The complexities of today’s risk landscape – new network access points, data privacy concerns, misuse of technology, and more – require risk managers to look at enterprise risk through a wider lens. Keeping pace with disruptive changes requires an Enterprise Risk Management programme with integrated technology that drives cross-team collabouration and provides a complete view of risk exposure across the entire enterprise. Does your ERM programme do that? Gauge how far across the enterprise your ERM programme extends with this checklist:
- You can effectively identify risk and compliance threats across the organisation.
The ability to identify ALL risks and their associated magnitude is one of the most challenging but important aspects of risk management. Yet a recent survey found less than one-third of respondents (28%) are “very confident” in their ability to do so.Technology is often the missing ingredient. Technology gives you the ability to consolidate and centralize data from various departments so you can see and understand the potential impact of all risks – and make better decisions to mitigate threats and maximize value. - You routinely map ownership of each risk, requirement, and control to a specific individual or role.
It’s impossible to effectively manage risk if you don’t know who owns a particular risk, what controls are in place, what’s been done to address the risk, or who’s responsible for the controls. Ownership drives accountability – and risk owners are clearly identified in ERM programmes with integrated technology. This transparency also promotes a risk-aware culture by making everyone personally responsible for identifying and manageing risk in their day-to-day work. - You know what’s driving your risks.
Identifying risks across the organisation is one thing. Mapping those risks back to key drivers – and isolating the root causes – is quite another. And that’s where the real value of enterprise risk management lies. Once you understand the root cause, you can act in a more meaningful and effective manner.One approach to properly mapping risk drivers to each function is to delegate responsibility for information gathering to risk owners across various business functions, then give oversight to a central risk team. Another approach is to leverage AI by identifying a cause-and-effect correlation between various risk events. Expect both practices to increase over the next 12 months. - You can effectively identify vendor and other third-party risks.
Many organisations believe that by leverageing third parties, they are offloading risk. That’s wrong – in a big way. Bringing in third parties may be good for business, but it actually increases risks. For example, if an IT vendor experiences a cyberattack that compromises your customers’ financial data, your organisation will be held responsible. And your reputation, finances, operations, and customer trust all may suffer the consequences.A true ERM programme evaluates risk across the business and extended enterprise – including third-party suppliers – to minimize surprises.
Fully developed ERM programmes equip organisations with the knowledge, tools, and culture to turn unexpected challenges into opportunities for success.
Is your ERM programme truly enterprise-wide? If you checked all four boxes, you’re in good shape. Anything less means there’s still work to do.
Learn more about ERM and how integrated technology can help you anticipate, assess, mitigate, and monitor every form of risk from every corner of the organisation.
For more on dealing with the coronavirus crisis, check out..
