As the uncertain business environment continues to linger in the wake of the COVID-19 pandemic, organizations must boost their preparedness for the unknown unknowns to ensure uninterrupted business operations.
Work has moved home due to the pandemic but has not slowed down. To understand the state of risk management and how risk professionals are approaching this critical business function in the new normal, MetricStream conducted a survey of chief risk officers (CROs) and risk managers spanning multiple geographies and industries. The survey results have been compiled in The State of Risk Management Survey Report 2021. Here are some of the key takeaways from the survey:
- 48.91% of respondents identified cybersecurity as the top risk faced by organizations.
- 58.70% of respondents said that aligning risk priorities with business strategy is a key challenge faced by organizations when it comes to enterprise and operational risk management.
- 61.96% of respondents said that determining the effectiveness of cybersecurity risk management is a top priority for risk professionals in the post-pandemic world.
- All the companies that have deployed an integrated risk management (IRM) solution use it primarily to create a centralized risk repository. Other uses for which companies leverage IRM solution include aggregating risks based on various parameters and dimensions, automating workflows for risk control self-assessment (RCSA), providing risk insights, and tracking and monitoring key metrics.
- Organizations are willing to dedicate resources to upskill risk managers on emerging risks and cutting-edge technologies.
Agile, Integrated, Responsive…
Risk management is no longer seen as an annual or half-yearly “tick-box” exercise. The crisis has particularly highlighted the importance of competent risk managers and an effective enterprise risk management (ERM) strategy for business continuity and resilience.
To keep up with the evolving operational environment and risk landscape, it’s imperative that the top management and leadership are aware of the organization’s risk profile, tolerance, and appetite to make informed business decisions. A data-driven, technology-based IRM program can better equip risk teams to provide risk intelligence to the senior management in real-time, thereby improving an organization’s agility and responsiveness.
The survey, in fact, affirmed that IRM is key for ensuring operational resilience as more than half of the organizations (52.63%) that had already deployed an IRM solution did not alter their risk programs, approaches, or activities due to the pandemic. That said, a significant number of organizations still depend on basic office productivity software for risk management activities, which hampers their risk identification, reporting, assessment, and mitigation capabilities.
In these unprecedented times, companies can position themselves as trailblazers and gain a competitive edge by their ability to thrive on risk. It is important to note here that implementing a technology solution alone to meet risk management needs is not enough. For an IRM program to be successful, organizations must transition to a matured framework—one that strikes the right balance between people, processes, and technology. This approach is not a silver bullet but can greatly enhance an organization’s resilience to risk events.
“Beyond financial risks and cyber risks, we now must pay very critical attention to HR and operational resilience of our organizations as well. Unfortunately, this is going to be part of the new normal for years to come as we have to be ready to deal with the pandemics—the current one and perhaps other incarnations of these kinds of pandemics into the future. We have to learn how to deal with crisis and emergency events and other wartime scenarios that are the ‘Unknown Unknowns’ that the GRC industry must learn to tackle,” said Gunjan Sinha, Executive Chairman, MetricStream.
MetricStream offers a suite of products and solutions that enable organizations to enhance and streamline risk management activities and processes. The MetricStream Integrated Risk Solution empowers organizations to manage both existing and emerging risks across geopolitical, digital, strategic, third-party, cybersecurity, and compliance areas. In addition, some key enhancements have also been made to the MetricStream Platform with the Arno release to enable better business configurability, improve mobile capabilities and enhance user experience.