Go Beyond the Fundamental Elements of Governance and Compliance
The goal: Integrated Risk Management
As views of risk management broaden to include both a vertically integrated view from strategy to operations and a horizontally integrated view across risk areas, organizations will become better able to adapt their risk management strategies to address the scope and complexity of risk today.
If compliance is the primary driver of risk management, the organization is coming up short in understanding the true risks within the business. An integrated approach to risk management—going beyond the fundamental elements of governance and compliance represented by the original vision of GRC - provides a more expansive definition of integration that addresses a diverse set of risk areas and includes both business and IT risk.
The evidence for integrated approaches to risk management is present in several trends. For example, the Archer Digital Risk Survey 2020 indicated the pandemic of 2020 has created an increased sense of urgency towards collaboration across teams. When asked, “To what extent do you believe security and risk teams will work together over the next two years, due to the impact of the pandemic?” a resounding 92% indicated the expectation that those groups would work in a more coordinated fashion. The survey also found Integrated Risk Management will become increasingly essential in the coming years and must be positioned to address a continuous cycle of emerging risks. Companies indicated a focus on transitioning to continuous monitoring of controls to improve effectiveness and reduce the cost of compliance. In addition, establishing risk-based approaches was indicated as priorities in many domains including compliance, business continuity/disaster recovery, security and third-party risk management efforts.