Organizations are dynamic and distributed. They are changing minute-by-minute and second-by-second. That is challenging many risk management programs, but the complexity of distributed business further chaos to the organization and makes risk management very complicated. There is no such thing as brick and mortar business, organizations are not defined by employee relationships. Half of an organizations ‘insiders’ are now third parties.
I recently was having a conversation with risk, compliance, and legal management at a global manufacturer with a global manufacturer (about 200,000 employees). Their challenge was managing risk in a distributed and dynamic business. They expressed challenges in which what used to be thought of as an inside risk now extends across a web of third-party relationships. Policies that used to be just for employees, now have impact and governance over a range of individuals from third-party relationships that work and interact with the organization’s internal processes (e.g., outsourcers, suppliers, service providers, contractors, consultants, temporary workers).
I also recently talked to a global European bank that is looking at requiring every individual in their data centers to go through the same GDPR policies and training as employees do. Most of the individuals in their data centers are third parties.
Risk management is not just about the back office of the chief risk officer, but it is also about the front lines of the business that take and manage risk every day in their jobs. Risk management is not about the traditional brick and mortar business but also about the extended enterprise and nested relationships of risk that exposes the business and can hinder it from achieving objectives (or help it).
Organizations need to think holistically about risk management and adapt their programs to the dynamic and distributed business of today. They need to align and integrate risk management with strategic planning, objectives, and performance while still having visibility into risk down in the bowels of the organization’s processes and relationships. In essence, organizations need a 360° contextual view of risk in the organization in the context of both strategy and operations. This requires a top-down view of risk as well as a bottom-up view of risk. It also requires quantitative risk analytics that brings value and order to qualitative methods (which still have use). It requires right-brain creative out of the box thinking of risk as well as left-brain analytical and model thinking of risk.
I will be interacting on next-generation risk management as it transcends the enterprise at the following upcoming events:
Upcoming Risk Events & Interactions
Roundtable Discussion & Coffee in London
- London, Navigating Chaos: Managing Risk In a Dynamic Environment, February 28th
Third Party GRC Management by Design Workshops
- New York, Third Party GRC Management by Design, February 19th
- San Francisco, Third Party GRC Management by Design, February 21st
- London, United Kingdom, Third Party GRC Management by Design, February 25th
- Chicago,Third Party GRC Management by Design, April 1st
Risk Management by Design workshops are:
- Los Angeles, Risk Management by Design, March 12th
- Washington DC, Risk Management by Design, March 17th
- New York, Risk Management by Design, March 19th
- London, Risk Management by Design, June – details forthcoming
- Toronto, Risk Management by Design, July 14th
Policy Management by Design workshops are:
- Chicago, Policy Management by Design, April – details forthcoming
- New York, Policy Management by Design, April 28th
- London, United Kingdom, Policy Management by Design, June – details forthcoming
Upcoming Risk Conferences . . .
- Zurich, Switzerland, RiskIn, May 13th to 15th
Upcoming Webinars . . .
- How to Achieve An Integrated & Continuous Approach to Managing Controls, March 4th @ 1:00 pm – 2:00 pm CST