI can simplify this work by automating document collection, validating data, and identifying potential gaps in advance. This not only saves time but also improves confidence going into the audit process. Manage policies effectively Managing policies is critical for any compliance program, but ensuring policies are accurate and consistent across departments can be difficult. Reviewing and updating policies to ensure they meet current regulatory standards is a constant challenge because of the frequency of regulatory changes, and interpreting those changes across different jurisdictions or business units takes time and expertise. AI can automate the review process and identify where updates are needed, providing compliance teams with a faster way to assess impact and update policies with greater accuracy. Learn more AI is helping compliance teams reduce manual work, minimize risk, and refocus efforts on higher-value activities. To explore how AI can improve your compliance management program, download our eBook: “5 Ways AI Optimizes Compliance Management.”

The Australian Prudential Regulation Authority (APRA) has finalized its Prudential Standard CPS 230 aimed at ensuring banks, insurers, and superannuation trustees can better manage operational risks, build operational resilience, and respond to business disruptions. The standard replaces several existing standards, including CPS/SPS 232 Business Continuity Management and CPS/SPS 231 Outsourcing. The key requirements of CPS 230 are: Strengthen operational risk management through new requirements to address identified weaknesses in existing controls. Improve business continuity planning to ensure organizations are positioned to respond to severe disruptions. Enhance third-party risk management by ensuring risks from material service providers are appropriately managed. An APRA-regulated entity’s approach to operational risk must be appropriate to its size, business mix, and complexity. Latest Updates APRA has released an updated timeline for the implementation of CPS 230. In response to feedback received during the consultation period, APRA intends to: Move the effective date for the new standard to 1 July 2025 Provide transitional arrangements for pre-existing contractual arrangements with service providers, with the requirements in the standard applying from the earlier of the next contract renewal date or 1 July 2026. How Archer Can Help Archer can play an important part in helping organizations manage their compliance with CPS 230. For example: Archer Enterprise and Operational Risk Management enables organizations to: Define risk appetite supported by indicators, limits, and tolerance levels. Assess the organization’s risk profile, including identifying and documenting processes and resources. Ensure internal controls are designed and operating effectively. Provide reporting that enables operational risk oversight at every level of the organization. Archer Resilience Management enables organizations to: Identify and document its processes and resources for critical operations. Document a business continuity plan (BCP) that sets out how the entity would identify, manage, and respond to a disruption within tolerance levels and can be regularly tested against severe but plausible scenarios. Monitor, analyze, and report on operational risks and escalation of incidents and events. Archer Third Party Governance enables organizations to: Manage service provider arrangements. Archer facilitates reporting and notifications to APRA and other stakeholders, including the board, which oversees the entity’s operational risk management, BCP, and management of service providers. For more information or to speak to an Archer expert, you can contact us here.

The Office of the Superintendent of Financial Institutions (OSFI) released a draft guideline on October 13, 2023, on the operational resilience and operational risk management requirements of Federally regulated financial institutions (FRFIs) operating in Canada and foreign bank branches authorized to conduct business in Canada. The draft guideline is open to public consultation until February 5, 2024. Key Requirements of the Guideline Identifying the FRFI’s critical operations and mapping the internal and external dependencies (e.g., people, systems, processes, third parties, facilities, etc.) required to support critical operations. Establishing tolerances for disruption in respect of an FRFI’s critical operations. Conducting scenario testing to gauge the ability of the FRFI to operate within its tolerances for disruption across a range of severe but plausible scenarios. Establishing a culture that promotes and reinforces behaviors that support operational resilience and proactively managing culture and behavior risks that may influence resiliency. The design and implementation of the FRFI’s operational resilience approach and operational risk management should be proportionate to the FRFI’s size, nature, scope, complexity of operations, strategy, risk profile, and interconnectedness to the financial system. The Relationship Between Operational Risk Management and Operational Resilience OSFI states that operational resilience (OpsRes) is built on the foundation of operational risk management (ORM). OSFI further asserts that OpsRes emphasizes the end-to-end performance of the FRFI’s critical operations across the organization, and as ORM matures it should also focus on the performance of operations end-to-end. How Archer Can Help The Guideline lists four outcomes FRFIs are expected to achieve related to operational resilience and managing operational risks: The FRFI can deliver critical operations through disruption. Operational risk management is integrated within the FRFI’s enterprise-wide risk management program and supports operational resilience. Operational risks are managed within the FRFI’s risk appetite. Operational resilience is underpinned by operational risk management subject areas, including business continuity management, disaster recovery, crisis management, change management, technology and cyber risk management, third-party risk management, and data risk management. Archer can play an important part in helping organizations build these operational risk management and operational resilience capabilities. For example: Archer Enterprise and Operational Risk Management enables organizations to: Establish an enterprise-wide operational risk management framework. Set a risk appetite for operational risks. Ensure comprehensive identification and assessment of operational risk using appropriate operational risk management practices. Conduct ongoing monitoring of operational risk to identify control weaknesses and potential breaches of limits/thresholds, provide timely reporting, and escalate significant issues. Archer Resilience Management enables organizations to: Identify its critical operations and map internal and external dependencies. Establish tolerances for the disruption of critical operations. Develop and regularly conduct scenario testing on critical operations to gauge its ability to operate within established tolerances for disruption across a range of severe but plausible operational risk events. For more information or to speak to an Archer expert, you can contact us here.

ESG management, like any innovative concept, has sparked its fair share of controversy. Experts and nations engage in heated debates about the approach, the scope, and even the economic value of implementing an ESG management system in business. Amidst the ongoing debates, McKinsey has shed light on a compelling aspect—evidence is emerging that a strong ESG score can lead to approximately a 10% reduction in the cost of capital. Why, you may ask? Well, it all comes down to risk. When your business boasts a robust ESG proposition, it's better equipped to weather the storms threatening its ability to operate. MSCI Research noted that companies with high ESG ratings tend to be less vulnerable to systematic risks impacting the broad equity market or market-like sectors or industries than those with low ESG-rated companies. Credit rating agencies are now factoring in ESG performance when assessing companies; those with lower credit ratings face higher risk premiums. Of course, ESG ratings have their fair share of critics, often lambasted for the inconsistency and opaque methodologies employed by the rating providers. However, financial institutions still rely on these ratings to evaluate the ESG performance of corporations. The alternative of hiring an army of ESG analysts to scrutinize every company in their portfolio is simply impractical. So, if your corporation aims to secure an accurate and positive ESG rating, you must understand the rating methodologies and align your ESG management programs and policies accordingly. Most methodologies assess two critical factors: exposure to ESG risks and ESG risk management. The former primarily revolves around your core business, which may be difficult to change without altering the fundamental nature of your operations. However, the latter is entirely within your control and responsibility. The question then becomes, how can you demonstrate effective ESG risk management? First , ESG efforts need to be seamlessly integrated into your governance structure. ESG risk management should become integral to your company's core operations, flowing through all three lines: from business users to risk managers to assurance functions like internal audit. Motivation plays a crucial role as well. It's incumbent upon management to establish ESG-related incentives for employees or even ESG challenges for individuals or teams. Healthy competition never hurts, especially when it aligns with corporate values, strategy goals, and a purposeful mission. Second, ESG risks must be appropriately managed and mitigated. Common sense dictates integrating ESG risk management into your existing enterprise risk management framework. And most importantly , companies must allocate sufficient resources to their sustainability initiatives, such as investing in technology to integrate sustainability into risk management. This includes investments in technology to integrate sustainability into risk management. Many of today's ESG challenges focus on data collection processes, standardization, and maintaining a dynamic overview of ESG risk management posture. A robust ESG risk management program inherently leads to more consistent operational performance and sustainable long term growth. Archer's ESG solution enables organizations to collect and centralize ESG data into a single platform, evaluate the impact of risks and the opportunities on business strategy, understand 3rd party ESG risks, set ESG goals, and produce auditable reporting all from one integrated platform. If you would like to learn more about how Archer ESG Management can help your organization achieve its ESG goals and objectives, we invite you to our webinar hosted by Verdantix and Archer titled "California's Climate Change Legislation: What Your Business Needs to Know". In this webinar, we will discuss: Gain an understanding of the key provisions of California's new regulations and how they impact your organization's compliance and sustainability reporting. Discover the broader implications of these groundbreaking California laws on corporate climate reporting, accountability, and sustainability programs. Learn about technology that can help you manage and advance your ESG program. We hope you can join us for this informative webinar.

As a go to market lead at Archer for our Enterprise Risk Quantification practice and Archer Insight product, I’ve had the opportunity to speak with thousands of customers and risk practitioners across the ERM and GRC space. While there is a market desire to quantify risks, the desire to adopt risk quantification is often met with hesitancy, no thanks to perceptions around risk quantification being reserved for the only mature users, users with access to rich data analytics, modeling expertise, or challenges in demonstrating the value of risk quantification beyond specific risk functions like cyber. At Archer, we’ve taken these perceptions and challenges head-on when developing the Enterprise Risk Quantification practice behind our Archer Insight solution. Why Archer Insight? Archer Insight takes an enterprise approach to risk quantification shifts previous perceptions and challenges associated with adopting risk quantification by prescribing a purpose-built risk quantification methodology for getting started with quantified risk assessment. Why Enterprise Risk Management? As you well know, the purpose of an Enterprise Risk Management program is to provide a holistic view of risk across the enterprise for visibility and governance of risks impacting the enterprise’s key initiatives. Recognizing the objective of the enterprise risk management program, quantification doesn’t need to be complex, quantification just needs to better than what we are doing, which is likely qualitative and semi-qualitative risk heatmaps. Please join OCEG and Archer for our December 12 webinar, “ Debunking the Complexity Around Risk Quantification ,” where I’ll discuss how risk quantification is best suited for the enterprise risk management program, strengthening and delivering on ERM program objectives.

It might seem like yesterday you were getting ready for spring and today you’re thinking about the new year. Like most people, you have a variety of resolutions in different buckets: physical health, mental health, finances, relationships, etc. Your company also makes resolutions in the form of corporate objectives. Corporate objectives are not mere aspirations or vague intentions; they are tangible targets that drive an organization's growth and success. They provide a roadmap for decision-making, resource allocation, and performance evaluation, ensuring that the organization's actions are aligned with its overarching goals. Chief risk officers and risk management teams play an important role in ensuring success as your company strives to reach new heights in the coming year. As you kick off strategic planning, there are some key questions to keep in mind: #1 - Which objectives matter most? Identifying the objectives that matter most requires a thorough assessment of your organization's internal and external environment. Consider factors such as: Strategic priorities: Align objectives with the organization's strategic plan and long-term goals. Industry trends: Identify emerging trends, monitor upcoming and current regulation, and adapt objectives to remain competitive. Stakeholder expectations: Address the needs and expectations of key stakeholders, such as customers, employees, and investors. #2 - How can I demonstrate how corporate objectives were determined? Transparency and accountability are essential for building trust with stakeholders. Demonstrate how corporate objectives were determined by: Documenting the process: Clearly document the steps involved in objective setting, including stakeholder input, risk assessment, and alignment with strategic priorities. Communicating rationale: Clearly communicate the rationale behind each objective, explaining its relevance to the organization's overall goals. Seeking feedback: Encourage feedback from stakeholders on the objectives and the process used to develop them. #3 - How can I measure the progress of corporate objectives? Measuring progress towards achieving corporate objectives is essential for staying on track and making informed decisions. Establish clear metrics and indicators for each objective, such as: Key performance indicators (KPIs): Quantifiable measures that track progress towards achieving specific objectives. Milestones: Significant markers of progress along the way, indicating successful completion of intermediate steps. Regular reviews: Conduct periodic reviews to assess progress, identify challenges, and make adjustments as needed. #4 - How can I track progress made from the starting point? Tracking progress from the starting point provides valuable insights into the organization's growth and development. Compare current performance against initial objectives using: Benchmarking: Establish industry benchmarks to assess relative performance and identify areas for improvement. Trend analysis: Track performance trends over time to identify patterns and assess progress towards objectives. Gap analysis: Identify the difference between current performance and desired outcomes, providing a basis for improvement initiatives. #5 - What can be done if progress is off track? Recognizing and addressing deviations from objectives is crucial for ensuring success. When faced with setbacks: Analyze the reasons: Identify the root causes of the deviation, whether they are internal challenges or external factors. Develop corrective actions: Implement appropriate strategies to address the underlying causes and get back on track. Communicate openly: Keep stakeholders informed about the situation and the steps being taken to rectify it. #6 - How can we reliably achieve corporate objectives? Achieving corporate objectives reliably requires a comprehensive and well-structured approach: Establish clear ownership: Assign ownership of each objective to specific individuals or teams. Provide adequate resources: Allocate necessary resources, such as funding, personnel, and technology, to support objective achievement. Embed objectives into processes: Integrate objectives into day-to-day operations and decision-making processes. Monitor and measure progress: Regularly monitor progress towards objectives and make adjustments as needed. Celebrate successes: Recognize and celebrate achievements to maintain motivation and engagement. Risk management teams must work closely with company executives and the board to ensure that strategic planning and decision-making processes produce reliable results. By aligning individual and team goals with the company's objectives, and fostering a culture of accountability, your company can achieve and even surpass your desired outcomes. Contact us today to learn how Archer can help you reach your corporate objectives in 2024.