2023 GRC Trends: Agility
In the previous post, 2023 Governance, Risk Management & Compliance, we reviewed the top five 2023 GRC trends. We now dive deep into the first of those trends, agility . . .
Gone are the years of simplicity in business operations. The interconnectedness of objectives, risks, resilience, and integrity require 360° contextual awareness of risk and resiliency. Organizations must see the intricate relationships and impacts of objectives, risks, processes, and controls. It requires holistic visibility and intelligence into risk and resiliency.
Organizations take risks all the time but fail to monitor and manage these risks effectively in an environment that demands agility. Too often, risk management is seen as a compliance exercise and not truly integrated with the organization’s strategy, decision-making, and objectives. It results in the inevitable failure of GRC and risk management, providing case studies for future generations on how poor GRC management leads to the demise of organizations – even those with strong brands.
Organizations need complete 360° situational awareness and visibility into their processes, operations, objectives, and risks. What complicates this is the exponential effect of risk on the organization. The business operates in a world of chaos, and even a small event can cascade, develop, and influence what ends up being a significant issue.
Dissociated siloed approaches to GRC management that do not span processes and systems can leave the organization with fragments of truth that fail to see the big picture across the enterprise, as well as how it impacts its strategy and objectives.
The organization needs agility into GRC and, with that, visibility into objective and risk relationships across processes. The complexity of business and intricacy, as well as the interconnectedness of risk data, requires that the organization implement an enterprise view of GRC to see what is coming at the organization and prepare the organization.
Agility is a thing of beauty. I love watching acts of agility. Take parkour for example, how these athletes can leverage and use their surroundings to navigate and seem to do the impossible . . . simply amazing. A few years back I was doing a lot of Spartan races. Myself, that was not agility but the more of an awkward ox doing obstacles, but others it was amazing what they could do in the environment given to them.
When I think of agility, my mind immediately goes to Legolas, the elf in Lord of the Rings. Though I prefer the books, the films were amazing, and the agility of Legolas in the midst of battle was amazing. How he can move about the threats and enemies around him and seize opportunities for victory. Gimli, the dwarf in Lord of the Rings, is the embodiment of resiliency. He is built like a tank and simply can withstand the beating and hits as he pummels forward to victory. We will talk about the resilience trend in the next blog. Resilience is the capacity to recover quickly from difficulties/events; the ability of a business to spring back into shape from an event.
However, there is more that needs to happen. Organizations also need to be agile. Agility is the ability of an organization to move quickly and easily, the ability to think and understand quickly. Good risk management is going to clearly understand the objectives of the organization, its performance goals, and strategy, and continuously monitor the environment for 360° situational awareness to be agile. To see both opportunities as well as threats so the organization can think and understand quickly and be prepared to move to navigate to seize opportunities while avoiding threats/exposures to the organization and its objectives.
We need agile organizations to avoid and prevent events, but we also need agility to seize on opportunities and reliably achieve (or exceed) objectives. Agility is not just avoidance of hazards, threats, and harms. Agility is also the ability to understand the environment and engage in advancing the organization and its goals. Organizations need to be agile and resilient. GRC needs to be an integrated part of performance, objective, and strategy management to achieve this capability to enable situational awareness for this organization so it can seize on opportunities as well as avoid exposures and threats.
So today’s modern organization needs GRC that enables enterprise agility that is also supported by operational risk and resiliency. There is a symbiotic relationship between agility with operational risk and resiliency that organizations need to develop in today’s dynamic, distributed, and disrupted business.