- Distributed. Even the smallest of organizations can have distributed operations complicated by a web of global supplier, agent, business partner, and client relationships. The traditional brick and mortar business with physical buildings and conventional employees have been replaced with an interconnected mesh of relationships and interactions which define the modern organization. Complexity grows as these interconnected relationships, processes, and systems nest themselves in intricacy.
- Dynamic. Organizations are in a constant state of flux as distributed business operations and relationships grow and change. At the same time, the organization is trying to remain competitive with shifting business strategies, technologies, and processes while also keeping pace with change to risk environments around the world. The multiplicity of risk environments that organizations have to monitor span regulatory, geo-political, market, credit, and operational risks. Managing risk and business change on numerous fronts has buried many organizations.
- Disrupted. The explosion of data in organizations has brought on the era of “Big Data” and with that “Big Risk Data.” Organizations are attempting to manage high volumes of structured and unstructured data across multiple systems, processes, and relationships to see the big picture of performance, risk, and compliance. The velocity, variety, veracity, and volume of data is overwhelming – disrupting the organization and slowing it down at a time when it needs to be agile and fast.
Understand the Interrelationship of Risk and Its ImpactRisk management is often misunderstood, misapplied, and misinterpreted as a result of scattered and uncoordinated approaches. For some organizations, risk management is only an expanded view of routine financial controls with the result nothing more than a deeper look into internal controls with some heat maps thrown in, and does not truly provide an enterprise view of risk. Despite this, organizations remain keenly interested in how to improve risk management. Risk is pervasive; there are a variety of departments that manage risk with varying approaches, models, needs, and views on what risk is and how it should be measured and managed. These challenges come at department and process levels, and build as organizations develop operational and enterprise risk management strategies. Risk management silos — where distributed business units and processes maintain their own data, spreadsheets, analytics, modeling, frameworks, and assumptions — pose a major challenge. Documents and spreadsheets are not equipped to capture the complex interrelationships that span global operations, business relationships, lines of business, and processes. Individual business areas focus on their view of risk and not the aggregate picture, unable to recognize substantial and preventable losses. When an organization approaches risk in scattered silos that do not collaborate, there is no opportunity to be intelligent about risk as risk intersects, compounds, and interrelates to create a larger risk exposure than each silo is independently aware of. A siloed approach fails to deliver insight and context and renders it nearly impossible to make a connection between risk management and business strategy, objectives, and performance. It can be bewildering to make sense of risk management and its varying factions across enterprise, operational, project, legal/regulatory, third-party, strategic, insurance, and hazard risks. This makes enterprise and operational risk management a challenge when risk management strategy forces everyone into one flat view of risk to conform and have significant issues in risk normalization and aggregation as they roll-up risk into enterprise risk reporting.
Providing 360° Contextual Awareness of RiskManaging risk effectively requires multiple inputs and methods of modeling and analyzing risk. This requires information gathering — risk intelligence — so the organization has a full perspective and can make better business decisions. This is an important part of developing a risk analysis framework. Mature risk management is built on a risk management process, information, and technology architecture that can show the relationship between objectives, risks, controls, loss, and events. In light of this, organizations should consider:
- Does the organization understand the risk exposure to each individual process/project and how it interrelates with other risks and aggregates in an enterprise perspective or risk?
- How does the organization know it is taking and managing risk effectively to achieve optimal operational performance and meet strategic objectives?
- Can the organization accurately gauge the impact risk has on strategy, performance, project, process, department, division, and enterprise levels?
- Does the organization have the information it needs to quickly respond to and avoid risk exposure, and also to seize risk-based opportunities?
- Does the organization monitor key risk indicators across critical projects and processes?
- Is the organization optimally measuring and modeling risk?
- The external perspective: Monitoring the external environment for geopolitical, environmental, competitive, economic, regulatory, and other risk intelligence sources.
- The internal perspective: Evaluating the internal environment of objectives, projects, risks, controls, audits, loss, performance and risk indicators, and other internal data points.
Upcoming Webinar on Risk Management
- Facing the Challenge of Operational Risk Management, October 18 @ 12:00 pm – 1:00 pm CDT
20/20 Strategy Perspective Research Paper on Risk Management
20/20 Buyers Guide Research Briefing on Risk Management Solutions
Other 20/20 Research Pieces on Risk Management
[button link=”https://grc2020.com/product-category/grc-functional-area/risk-management-analytics/”]RISK MANAGEMENT RESEARCH[/button]