Search Results

In today's complex environment, audit functions must strike a balance by retaining autonomy while integrating with compliance and risk functions. This balance ensures that organizations follow policies, manage risk, and comply with regulatory requirements. Audit autonomy is critical to ensure objectivity, provide unbiased assessments, preserve the credibility of audit findings, and maintain trust with internal and external stakeholders. At the same time, integration with other business functions is essential to gain a holistic view of risks across the organization, monitor emerging risks, and anticipate risks to take proactive measures. Importance of Audit Autonomy Audit autonomy is critical for effective auditing and is essential to maintaining objectivity, credibility, and trust, which are crucial for the audit function's success. Autonomy ensures auditors can perform their responsibilities objectively without undue influence from any business functions they are auditing. This autonomy is essential for providing unbiased assessments of risk management, control, and governance processes. In addition, auditors can evaluate policies without pressure, leading to accurate and reliable findings. For an effective audit function, auditors must be trusted by stakeholders, including the board, senior management, and external regulators. Stakeholders who trust auditors' integrity and independence are likelier to act on audit recommendations and findings. This trust is foundational for fostering a culture of accountability and improvement in an organization. An independent audit function can detect issues, inefficiencies, and non-compliance. When auditors lack autonomy, they might be pressured to overlook or downplay negative findings. With autonomy, auditors can conduct investigations and report candid findings to ensure that issues are addressed and risks are mitigated before they escalate. Ensuring auditors can operate independently while maintaining the integrity and effectiveness of the audit process ensures organizations manage risks, improve compliance, and strengthen governance. Importance of Integration with Other Functions While audit autonomy is critical, integrating with risk and compliance functions is equally important. This integration enhances the audit process. Integration with other business functions allows auditors to have a comprehensive view of risks across the organization. When understanding an organization's risks, auditors can provide more proactive measures and strategic recommendations. With integration and better information sharing, auditors perform more efficient audits and more effective risk management. Integration enables auditors to access critical data and improve the quality of audit outcomes. Getting insights from visibility into other functions allows for better risk management by addressing issues before they escalate. Auditors help develop proactive strategies to mitigate risk instead of reactive management. Auditors can ensure that policies are enforced consistently across the organization, reducing the risk of non-compliance and helping avoid penalties. Integration with audit, risk, and compliance functions allows an organization to manage risks effectively, ensure compliance, and enhance operational efficiency. Maintaining autonomy while integrating audit functions with risk and compliance functions enhances the organization's ability to effectively identify, assess, and mitigate risks. By implementing these strategies, organizations can achieve a proactive approach to risk management, compliance, and governance, ensuring resilience and sustainability in today's business environment. This integration is critical for conducting effective audits that provide insights and recommendations to support decision-making and regulatory compliance. The Archer Solution With Archer Audit Management you have the flexibility to define your audit universe independently or by leveraging the controls defined in the rest of the system. Archer is uniquely positioned to allow for flexibility based on how your company operates. With the introduction of Audit Engagement Templates companies now have a faster way to go from zero to engagement. The new process reduces the dependencies on other departments all while allowing for integration where and when it is needed. Contact us  to learn more about how Archer Audit Management can give your audit teams autonomy without losing visibility into other functions for proactive and risk-based audits.

In today’s geopolitical environment, organizations must be more agile than ever in managing risk. This is especially true for defense companies that provide products or services for the government since political uncertainty creates ripple effects that can disrupt supply chains, contract negotiations, and long-term defense strategies. Policy shifts, regulatory changes, and evolving international alliances can dramatically impact global defense operations. Defense organizations that fail to monitor and adapt to these changes risk being blindsided by sudden market shifts, compliance challenges, and unforeseen exposures. Impact of political uncertainty on the defense industry Changing policies, fluctuating defense budgets, and shifting global priorities heighten risks for defense contractors, arms manufacturers, and cybersecurity firms. These uncertainties influence procurement strategies, regulatory requirements, and strategic defense initiatives, making comprehensive risk assessment and mitigation planning essential. Geopolitical tensions and evolving security alliances add further complexity. Defense companies operating in international markets must navigate procurement delays, shifting compliance standards, and new regulatory requirements. In such a dynamic environment, maintaining strategic agility is critical. The ability to anticipate and respond to policy shifts is essential for sustaining operations and securing long-term contracts. Defense companies must proactively evaluate risk exposures and plan for multiple scenarios to stay ahead. This requires real-time data, predictive analytics, and scenario modeling—all key functionalities of a robust RMIS. Why modern RMIS Is essential for defense organizations A risk management strategy is only as effective as the tools that support it. There are several reasons why it is vital for defense companies to ensure their RMIS is optimized for today’s volatile world: 1. Real-time monitoring and risk alerts Political events and policy changes unfold rapidly, and delayed responses can be costly. A modern RMIS should integrate with global intelligence sources, policy updates, and financial indicators to provide real-time alerts on critical developments. By linking these insights to their claims and risk profile, defense companies can shift from reactive to proactive risk management. 2. Scenario planning for policy & funding changes With uncertainty surrounding defense budgets and shifting national security priorities, companies supplying military equipment, cybersecurity solutions, and defense technologies must be able to model different risk scenarios. A fully integrated RMIS connected to a robust GRC solution enables an organization to simulate the potential impact of policy shifts on operations, insurance costs, and supply chains. 3. Regulatory compliance and adaptation New sanctions, export controls, and evolving compliance requirements make regulatory alignment a moving target. An up-to-date RMIS equipped with AI-powered compliance tools automates regulatory tracking and ensures adherence across multiple jurisdictions, reducing the risk of non-compliance. 4. Centralized data for informed decision-making Managing risk data — from geopolitical threats to cyber risk — requires a single source of truth for enterprise-wide visibility. A well-maintained RMIS, integrated with a strategic GRC framework, centralized this data, empowering leadership teams to make informed, strategic decisions in an unpredictable world. Future-proofing risk management in the defense industry Political uncertainty isn’t going away. Shifts in global alliances, evolving defense strategies, and economic volatility will continue to challenge defense organizations. The key isn’t just having a risk management system -- it’s ensuring it is continuously updated, powered by real-time insights, and capable of scenario planning for ever-changing conditions. Defense companies that invest in modern, data-driven RMIS will thrive in uncertain times.Interested in learning more? Read the whitepaper “ Next-Generation RMIS: Revolutionizing Risk Management ” Visit Archer in Booth #1375 at RISKWORLD, May 3-5, to see how Archer RMIS AI can help you improve your risk management strategy. Register now.

In today’s fast-paced digital environment, companies are under immense pressure to maintain compliance and manage risk effectively under tight budgets. Governance, Risk, and Compliance (GRC) software has become an indispensable tool in achieving these objectives, and Archer provides world-class solutions. Many organizations are finding that their legacy on-premises GRC systems are not sufficient to meet their needs. Transitioning to a leading-edge SaaS solution like Archer is critical and here’s why: 1.      Scalability and Flexibility. On-prem systems are often rigid and expensive to scale. Companies experiencing growth or navigating complex regulatory landscapes can quickly outgrow their existing infrastructure. SaaS solutions, on the other hand, are inherently scalable. 2.      Cost Efficiency. The total cost of ownership for on-prem GRC systems is often underestimated. These systems can require significant upfront investments in hardware, software licenses, and IT personnel for maintenance. SaaS solutions are subscription-based, spreading costs over time and eliminating the need for costly infrastructure and ongoing maintenance. This shift from capital expense (CapEx) to operating expense (OpEx) provides financial flexibility and predictable budgeting. 3.      Rapid Deployment and Updates. Traditional on-prem systems often have lengthy implementation processes, delaying time-to-value. SaaS solutions can be deployed much faster, enabling businesses to start leveraging their benefits almost immediately. 4.      Improved Collaboration and Accessibility. Modern businesses operate in increasingly distributed environments. Remote work, global teams, and third-party collaborations demand tools that are accessible anytime, anywhere. Your GRC tool should be no different. 5.      Data Integration and Analytics. SaaS platforms are designed to integrate easily with other business tools, enabling organizations to create a unified view of risk and compliance. Advanced analytics and reporting capabilities help companies derive actionable insights, identify trends, and make informed decisions. 6.      AI-Powered Insights and Automation. The integration of artificial intelligence (AI) into SaaS GRC platforms is revolutionizing how organizations manage risk and compliance. For example, AI should monitor and respond to regulatory changes, associate regulatory intelligence to control implementations, establish controls aligned with business requirements, and integrate with audit and compliance processes. 7.      Enhanced User Experience. User experience (UX) is a critical factor in the adoption and effectiveness of any software solution. Modern SaaS GRC platforms should be designed with user-centric interfaces that simplify complex processes and reduce the learning curve for users. Intuitive dashboards, customizable workflows, and self-service options empower users to navigate with ease. By prioritizing UX, SaaS solutions increase user engagement, reduce errors, and drive greater productivity across the organization. Conclusion The pace of technological change is not slowing down and migrating from on-prem GRC software to a SaaS solution is no longer a question of “if” but “when.” The scalability, cost-efficiency, security, and adaptability of SaaS platforms position them as the optimal choice for forward-thinking organizations. By embracing this transition, companies not only enhance their risk and compliance capabilities but also drive agility and innovation in an increasingly complex business environment. To learn more about Archer Evolv, Archer’s premier SaaS offering, read the press release on www.ArcherIRM.com .

Is Your System Falling Short? Many organizations invest significantly in Risk Management Information Systems (RMIS), expecting meaningful improvements in how risk is identified, assessed, and managed. Yet too often, these systems fail to meet expectations. The issue typically is not the technology itself, but rather a lack of alignment with business needs, rushed implementation, or outdated approaches to risk. An effective RMIS should do more than store data. It should actively support strategic goals, enable smarter decision-making, and adapt as the organization evolves.   What Defines a Modern RMIS? Today’s risk environment demands more from technology. A modern RMIS must be flexible enough to accommodate shifting workflows, agile enough to integrate across departments and tools, and intelligent enough to generate actionable insights through analytics and artificial intelligence. Equally important is user experience. A platform should be intuitive and easy to use to encourage widespread adoption. The most successful systems are those that not only address current needs but also scale with the organization, supporting future goals and improving cross-functional collaboration.   A Smarter Path to Implementation The foundation for a successful RMIS begins well before implementation. It starts with clearly defining both functional and strategic objectives. This often requires organizations to reassess legacy processes, rather than simply digitizing them without question. By aligning the RMIS with broader business priorities early in the process, organizations can ensure the system is positioned to drive meaningful change, not just operational efficiency.     Avoiding Common Pitfalls Many RMIS projects fall short due to common missteps: Repeating outdated processes instead of designing more effective ones Focusing on technical capabilities over long-term outcomes Launching without a clear definition of success These challenges can result in costly delays, limited adoption, and missed opportunities to drive impact. Avoiding them requires deliberate planning, clear communication, and a willingness to challenge assumptions across teams. A key factor in overcoming these challenges is enabling collaboration. A modern RMIS should do more than manage data. It should function as a central platform that connects all stakeholders in the risk ecosystem, including insurers, brokers, third-party administrators, and internal teams. When everyone has access to shared data, timely updates, and a unified dashboard, the result is a more informed, efficient, and accountable approach to risk. The Future of Risk Management Ultimately, a successful RMIS is not just a piece of technology, it’s a foundational element of a forward-thinking risk strategy. With the right planning, alignment, and vision, it can become a dynamic asset that continually evolves with the organization. It empowers teams, strengthens partnerships, and turns data into a powerful strategic resource.   Learn more Discover how modern data strategies are revolutionizing RMIS and unlocking strategic value by transforming raw risk data into actionable intelligence. Join our webinar, “Advancing RMIS with an AI Data Strategy,” on July 8. Archer’s Ross Ellner, Managing Director of RMIS AI, and Jonathan Nichols, Director of RMIS AI Operations, will explain why legacy data models fall short and how to design a modern data architecture using AI and automation. Register now!

One thing is clear for compliance professionals: the days of predictable regulatory change are over. What we’re seeing now isn’t a temporary surge of complexity. It’s the new baseline. Organizations can no longer afford to treat regulatory change as something they manage quarterly. Events unfold rapidly, often with little advance notice, and regulators are responding in real time. The result? A constant need for organizations to reassess, recalibrate, and act.   A Moving Target for Global Compliance While global compliance has always required vigilance, today, vigilance isn’t enough. Political shifts, economic pressures, and global conflicts are combining in ways that disrupt even the most well-structured compliance strategies.   We’ve seen sanctions updated with minimal warning, trade policies reversed within weeks, and entire regulatory agencies reprioritize enforcement focus. Teams that were previously able to rely on stable patterns are now rethinking their entire approach. More than simply tracking changes, organizations need to quickly understand the impact of changing regulations and the action required to adapt appropriately.   AI Is a Tool, Not a Solution Artificial intelligence (AI) has become central to many compliance programs. It helps to process massive amounts of regulatory data, flag potential risks, and identify patterns that would be impossible to detect manually, but it’s not a magic fix. The effectiveness of AI for compliance depends entirely on how it’s implemented and governed. Without clear oversight, AI can introduce more risk than it solves, particularly in regard to model transparency, data provenance, and ethical use.   Leaders who are making progress and showing results from AI as an integral part of their compliance program aren’t rushing into adoption. They’re asking hard questions about where AI fits in, who is responsible for reviewing decisions, and how to align use relative to both internal policies and emerging external standards.   New Pressures, New Rules Economic volatility is currently a leading factor in regulatory activity. Inflation, supply chain disruption, and labor shortages are driving new rules, many of which are being rolled out quickly and without broad stakeholder input.   Unfortunately, these rules aren’t always coordinated, and that lack of coordination can have a cascading effect. A policy change in one jurisdiction may trigger compliance obligations in another. For multinational organizations, staying ahead requires not only monitoring new developments but understanding how those developments interact across regions.   What High-Performing Teams Are Doing Differently Beyond simply reacting more quickly, the best compliance teams are shifting how they work. They’ve built systems that support real-time tracking. They’ve created workflows that make it easy to document decisions and show regulators how they’ve responded to change. And they’ve integrated compliance into broader business conversations rather than treating it as an afterthought.   This shift isn’t about tools alone. It’s about mindset. Being proactive in today’s regulatory environment means building processes that can evolve. It means investing in platforms that don’t just collect information but connect it across teams. It also means giving compliance a seat at the strategy table, not just at the audit meeting.   Preparing for What Comes Next The pace of change may not slow down in 2025, but organizations that are best equipped to respond effectively will be those that combine technology with judgment, policy with practice, and speed with precision. While there is no single playbook for managing regulatory chaos, there are clear patterns among teams that are doing it well:   They stay close to the signals. They build flexibility into their systems. They treat compliance as a core business function, not just a requirement.   We built Archer   Evolv™ for Compliance to support exactly this kind of work. It’s designed to help teams track regulatory changes as they happen, manage assessments with less manual effort, and keep leadership informed with clear, reliable data.   If you’re rethinking your approach to compliance, we’d welcome the opportunity to show you how we can help:   Schedule a demo   to learn how Archer Evolv™  for Compliance can help you stay ready, regardless of what changes come next.   Register for the June 12 webinar with OCEG, “ From Chaos to Clarity: How AI is Reshaping Regulatory Intelligence ”

Today’s compliance and risk management environments are growing more complex. With increased regulatory demands, tighter operational expectations, and rising volumes of data, traditional methods often struggle to keep pace.    Artificial intelligence (AI) helps organizations meet these challenges by supporting compliance teams with faster, more accurate, and more proactive capabilities. Rather than replacing human expertise, AI enhances the value professionals bring by automating routine tasks and improving efficiencies.   Transforming Compliance with AI   AI enables a shift from reactive, manual compliance efforts to more proactive, strategic management. Bots can monitor policies, review contracts, flag anomalies, and suggest risk mitigation actions, all with human supervision. This allows your compliance management program to have improved efficiency, enhanced accuracy, reduced costs, and more effective decision-making.    Examples of AI’s impact include:  Real-time monitoring of regulatory changes  Early detection of fraud patterns in financial transactions  Streamlined audit preparation through automated data aggregation and analysis    Building Trust with Responsible AI   Successfully integrating AI into compliance programs requires strong governance. Regulatory frameworks such as the EU AI Act highlight the importance of transparency, explainability, and human oversight. Organizations must ensure that AI systems are auditable, correctable, and capable of always maintaining human control.    Resilient compliance operations also require fallback mechanisms. In the event of an AI system failure or disruption, organizations must be able to continue critical processes manually or with semi-automated alternatives. This approach preserves trust and ensures continuity.    Tailoring AI to Compliance Needs   Choosing the right AI technology is essential. Machine learning (ML) excels at structured data analysis, while generative AI (GenAI) is better suited for tasks involving unstructured content like regulations and corporate policies. The right combination depends on the specific compliance and risk management challenges each organization faces.  It is also important to balance performance and cost without becoming dependent on a single AI provider. Flexible architecture gives organizations more control and support long-term adaptability.   Keeping People at the Center    AI, despite its capabilities, should be considered a decision-support tool, not a decision-maker. Professional judgment remains critical in compliance and risk management, especially when navigating complex regulatory language, ethical considerations, and contextual nuances.    By combining advanced technology with strong governance and human expertise, compliance teams can build programs that are not only more efficient but also more resilient, reliable, and future-ready.    A Path Forward for Compliance & Risk Management   AI is quickly becoming an essential component of modern compliance and risk management programs. Organizations that invest in responsible AI applications today will be better prepared to meet regulatory expectations, manage risks more effectively, and respond quickly to change.    By pairing advanced technology with strong governance and human expertise, compliance teams can build programs that are not only more efficient but also more resilient and trustworthy.    Learn More About AI's Role in Modern Compliance   AI is reshaping how organizations approach compliance and risk management. To explore practical strategies, real-world use cases, and best practices for responsible AI adoption, download the whitepaper, “ AI for Compliance & Risk Management: Insights for Success .”

Risk managers have worked behind the scenes, renewing insurance, processing claims, and tracking exposure across spreadsheets for years. But the role is undergoing a major shift.   Driven by digital transformation, risk professionals are stepping out of the back office and into the boardroom, advising on strategy, resilience, and growth.  So, what’s behind this evolution? One word: technology.     Administrators to strategists   Gone are the days when risk managers were buried under mountains of paperwork and manual data entry. Modern risk management information systems (RMIS) and AI-powered platforms can automate administrative tasks like data entry, reporting, and renewals. That frees up risk managers to focus on what truly matters: interpreting trends, forecasting threats, and informing high-impact decisions. According to the 2023 Risk Survey Report by RIMS, 72% of risk professionals say their role has expanded into strategic planning and enterprise-wide decision-making .    Today’s risk managers are expected to be data-savvy, agile, and forward-thinking. They are no longer reacting to what has already happened, and they’re predicting what could happen next. Modern solutions like Archer RMIS AI give risk teams the power to work smarter and faster. With real-time dashboards, predictive analytics, and data feeds from sources like Moody’s and Kroll, risk managers can now:   See exposure patterns across global operations in real time.  Analyze claims trends to reduce losses.  Track insurer participation and optimize renewals.  Assess financial, reputational, and regulatory risks with a single platform.   Collaboration is the new currency    One of the most significant shifts in the risk management role is the move from isolated, function-specific tasks to enterprise-wide collaboration. Today’s risk managers are no longer working in silos. They’re embedded across the business, connecting teams through integrated technologies that span finance, procurement, operations, compliance, and beyond. Risk is becoming a common language across the organization, and modern RMIS platforms support this transformation by making insights accessible to stakeholders at every level. Whether it’s a CFO analyzing insurance allocation or a business unit leader tracking safety metrics, risk managers are now central to cross-functional decision-making.   The skills gap   The skill set for an effective risk manager goes well beyond insurance knowledge. They need skills in data fluency, digital acumen, and the ability to influence strategic decisions. This shift is creating both a challenge and an opportunity for risk teams :  to upskill, modernize their tools, and lead the charge in building resilient organizations that can thrive in uncertainty.   RIMS data shows that 48% of risk leaders plan to invest in upskilling their teams in AI , analytics, and digital tools over the next 12 months.       Technology is the catalyst, not the replacement    Technology is reshaping risk management, but it’s empowering rather than replacing the people behind it. With the right tools, risk managers can move beyond a reactive mindset and confidently step into their role as strategic advisors.   As we look ahead, one thing is clear: the future belongs to those who can combine deep risk expertise with the speed, precision, and insight of digital solutions. The game has changed, and risk managers are more essential than ever.      See what’s possible with a modern RMIS   Read the whitepaper “ Next-Generation RMIS: Revolutionizing Risk Management ”  Visit Archer in Booth #1375  at RISKWORLD, May 4-7 in Chicago, to see how Archer RMIS AI can help you improve your risk management strategy. Register now.   Visit Archer at Booth #48 at AIRMIC, June 9-11 in Liverpool. Register now.

In today's digital world, organizations are searching for integrated platforms that can address their governance, risk, and compliance (GRC) needs alongside other enterprise demands. However, it's important for buyers to carefully evaluate solution providers to ensure they bring specialized expertise to the table.  Rather than focusing on purpose-built GRC platforms, many GRC solution providers try to offer additional solutions that stray far from their core GRC competencies. While this approach may appear beneficial on the surface, it often results in diminished value for buyers due to diluted focus, increased complexity, and reduced reliability.   The Importance of GRC Specialization    GRC platforms play a pivotal role in helping organizations manage evolving regulatory demands, mitigate risks, and maintain compliance. When a GRC solution provider expands into unrelated domains, such as customer relationship management (CRM) or human resources (HR),  they risk losing the focus that makes them valuable . Buyers should be cautious of these risks, which include:   Lack of alignment:  While enterprise systems like GRC, CRM, and HR software may technically integrate, their user teams often have different goals and processes, undermining the value of the solution.   Unnecessary complexity:  Multiple solutions with unrelated features can overwhelm end-users, complicating risk management efforts and reducing overall efficiency.   Loss of expertise:  Specialization is vital in the highly regulated and complex GRC space. GRC solution providers branching into unrelated fields can erode their credibility among users who value focused expertise.    Advantages of a Purpose-Built GRC Platform    For compliance and risk management professionals, selecting a dedicated GRC solution provider and platform delivers significant advantages. The most effective solutions prioritize core GRC capabilities and offer:   Advanced automation and AI:  These tools streamline workflows and allow organizations to adapt to regulatory changes swiftly and effectively.   Centralized systems:  Specialized GRC solutions bring together risk, compliance, and audit processes into a cohesive platform that enhances decision-making and boosts operational efficiency.   Enhanced audit readiness:  Real-time tracking and reporting ensure your organization is always prepared to meet compliance requirements, reducing the burden of audits.   These concepts are echoed by Karta, one of Archer’s key partners, in their blog How a 'Do-it-All' Software Approach Can Spoil Your Risk & Compliance Programs .  They compare it to a chef trying to cook every cuisine on the planet at once—the result is a chaotic, flavorless mess that satisfies no one.  Karta states: "This is the danger of working with a software provider that tries to be everything to everyone and claims they can replace distinct, purpose-built tools and platforms in one grandiose offering. While seemingly comprehensive, these 'do-it-all' platforms often lack the depth and expertise needed to truly address the unique and complex challenges of distinct functions in modern organizations."   What True GRC Solution Providers and Solutions Mean for Buyers    When considering a GRC platform, buyers should prioritize solution providers who are dedicated to GRC and who draw on years of expertise to tackle the unique challenges found in compliance and risk management. For organizations looking to mitigate risks effectively and achieve long-term success, investing in specialized GRC platforms is essential. A strong GRC platform is the cornerstone of any successful risk management strategy. Without one, it’s infinitely harder to leverage common processes, share data and gain visibility into risks across your enterprise.   Download our white paper, 5 Things to Know When Researching Risk Management Platforms , and discover the key factors to consider when selecting a strong GRC platform.

Provision 29 of the UK Corporate Governance Code has established a new benchmark for risk management and internal control systems. While initially designed for UK-listed companies, its principles offer valuable insights for organizations worldwide. As businesses face increasingly complex risks, the core elements of Provision 29 provide a framework that transcends geographical boundaries. The universal value of robust risk management At its core, Provision 29 requires Boards to implement procedures for managing risk, overseeing internal control frameworks, and determining acceptable risk appetites to achieve strategic objectives. These foundational activities are relevant to any organization, regardless of industry, size, or location: Regular monitoring of risk management systems Annual effectiveness reviews Comprehensive coverage of financial, operational, and compliance controls Board-level accountability for risk oversight Transparent reporting on risk management approaches For global businesses, these activities are not mere compliance exercises but essential practices that promote sustainable growth and resilience. Third- and fourth-party risk -- the extended enterprise challenge Organizations depend on a complex network of suppliers and partners to deliver services to end consumers. The provision’s emphasis on material controls is particularly relevant when applied to third- and fourth-party risk management. The pandemic, geopolitical tensions, and supply chain disruptions have exposed vulnerabilities in global business relationships. Applying Provision 29 principles to third-party management involves: Identifying third-party relationships that pose material risks Establishing continuous monitoring systems beyond initial due diligence Implementing appropriate controls aligned with vendors' risk profiles Ensuring Board visibility into significant third-party risks Developing contingency plans for critical supplier failures Fourth-party risk—the vendors of your vendors—introduces an additional layer of complexity. While Provision 29 does not explicitly address this layer, its principles naturally extend to these hidden dependencies such as: Mapping critical fourth-party relationships that could impact business continuity Establishing contractual obligations for third parties to manage their supply chains effectively Implementing monitoring systems that provide visibility beyond direct suppliers Collaborating with industry peers to address common fourth-party risks Building global operational resilience Operational resilience—an organization's ability to adapt, respond to, and recover from disruptions—relies on effective risk management across geographies. Applying Provision 29 globally often involves the following strategies: Break down geographic silos:  Ensure consistent risk approaches across regions while allowing for local adaptations where necessary. Leverage technology:  Utilize GRC platforms and monitoring tools for real-time visibility into global operations. Clarify accountability:  Establish governance structures that define risk ownership across multinational organizations. Promote risk culture:  Foster a shared understanding of risk appetite and management approaches across all locations. Develop scenario-based resilience plans:  Prepare for disruptions that may cross geographic and organizational boundaries. The business case for global implementation Beyond regulatory compliance, organizations that embrace Provision 29 principles often realize significant benefits: Strategic agility:  Access to accurate risk information enables faster, more confident decision-making in uncertain environments. Resource optimization:  Prioritizing material controls reduces wasted effort on low-impact compliance activities. Improved stakeholder confidence: Demonstrating strong risk management attracts investment and strengthens stakeholder relationships. Competitive differentiation: Superior risk management capabilities can become a competitive advantage in volatile industries. Moving forward: from compliance to capability For global organizations, applying the principles of Provision 29 requires shifting from a compliance mindset to embedding risk management as a core capability. Steps to consider in making this shift include: Identify material risks:  Understand the most critical risks across your global footprint. Develop consistent frameworks: Build unified risk management frameworks with flexibility for regional adaptations. Invest in technology:  Implement platforms that provide enterprise-wide risk visibility. Ensure Board engagement:  Establish oversight that spans geographic boundaries. Embrace continuous improvement: Regularly test and refine your approach through scenario planning and ongoing learning. Provision 29’s emphasis on proactive, integrated risk management offers a universal model for resilience. By applying these principles to manage extended enterprise risks, global businesses can navigate today’s complex risk environment with confidence and agility. Learn more Discover how Provision 29 is shaping risk management practices by registering for our April 29 webinar, “ The UK Corporate Governance Code: Balancing Risk, Control & Assurance.” Our expert panel, featuring Michael Rasmussen, GRC Pundit and Analyst, GRC 20/20 Research LLC; Kirsty Hart, Archer’s Global Head of Risk; and Graeme Keith, Archer’s Vice President of Quantitative Risk, will explore practical applications and insights from the UK Corporate Governance Code. Register

The opening keynotes and "Southern Charm" welcome reception at Archer Summit 2024 on Monday night kicked off events in typical fashion – fun, friends, and lots of sharing of risk and compliance ideas! Today was equally amazing as we jumped into everything, from product keynotes to client panels to user groups to breakout sessions and more: Industry user groups for Public Sector, Energy, Healthcare, Supply Chain/Manufacturing and Financial services gave participants a chance to interact with like-minded folks and discuss topics relevant to their industries. The Archer Product team delivered a view into the groundbreaking capabilities available now and coming soon. Highlights included presentations on Archer’s next generation risk experience and a client panel discussion with executives from Truist, Allied Irish Bank, Rakuten, and Cardworks giving us a glimpse into the challenges their organizations face and how they’re overcoming them with Archer. Breakout sessions featured speakers from Saudi Aramco, Ally Bank, Best Buy, Fannie Mae, Rakuten, TD Bank, Truist, Kellanova, Haleon, Highmark Health. Archer partners CastleHill, NiSource, and Cential joined Archer clients and staff to present insightful perspectives on using Archer. Session topics included how to elevate your internal controls with Archer; how Archer RMIS AI can reduce costs and enhance the value of your GRC program; how to build efficient GRC frameworks; and the importance of data driven insights in risk management. The Archer Executive Forum, a group of 23 chief risk, compliance, audit and security officers, met with Archer executives to discuss the importance of AI in GRC, how to drive value using risk quantification, and how Archer can help organizations strategically deploy their risk and compliance capabilities as real business differentiators and drivers. We’re grateful for our valued partners and their partnership with Archer and our clients. If you haven’t stopped by the Partner Pavilion yet, check it out. The day ended with dine around dinners at some renowned New Orleans restaurants – great food and company!

Mark your calendars for the premier GRC event! Archer Summit 2025 is set to take place from September 15-18, 2025, in the vibrant city of Chicago.   This annual gathering of Archer clients, industry leaders, and experts is your opportunity to deepen your GRC expertise, network with peers, and discover cutting-edge strategies that will reshape the way you approach risk management and compliance in your organization.    Archer has long been a trailblazer in enterprise GRC software, empowering global organizations to achieve operational resilience and address their most critical challenges. And Archer Summit is where this innovation comes to life!   Building on the success of last year’s event, which featured over 50 thought-provoking sessions, dynamic keynotes from industry pioneers, and hands-on workshops, Archer Summit 2025 conference promises to deliver an unparalleled experience for attendees.    Why Attend Archer Summit 2025?  Archer Summit is more than a conference. It’s a community. Whether you’re an established GRC professional or just starting your compliance and risk management journey, Archer Summit offers tailored experiences for attendees at every stage.   Here’s what you can expect this year and why attending should be a top priority for all Archer clients:   1. Gain critical insights from industry leaders  The Archer Summit 2025 agenda will be packed with keynote presentations from recognized experts in GRC, risk management, and regulatory compliance. Learn about the latest trends, future challenges, and visionary solutions that are shaping the industry.    2. Take advantage of deep-dive learning opportunities Archer Summit features diverse breakout sessions that cater to all experience levels. Participate in hands-on workshops, engage in technical training, and explore real-world case studies that will help you tackle complex GRC scenarios with confidence. And don’t forget – CPE credit, too!   3. Engage in networking and collaboration Join hundreds of your peers from across the globe to share best practices, discuss challenges, and build your professional network. Archer Summit fosters a collaborative environment where attendees can connect meaningfully, creating opportunities for partnerships and knowledge exchange.    4. Exciting product announcements and demonstrations  Be the first to hear about Archer’s exciting product roadmap and newly launched solutions that are driving the future of enterprise GRC. From advanced analytics innovations to AI-driven insights, Archer is redefining how organizations address governance, risk, and compliance. And Archer Summit 2025 gives you a front-row seat!    5. Experience Chicago Set against the energetic backdrop of Chicago, Archer Summit 2025 is not just an industry event but an experience. Beyond the action-packed agenda, enjoy your time exploring Chicago’s stunning architecture, iconic landmarks, and exceptional dining options.      Register Today! Don’t wait to secure your spot at Archer Summit 2025! Whether you’re looking to gain new perspectives or contribute to the GRC conversation, attending Archer Summit 2025 is a pivotal step in moving your organization ahead for strategic growth and success.    Invest in your professional development and your organization’s future by registering today. Join the Archer client community at Archer Summit 2025, September 15-18, and prepare to elevate how you manage enterprise risk and compliance.    Visit our event page to explore the detailed agenda, learn more about hotel accommodations, and register now. The countdown is on! See you in Chicago!

Greetings from the dynamic and vibrant city of New Orleans. Today is the opening stanza to Archer Summit 2024, our annual user conference set in a city where the rhythm of jazz echoes the heartbeat of endless possibilities.  New Orleans is picture-perfect backdrop – culturally rich, steeped in history, full of life and always willing to invent anew.   In a world of seemingly non-stop change, risk and compliance teams often find themselves in uncharted territory. At Archer Summit, we explore strategies to not only manage but anticipate risks in a world where unpredictability is the new normal. There’s no better place to delve into these discussions than New Orleans, a city that has rebounded from its own complex challenges, demonstrating resilience and adaptability. This vibrant location provides an inspiring backdrop for our discussions on risk, resilience, and innovation.   This year’s Archer Summit kicked off in grand style with CEO Bill Diaz announcing a truly exciting strategy to help our clients transform their risk management strategies.  On the heels of record expansion and growth for the Archer business, Bill announced Archer Evolv , an innovative SaaS solution that brings together transformative enhancements to help our clients transcend today’s challenges. Archer Evolv incorporates deep learning AI capabilities to provide guidance and insights throughout the risk management program. Built on our SaaS platform, Archer Evolv is global, scalable, easy to integrate and mobile. Our clients can address emerging challenges and quickly leverage the capabilities they need throughout their business.  With a next generation user experience and intelligent workflows, Archer Evolv empowers users at all levels with real-time data insights that guide them to make informed decisions and take action. Our compliance and risk solutions help clients turn siloed, reactive and transactional risk and compliance approaches into strategic, proactive and opportunistic business differentiators.  A key element of our strategy is our unmatched ability to automate   staying informed about regulatory developments and anticipate changes that may impact operations, compliance obligations, and risk profiles.  Bill outlined the transformative approach delivered by Archer Assurance AI as we announced last month .  Bill also elaborated on the differentiated capabilities we have developed for risk quantification with Archer Insight and the expansion of capabilities of Archer RMIS AI. The result is an integrated approach to risk, compliance and audit that transforms risk management programs from being seen as simply a cost center driving administrative overhead to a core business function that delivers strategic value. Across industries, regulatory requirements are intensifying. Compliance teams must navigate stringent regulations, ensuring that compliance is not merely reactive but embedded into the organization’s culture and processes. At the same time, risk managers face the challenge of preparing for events that can cause sudden, widespread disruptions, from natural disasters to geopolitical events.  Set against the background of New Orleans’ enigmatic charm and diverse influences, Day One was just the start as Archer Summit 2024 unveils more innovations that will help our clients unmask boundless opportunities lying beneath the surface of uncertainty.