Below is Michael Rasmussen’s article in The IRM Global Risk Trends 2023 report , published by the Institute of Risk Management (The IRM).
The complexity of business combined with the intricacy and interconnectedness of risk and objectives necessitates that the organization implements a strategic approach to business and operational risk and resiliencein 2023.
Gone are the years of simplicity in business operations. Exponential growth and change in risks, regulations,globalization, distributed operations, competitive velocity, technology, and business data encumber organizations ofall sizes.
Keeping changes to business strategy, operations, and processes in sync is a significant challenge forboards and executives, as well as management professionals throughout all levels of the business in 2023 andbeyond.
The interconnectedness of objectives, risks, resilience, and integrity require 360° contextual awareness of risk and resiliency. Organizations need to see the intricate relationships and impacts of objectives, risks,processes, and controls. It requires holistic visibility and intelligence into risk and resiliency.
The ecosystem of business objectives, uncertainty/risk, and integrity is complex, interconnected, and requires a holistic contextual awareness of the organization – rather than adissociated collection of risk management processes anddepartments.
Change in one area has cascading effects that impacts theentire ecosystem.
This interconnectedness of business is driving demand for360° contextual awareness in the organization’s risk management processes in 2023 to reliably achieve objectives, address uncertainty, and act with integrity.
Organizations need to see the intricate intersection of objectives, risks, and boundaries across the business.
Organizations in 2023 are Focusing on the Following Five Areas in Their GRC Management Strategies:
- Agility. The last few years global uncertainties, geo-political tensions with a war in Ukraine, and the impact on business operations and supply chains. Organizations are now turning their attention to being agile in risk in 2023. To see what is coming at the organization in the next six months, years, or two years and go through scenarios and prepare the organization for uncertainty to take the best path forward. Risk agility is lookingahead and preparing the organization.
- Resilience. This is where many organizations have been focused, but still working on improving. Agility allows us tonavigate our environment and see what is coming at us. Resilience is the ability to recover from a risk event and minimize the impact on the organisation. Risk agility and risk resilience are very symbiotic and play off each other, both have become essential to risk management programs in 2023.
- Integrity. With a global focus on ESG risk management programs will shift from laying the groundwork for ESG inorganization structures and reporting to operationalizing ESG within the organisation. At the end of the day, ESG is about the integrity of the business. What the organization communicates are its values, ethics, and commitments . . . is this being done? Risk management plays a critical role in navigating uncertainty to ensurethe integrity of the organization in the era of ESG in 2023.
- Accountability. There is a growing focus on board and executive-level accountability in 2022 that will extend and grow in 2023.Accountability regimes have expanded around the world – UK, Ireland, Australia, Hong Kong, Singapore, and nowSouth Africa. There is a growing focus in the USA with the Department of Justice and SEC on greater accountability for risk and compliance. There are US state-level accountability focus on New York and California.Most recently, Uber’s former CISO was held personally accountable for a security breach.
- Engagement. Risk is not taken and managed in the back-office of risk management. Risk happens throughout the business at alllevels of the organization. This requires that organizations in 2023 focus on risk culture, risk awareness, and proper risk management skills from the front-line up through operational management to executives and the board. Good risk management engages all levels of the organization. It is time for organizations to take another read through the IRM Risk Culture: Resources for Practitioners as they enter 2023.
What is clear, organizations need complete 360° situational awareness and visibility into risks in 2023. Business operates in a world of chaos, and even a small event can cascade, develop, and influence what ends up being a significant issue. Dissociated siloed approaches to risk management that do not span processes and systems can leave the organization with fragments of truth that fail to see the big picture across the enterprise, as well as how it impacts their strategy and objectives.
The organization needs visibility into risk. Complexity of business and intricacy, as well as the interconnectedness of risk data, requires that the organization implement an enterprise view of risk monitoring, automation, andenforcement.
Successful risk management in 2023 requires the organization to provide an integrated strategy, process,information, and technology architecture. The goal is comprehensive straight forward insight into risk andresilience management to identify, analyze, manage, and monitor risk in context of operations, processes, and services.
It requires the ability to continuously monitor changing contexts and capture changes in the organization’s risk profile from internal and external events as they occur that can impact objectives.
Michael Rasmussen is a Global Ambassador of Risk Management and Honorary Life Member of the IRM and an internationally recognized pundit on governance, risk management and compliance