Search Results

Supply chain risk management has become increasingly critical in today's interconnected and complex business environment. Organizations rely heavily on third-party products and services, which introduces a new layer of risk that must be proactively managed. Failure to address these risks can lead to supply chain disruptions, compromised data security, and reputational damage. To enhance resilience and minimize vulnerabilities, organizations need to integrate third-party risk management into their overall supply chain risk management practices. Understanding the Importance of Third-Party Risk Management Managing third-party risks requires a comprehensive and systematic approach. It involves conducting due diligence on potential partners, assessing their risk profiles, and ensuring they have robust strategies and controls in place to prevent and mitigate risks. Clear contractual agreements should be established, outlining expectations for risk management, and specifying mechanisms for monitoring and addressing emerging risks. The Four Key Supply Chain Risks: Cyberattacks: Cyber risk management is crucial, considering the increasing prevalence of cyber threats. Organizations must develop strong partnerships with suppliers that have robust strategies to prevent loss or restore services promptly. Rigorous due diligence, regular assessments, and clear contractual agreements are essential for mitigating cyber risks. Natural Disasters: Natural disasters can cause widespread disruptions, impacting multiple suppliers in a specific region. Organizations should adopt a supply chain-based approach and consider backup capabilities and alternative suppliers in different parts of the world to reduce vulnerability caused by disruptions. Rising Consumer Demand/Material Scarcity: Managing increased consumer demand and material scarcity requires data-driven approaches. Leveraging technology and predictive analytics allows organizations to make informed decisions regarding inventory management, anticipate potential scarcities, and optimize supply chain operations accordingly. Increasing Freight Prices/Inflation/Economic Conditions: Collaboration within the supply chain network and leveraging technology play vital roles in managing risks associated with economic conditions. By actively engaging with suppliers, monitoring risks, and utilizing advanced analytics tools, organizations can optimize operations, reduce costs, and adapt to the evolving economic landscape. To learn more about how to mitigate supply chain risks through effective third-party risk management, read our eBook " Mitigating Supply Chain Risks: The Power of Effective Third-Party Risk Management ."

Artificial Intelligence (AI) refers to computer science that focuses on creating intelligent machines capable of mimicking human cognitive abilities. AI aims to develop systems that can perceive, reason, learn, and make decisions autonomously. Machine learning (ML) is a subset of AI that focuses on algorithms and statistical models that enable computers to learn from data without being explicitly programmed. AI can play a crucial role in enhancing business resiliency by providing advanced analytics, automation, and intelligent decision-making capabilities. For example: McKinsey & Company’s Noble Intelligence has developed a computer-vision algorithm that assesses damage to buildings using pre-and post-disaster satellite imagery. The algorithm classifies each building into one of four categories (from “no damage” to “destroyed”) within minutes of receiving the relevant satellite data, with no human input. This quick analysis can help relief workers and organizations deploy emergency aid and allocate scarce resources more quickly. Organizations are using AI techniques to interpret social media feeds following disasters. This type of analysis provides vital on-the-scene information about infrastructure damage and aid being provided to victims by flagging images from shelters where people are without blankets or waiting outside in the streets. AI models can also use satellite and other data to predict at-risk areas. Damaged buildings and areas can be geo-tagged to help relief workers identify vulnerable areas and allocate resources for faster response and recovery. AI can also provide optimal route planning based on damage assessment maps for faster aid delivery in post-disaster areas. Faster damage assessments can help teams understand and provide necessary resources more quickly. In addition to a focus on strengthening the resiliency of communities or organizations, incorporating AI results into integrated risk management (IRM) automation can significantly enhance the efficiency and effectiveness of these processes. Here is some ways AI could be incorporated with an IRM technology like Archer: Risk Assessment and Management : AI can analyze vast amounts of data to identify risks and assess their potential impact. AI-powered risk assessment models can provide real-time insights into emerging risks, help prioritize risks based on their severity and likelihood, and support decision-making in risk mitigation strategies. These AI-generated risk assessments can be integrated into IRM automation systems, enabling automated risk monitoring, reporting, and mitigation workflows. Data Analytics and Predictive Insights : AI-powered data analytics can be integrated into IRM automation to identify trends, patterns, and potential risks. By analyzing historical data, AI can generate predictive insights, such as identifying areas with a higher likelihood of compliance breaches or potential vulnerabilities. These insights can support proactive risk management and compliance planning. Automating Incident Response : AI can automate parts of the incident response process, improving response time and effectiveness. AI-powered systems can analyze and correlate security alerts, assess the severity of incidents, and recommend appropriate response actions. This assists teams in managing incidents more efficiently, reducing response times, and minimizing the impact of disruptions. Business Continuity Planning : AI can aid in developing robust business continuity plans by simulating different scenarios and predicting their impact on operations. It can model various disruptions and devise strategies to minimize downtime, ensure supply chain continuity, and maintain critical functions during crises. Supply Chain Optimization : AI can optimize supply chain management by analyzing complex data sets, including inventory levels, demand patterns, transportation logistics, and supplier performance. It enables businesses to identify potential disruptions, optimize inventory levels, streamline logistics, and respond swiftly to changes in demand or supply. Continuous Monitoring and Auditing : AI can facilitate continuous monitoring and auditing within IRM processes. By analyzing large volumes of data in real-time, AI algorithms can detect deviations, monitor control effectiveness, and identify potential compliance issues. These AI-driven monitoring capabilities can be integrated into IRM solutions to enable ongoing monitoring and automated auditing, reducing the need for manual sampling and periodic assessments. Integrating AI results into IRM automation like Archer opens the floodgates to additional insight but requires careful consideration of data quality, model accuracy, and regulatory requirements. Collaboration between AI experts, IRM professionals, and IT teams is essential to ensure a robust and compliant integration between AI and IRM automation keeping in mind that AI may require human intervention to interpret the results of analyses, or to draw conclusions that drive actions. Regular updates and validations of AI models should be conducted to maintain their effectiveness in an evolving risk and compliance landscape. While AI offers significant potential, its successful implementation requires careful consideration of ethical implications, data privacy, and transparency to build trust among stakeholders. Read this white paper to learn more about Strategies for Building Business Resiliency . Contact us to speak to an Archer expert.

There are few absolutes in the business world. Perhaps “the customer is always right” and “you have to spend money to make money” are contenders. The most certain thing in business is uncertainty. Uncertainty grows as the enterprise scales and managing uncertainty – via risk management programs – becomes a significantly complex problem. The resulting mix of people, processes, and data involved in risk management morphs into a multifaceted program with many moving parts. There are parallels between risk management programs and other key elements of the modern enterprise such as Human Resources, Finance and Sales and Marketing. These functions leverage enterprise-class systems, such as Customer Relationship Management (CRM) and Finance suites, to manage the complex business processes involved with managing customers or finances. These systems provide a range of benefits, including increased efficiency and better decision-making capabilities. Enterprise systems can improve collaboration by providing employees with access to shared data and information facilitating communication and interaction between departments. For example, a CRM system can provide sales teams with access to marketing data, which can help them develop more effective sales strategies. Similarly, a finance suite can provide business leadership with access to financial data, which can help them make better-informed financial decisions. The time has come to consider a risk management platform as a necessary enterprise system just like an HR or CRM platform because it enables organizations to manage their risks comprehensively and efficiently. The traditional approach of managing risks in silos is no longer sufficient, as it fails to address the interdependent nature of risks and their potential impact on the organization as a whole. There are many ways an instantiated risk hits the bottom line such as regulatory fines, reputational hits, and operational losses. An integrated risk management approach is necessary to effectively address these challenges but there are complexities within organizations that must be addressed. Optimizing a solution to the problem involves consolidating risk management functions into a single, comprehensive system that can identify, assess, and manage risks holistically. An integrated risk management platform consolidates all risk management functions into a single system, providing a holistic view of risks and their impact on the organization. To learn more about how integrated risk management has become a critical enterprise capability, read our white paper “ Integrated Risk Management: The Enterprise Capability Your Organization Needs ” .

Organizations are increasingly relying on vendors, making third-party risk a growing concern for businesses. Unfortunately, many organizations still depend on traditional methods of risk management, such as onboarding controls and infrequent assessments. With this approach, organizations face several challenges. These challenges include limited visibility into changes or developments in a vendor's operations, security posture, or compliance status. Additionally, there is an inability to identify emerging risks and vulnerabilities, failure to meet updated compliance regulations due to constantly evolving requirements, and an incomplete understanding of a vendor's business continuity plans, security practices, and risk environment. According to Gartner, 83% of legal and compliance leaders reported that they identified third-party risks after due diligence and before recertification. To effectively manage third-party risks, organizations must incorporate continuous monitoring into their risk management strategy. This method involves ongoing, proactive monitoring of vendors throughout their lifecycle to ensure timely and accurate insights into associated risks. To learn more, register for our upcoming webinar on June 13, 11:00 am EDT, Third-Party Continuous Monitoring: Benefits & Best Practices with Michael Rasmussen , to: Learn how continuous monitoring can transform your organization's third-party risk management strategy. Discover best practices for implementing continuous monitoring most effectively. Explore how Archer can elevate your third-party risk management program to keep you ahead of third-party risks. Visit Archer Third Party Governance for more information. Contact us to speak to an Archer expert.

Organizations have long recognized the need to standardize risk management practices for consistency in identifying and assessing risks across the organization in enterprise risk management (ERM) programs. Today, most organizations currently use qualitative or semi-quantitative assessments, which are simple and repeatable, so they can be scaled across an entire enterprise. But they can be coarse, unauditable, highly subjective, and ambiguous, and – crucially – they can not be meaningfully aggregated. This leaves a highly fragmented representation of the organization’s risk landscape. Apart from substantially improving the fidelity and richness of individual risk assessments, quantitative assessment provides a method to aggregate risks, which allows for the defragmentation of this landscape. Risk quantification has become a common objective for risk management teams. In fact, there has been a slow march in that direction for years. Most organizations have transitioned from purely qualitative methods (High, Medium, Low) to placing categorized measures of likelihood and impact, such as estimated probabilities, bands of loss estimates and other semi-quantitative factors. But the incorporation of true quantitative measures using event frequencies and financial exposures to calculate risk has not yet become the norm. An Enterprise Risk Management (ERM) process should identify risks across an enterprise and assign ownership to them resulting in a register of risks that articulates uncertainties that affect the objectives of the enterprise. A combination of bottom-up and top-down identification can help build this picture. The former captures the immediate concerns and activities of the front line engaged in generating and protecting value in the enterprise; the latter imposes a categorical structure on the uncertainties supposed to influence objectives and uses that to try to drive completeness. Quantitative assessment allows you more faithfully to depict risks, better to differentiate between risks, and to synthesize risks across the organization to deliver more insightful business information to help guide decisions. The major upside of embracing quantitative assessments is to transform risk management into a much more proactive and less reactive contributor to the business. Join us for an informative webinar as we discuss the important role and benefits of risk quantification in assessing, representing, and analyzing risks, how you can make informed decisions at an enterprise level through quantification and practical steps to merge quantification techniques into your existing programs and workflows.

As organizations increasingly rely on third-party solutions and services to perform business functions, effective third-party risk management has become critical. With increasingly complex vendor ecosystems, third parties can introduce potential risks that organizations must prioritize in their risk management strategy. These risks include financial, security, reputational, and regulatory risks that can have significant impacts on an organization’s operations, finances, and reputation. One key element of effective third-party risk management is building and maintaining organizational trust. Organizational trust is a key factor in mitigating third-party risks. Including organizational trust in selecting vendors, due diligence, continuous monitoring, and building critical vendor relationships is important to ensure that your third party's values align with your organization’s goals and priorities. Selecting a vendor When selecting a vendor, it is crucial to consider whether the vendor shares your organization’s values and goals. To be confident that a potential vendor is the right fit for your organization, you need to understand the vendor’s reputation for transparency, collaboration, and accountability. This knowledge will help you make informed decisions that align with your organization's priorities. Performing due diligence The due diligence process is essential to assess potential risks and vulnerabilities, avoid potential pitfalls, and establish relationships with third parties to ensure that the relationship is productive and collaborative. By setting clear expectations and guidelines, establishing communication, and building trust with third parties during the due diligence process, you can ensure that the relationship is productive and collaborative. Including continuous monitoring in your third-party risk management strategy Continuous monitoring is a critical component of any effective third-party risk management strategy. By tracking and evaluating vendor performance on an ongoing basis, organizations can identify and respond to potential risks and vulnerabilities, ensure that vendors are meeting their expectations over time, and maintain strong relationships with their vendors. Building strong vendor relationships Building strong relationships with critical vendors is essential to maintaining trust and ensuring effective third-party risk management. Effective communication and transparency are critical components of organizational trust in third-party risk management. You need to establish clear expectations for your vendors around reporting and ensure that everyone understands the importance of reporting potential risks. Including organizational trust in your third-party risk management strategy is important to mitigate risks and ensure effective third-party relationships. Prioritize trust in vendor selection, due diligence, continuous monitoring, and building vendor relationships to ensure your third parties' values align with your organization’s values and risk is managed effectively. Visit Archer Third Party Governance for more information. Contact us to speak to an Archer Expert.

Organizations are increasingly prioritizing their Environmental, Social, and Governance (ESG) practices. As ESG gains prominence as a critical factor in evaluating the sustainability and ethical performance of organizations, it isn’t surprising that organizations want to understand and assess the ESG practices of their critical third parties. Understanding their vendor’s ESG practices is important for organizations to be confident that their vendor’s practices align with their own ESG practices and values. With ESG rising as a third-party concern the ability to determine a vendor’s ESG practices is becoming more and more important. How can an organization understand the ESG practices of its critical third parties? An effective way for an organization to understand its vendor’s ESG practices is through third-party assessments . These assessments are designed to evaluate a vendor’s ESG performance based on predetermined criteria and provide insight into their environmental, social, and governance practices. A third-party assessment can be conducted the same way an organization leverages questionnaires to determine a vendor’s risk. ESG assessments can be conducted through questionnaires that cover areas such as environmental impact, social responsibility, labor practices, governance, and ethical standards. These ESG assessments can provide valuable insights to an organization about its vendor’s ESG practices. The responses to questions can be used to calculate ESG ratings. Organizations can make decisions about vendors by leveraging the insights and ratings from these questionnaires – similar to how organizations manage and mitigate risk, based on a vendor’s responses to risk assessments. Understanding a vendor’s ESG practices is crucial for organizations that are prioritizing ESG performance. Through third-party assessments, organizations can gain insights into their vendor’s ESG practices and make informed decisions about their vendors based on alignment with their own ESG practices and values. Archer is addressing the need for organizations to understand their vendor’s ESG practices by adding ESG capabilities to our Archer Third Party Governance solution. Organizations will be able to provide assessments to their vendors that include ESG questions and can use those responses to determine inherent and residual ESG ratings. Contact us to speak to an Archer expert about how you can monitor your critical third parties ESG practices.

We are all familiar with the famous tagline that accompanied the Mission Impossible assignments: “Your mission, should you choose to accept it…” This phrase was then followed by a seemingly unachievable goal that included incredible peril and a good chance of a dreadful demise. However, the team always pulled the assignment off using skill, creativity, and a good deal of luck. In today's rapidly changing and complex business environment, the job description of a Chief Risk Officer should probably start with the same line. Companies face a wide range of risks that could have significant impacts on their operations, financial performance, and reputation. Many companies have established the role of Chief Risk Officer (CRO) to shoulder the responsibility. In fact, Deloitte’s Global Risk Management Survey (12th edition) cited that 100% of its respondents had a CRO equivalent position. This survey targeted Financial Service companies underscoring the role of CRO has been a stalwart within that industry for years but the role of CRO has emerged across many sectors. The CRO is a senior executive responsible for helping the business manage all types of risks that the company faces, from operational and financial risks to strategic and reputational risks. The primary reason most organizations have a CRO is to improve risk management practices ensuring the company has a comprehensive risk management framework in place. This includes the fundamentals of risk management - identifying and assessing all types of risks, developing risk mitigation plans, and monitoring risk exposure over time. The CRO should work closely with other senior leaders in the company to understand the business strategy and implement risk mitigation plans for possible obstacles. Ultimately, then, the CRO is primarily put in place to help the business make better business decisions. Companies that have a CRO in place can make better business decisions because the CRO provides senior management with timely and accurate information on the risks associated with various business activities. It takes a certain dedication to look at business objectives, such as entering new markets or launching new products, and analyze the possible obstacles. This is the mission of the CRO should they choose to accept it : Inspect corporate objectives and subject them to a level of scrutiny that identifies potential issues. Unfortunately, the results may sometimes be counter to the aspirations of the business, but that circumspection is incredibly valuable to success. With some skill, creativity and some luck for good measure, this mission impossible makes your business possible – or in risk terms, more probable. To learn more about the role of the CRO and integrated risk management, read our white paper “ Integrated Risk Management: The Enterprise Capability Your Organization Needs ”.

The Digital Operational Resilience Act (DORA) is a legislative proposal by the European Commission to strengthen the operational resilience of the financial sector in the European Union (EU). The proposed regulation aims to address the increasing reliance on information and communication technology (ICT) systems and digital operational processes in the financial sector. DORA sets out a framework for ICT risk management, incident reporting, and outsourcing arrangements for financial firms, such as banks, insurance companies, and investment firms. DORA puts the onus on the firm’s management to take “full and ultimate accountability” for the management of ICT risks, for setting and approving its digital operational resilience strategy, and for reviewing and approving the firm’s policy on the use of ICT Third Party Providers (TPPs), among other responsibilities. The DORA proposal was published in December 2022 and implemented in January 2023. Organizations must begin to comply with DORA starting January 2025. DORA applies to the vast majority of FS firms operating in the EU. Even though DORA is an EU regulation, if your organization is located outside the EU, it’s considered in scope if you have offices in the EU or provide services to a financial institution that provides services in the EU. What are firms required to do under DORA? Set risk tolerances for ICT disruptions supported by key performance indicators and risk metrics. Identify their “Critical or Important Functions”. Carry out business impact analyses based on “severe business disruption” scenarios. Use the new classification, notification and reporting framework to collect, analyze, escalate, and disseminate information concerning ICT incidents and threats. Quantify the impact of incidents and analyze their root causes. In the event of a significant cyber threat, notify regulators and provide information on appropriate protection measures taken to defend against the threat. Demonstrate they conduct an appropriate set of digital operational resilience and security tests on their “critical ICT systems and applications”. “Fully address” any vulnerabilities identified by the testing. If above a certain threshold, conduct “advanced” Threat-Led Penetration Testing (TLPT) every three years and include all TPPs supporting CIFs in advanced testing exercises. Include all the above terms with third party provider agreements. Conduct concentration risk assessments of all outsourcing contracts that support the delivery of CIFs. Firms should be conducting a gap analysis to develop a roadmap to design and implement an enhanced operational resilience framework by January 2025, in line with DORA’s new requirements. For help implementing this guidance, check out Archer Operational Resilience . Contact us to speak to an Archer expert.

We have all seen the movies. Robots wreaking havoc and taking the reins of civilization. As a fan of science fiction, I have read many tales of artificial intelligence manifesting in some form or fashion. It is interesting that most of those tales portray two sides to the binary characters. One side is benevolent bringing progress and prosperity to humankind; the other is a malevolent force that threatens society’s very existence. With all of the talk of ChatGPT, Google’s Bard, Microsoft’s Bing AI and others, the topic of how artificial intelligence (AI) will affect the world has jumped to the forefront. Reminiscent of when Deep Blue beat Kasparov in chess, this discussion is another reminder that technology doesn’t walk through the information age – it leapfrogs. But the recent AI advancements are just the latest version of machine learning and technology modelling that, in recent years, have been transforming industries from healthcare to finance. However, with the headline power of AI, there are certainly risks associated with its development and deployment that risk management professionals must have squarely on the radar. The good news is that the ball is rolling in helping define approaches. NIST launched the Trustworthy and Responsible AI Resource Center on March 30th. This new effort will facilitate implementation of, and international alignment with, the NIST AI Risk Management Framework released in January of this year. Another source is the US Department of Energy publication the AI Risk Management Playbook (AIRMMP) . These are just the tip of the iceberg of emerging guidance on AI risk. The topic of risks in AI and machine learning has been covered by a host of academic research and will continue to be a source of investigation as new models and techniques emerge. From a GRC/Integrated Risk Management (IRM) perspective, AI risk has several basic touchpoints. For example: Policies and Standards: The bedrock of governance and compliance are policies and standards . Usage of any type of AI must be covered in corporate policies to establish control requirements. Security Controls : AI systems can be vulnerable to cyber-attacks , just like any other computer system. If an AI system is hacked, it could lead to sensitive data being stolen, manipulated, or even destroyed. Malicious actors could also use AI to launch attacks, such as creating deepfakes to spread disinformation or manipulating financial markets. Compliance and Risk Assessments : More than likely, your assessment processes cover many bases – from regulatory requirements to internal control compliance . The laundry list of topics to consider continues to increase. The frameworks referenced above are excellent starting points to begin incorporating simple questions to identify potential use of machine learning and AI to get ahead of the game. Data Governance: Part of IRM is understanding how data flows through the organization. Data Governance may first affect privacy efforts but increasingly needs to account for all types of data as well as how that data is being used. This should also now include any use of machine learning or AI to ensure those efforts are being monitored for risks such as bias. As organizations contemplate how AI can further business objectives, risk, compliance and security teams must be preparing for the inevitable. On the one hand it isn’t something that new – these functions have faced technology advancements before. On the other hand, this is a completely new animal. The funny thing about AI is that you can actually ask it what its risk is. I can’t think of any other risk that can answer the question “What risk do you pose?” As ChatGPT told me: While AI has the potential to revolutionize industries and improve people's lives, there are also risks associated with its development and deployment. These risks include bias, security, unemployment, autonomy, and lack of accountability. As AI continues to develop, it is important that we are aware of these risks and take steps to mitigate them. This includes developing AI systems that are transparent, accountable, and ethical, and ensuring that humans remain in control of AI systems. I couldn’t have said it better myself. For more information read IDC’s report on the modern needs of risk management .

The reality is that supply chain risk continues to become more and more complex, with organizations increasingly relying on third parties for critical products and services. Any disruption from third parties can impact an organization’s supply chain significantly. Additionally, an organization’s exposure to risk increases due to cyber-attacks, economic conditions, geopolitical uncertainty, and natural disasters. Thinking about your supply chain risk management strategy and how that strategy fits into your third-party risk management program is critical. Having the right strategy to identify, assess and manage your organization’s supply chain risk as a component of your third-party risk management program will result in an effective holistic third-party risk management program. To learn more, join us for our webinar “ How to Effectively Manage Supply Chain Risk ” featuring IDC Research Manager Amy Cravens and Archer’s Wes Loeffler to learn: What gaps exist in typical supply chain risk management programs How understanding the risk profile of your suppliers delivers a competitive advantage How to build an effective strategy to manage evolving supply chain risk Webinar: April 18, 2023 11:00 am Eastern Time Register Now! Visit Archer Third Party Governance for more information. Contact us to speak to an Archer Expert.

In another of what will be a long series of proposals related to oversight of corporate environmental impact, the U.S. Securities and Exchange Commission (SEC) recently announced its own proposal on disclosure. Joining the efforts of many other governing and regulatory bodies worldwide, including the recent Corporate Sustainability Reporting Directive (CSRD) and Sustainable Finance Disclosure Regulation (SFDR) out of Europe, the SEC has now stepped fully into the fray as stakeholders ranging from conservationists to institutional investors seek greater visibility into the actions of large corporations to manage their environmental impacts. This announced proposal from the SEC has several key aspects that beyond accelerating current ESG efforts, warrant special consideration for large organizations, including: Accountability for not only quantifying the progress towards their environmental goals, but also clear identification of the risks and opportunities to those outcomes Requirements that will emerge from the call for more, better, standardized data that can help create a normalized view of progress across organizations As environmental impacts are only one component the current ESG push, it is reasonable (if not responsible) for organizations to assume similar proposals that extend into other areas. If the direction set by the SEC’s proposal moves in a similar direction to other geographies, it is also wise for organizations smaller than those within current scope to assume “scope creep” down into their realm. Unsurprisingly, the proposal has been met with immediate push-back from both sides of the aisle, and it would be wise to assume that this proposal will go through several iterations before being finalized. But it would be similarly unwise to not view this as another significant signal of accelerated involvement by regulators in ESG. With that in mind, the SEC’s proposal also has some very specific impacts for Risk Management professionals: The near-term need for a focus on data gathering, risk register and cataloging of controls, other common GRC or Enterprise/Integrated Risk Management practices Regulation will be a likely driver for some (but not all) integration of ESG into Enterprise/Integrated Risk Management This will require starting with an approach that scales bi-directionally: integration across the growing array of regulations AND that expands across various data sources covering not only environmental impacts but social as well Again, this is an early but undoubtedly a significant step in what is growing momentum around ESG. At Archer, we believe ESG is much more than another regulatory thorn-in-the-side but is in fact one of the biggest drivers for more involvement in strategic planning for the Risk Management function. To learn more about how Archer customers are looking at the likely near-term and longer-term impacts of ESG on the Risk Management function, watch the replay of our webinar, “3 Things Risk Managers Need to Know About ESG,” on-demand now.