As companies try to deal with the COVID-19 pandemic’s long-term effects, the potential for a recession, and the rapid pace of growth, enterprise risk management (ERM) has become the focus.
Executives know that more robust ERM programs are required to compete in this new environment. As part of the current risk landscape, businesses must deal with how hazards are interconnected.
According to Alla Valente, a senior analyst at Forrester Research, businesses are becoming even more connected to the partners, vendors, and suppliers operating inside global markets.
The 12 security and risk management trends below change the risk landscape and affect business continuity planning.
- Risk maturity frameworks combine workflows
Companies are considering a risk maturity framework as risk landscape vulnerabilities grow increasingly interconnected. Other software development frameworks, including the capability maturity model, are comparable to this approach. Handling procedures and technology is essential to reach a mature risk management degree.
- Technology stacks for ERM are expanded to GRC
Enterprise risk management encompasses information technology, third-party contacts, governance risk and compliance (GRC), and financial governance. A complete GRC platform can be an essential integration tier for all risk management tasks, including designing and maintaining policies, performing risk assessments, analyzing risk posture, identifying regulatory compliance gaps, managing and responding to incidents, and automating the internal audit process.
- ERM is considered a tactical advantage
Since the COVID-19 epidemic, many firms now view risk management as a tactic to outperform the competition rather than just preventing bad things from happening.
Valente’s research team has been contrasting the strategies of traditional chief risk officers (CROs), who are hyper-focused on minimizing risk, with those of so-called transformational CROs, who see risk management as a competitive advantage to understand better how threats might impede company strategy and limit income streams.
- Increasing use of remarks on risk appetite
The financial services industry created risk appetite statements to improve communication with personnel, shareholders, and authorities. A lender must be prepared to take on some level of risk to increase the number of loans available, but they must also have a mechanism in place that will take rapid corrective action if too many borrowers fail to fulfill their obligations.
Businesses need help to implement a risk appetite statement for several reasons successfully. Some CEOs are concerned that a poorly worded statement can be interpreted as endorsing unethical behavior, while others are concerned that it might prevent them from exploring new opportunities.
- Expert panels with subject-specific knowledge expedite risk assessment and response
Putting all the risk data together is crucial, but professionals must interpret it correctly. The GRC platform is being used by businesses to create a knowledgeable network of subject matter experts for essential initiatives. The appropriate experts can be quickly enlisted to examine the situation and decide the best course of action in the event of a cross-departmental issue, such as a security incident involving IT, legal, and HR.
- Greater accessibility of risk mitigation and measurement tools
Keri Calagna, principal at Deloitte, observed that technologies for actively assessing and managing risks are advancing. Internal and external Risk sensing systems help deliver risk intelligence that identifies emerging and trending dangers.
According to Calagna, organizations increasingly rely on more integrated technologies that provide a holistic view of risks across the organization, capture leading indicators to show how risks are evolving, encourage accountability for risk-reduction measures, and offer real-time risk reporting to help management make decisions.
- A meeting between the GRC and the ESG
Another development in business risk management is linking enterprise risk and environmental, social, and governance (ESG) agendas. Calagna believes that scenario planning and assumption testing will become more capable. To encourage cross-functional thinking on risk and explore the influence of potential futures on corporate business planning and strategy, businesses are also implementing simulations, war games, tabletops, and other interactive workshops.
- CIOs encourage C-level support for ERM
Companies are forced to put resilience ahead of risk management due to the COVID-19 epidemic and the current economic climate. Businesses with comprehensive ERM plans that involve all divisions can quickly alter course. CIOs must bring the company’s C-suite together to implement successful risk and resilience plans.
- Extreme weather hazards are more significant than before
CEOs and boards will be challenged to implement risk management techniques to safeguard personnel and assets if crises, such as harsh weather, worsen and occur more frequently. The most recent figures show that weather-related calamities caused damages of $145 billion in 2021.
By 2023, according to Mark Herrington, CEO of OnSolve, an AI event management platform, CEOs would need to be trained in risk management to protect their organizations’ assets, personnel, and financial health from the increasingly frequent occurrence of extreme weather.
- Integrating risk management with digital transformation
75% of executives say that their organizations are extremely complex, particularly in terms of their technology, data, and operating environments, according to PwC’s Digital Trust Insights 2022 survey. Businesses are accordingly putting integrated governance, risk, and compliance (IGRC) strategies into place faster to streamline their risk management processes.
It serves as both a facilitator and a driver for IGRC. To identify risks, evaluate their impact, and devise mitigating methods aligning with the organization’s risk appetite, chief information officers and IT leaders must collaborate with other management teams. By synchronizing the strategy, people, process, and technology goals along the entire value chain, an integrated governance model can be helpful. This ERM trend ensures that the risk component is included in broader digital transformation efforts.
- Measurement of cyber risk
According to Kumar Avijit, the IT Services practice director at Everest Group, who has heard this development directly from C-suite executives, the demand for risk quantification services within enterprises has increased. These services range from creating unique cybersecurity policies to conducting a complete risk assessment procedure to determine the monetary value of each risk.
- Improved and contextualized risk monitoring
Avijit is also observing an increase in demand for risk management monitoring solutions tailored for different personas, such as chief information officers, chief business managers, and chief information officers. New risk management goals and requirements that various business users and executives have developed cause this. These tools enhance traditional risk management analytics with drill-down views that provide the appropriate detail.
