Managing risk in your business grows more complex by the day; risks such as operational, IT, social media, cloud security, business continuity management and Internet of Things (IoT) are all critical components of the evolving digital business landscape. They are interrelated and need to be mitigated in conjunction.
This is called Integrated Risk Management. Gartner defines IRM as “a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.”
Risk management is an area of growing maturity as the risk landscape becomes more interconnected. According to a 2017 survey of executives by the American Institute of Certified Public Accountants, 70% of respondents perceive that the volume and complexities of risks have increased "mostly" or "extensively" in the past five years.
Opportunities of digital innovations go hand in hand with risks and threats. To understand the full scope of risk, organizations require a view of the whole ecosystem: end-to-end business units, risk and compliance functions, customer segmentation, channels, key business partners, suppliers and outsourced entities.
New technology solutions have emerged to increase the collaborative nature of risk management – supporting data-driven decision making, both within and external to an organization. Documenting or modeling the changing ecosystem should be part of the solution.
Let me share three pitfalls, that I unfortunately see too often, which can be solved by the right IRM approach:
- A lack of cross-organization collaboration; this is why you cannot get to the root of risk issues and see true emerging risks that will impact the company in the future. A continued lack of cross-organization collaboration is often a result of the siloed nature of most GRC software solution implementations today. Go for a single source of truth and do not rely on a variety of niche point solutions (one for BCM, one for ORM, one for compliancy etc.).
- Focusing solely on integrating the risk areas. Integrated Risk Management should also integrate business performance with business processes as the common ground of all domains. Integrated risk management capabilities should be contained within the digital business platform that you also use for business operations and transformation. Why? The (analytical and predictive) tools and insights you need to succeed in the marketplace are effectively the same that you need to comply with regulation, or to mitigate risk.
- Perceiving risk management as a separate (second line) domain and cost driver. Every decision needs to be made with respect to the business performance. So consider risk management as an integrated part of business performance and let it harness the benefits of digital business innovation in a safe and secure way.
Business is risky, but with a holistic approach like IRM the full scope of your digital business risks can be uncovered, paving the way for digital innovation in a controlled way. Isn’t that what we are all looking for?