Need to Build an Integrated Picture of Risk
…and a Horizontally Integrated View
A vertically integrated view is important—but is not the end game. The other part of the picture is a horizontally integrated view that connects domains of risk. Risk is as hyperconnected today as your organization. As areas of risk within organizations continue to grow beyond just compliance risk, the need to view them as an integrated whole becomes increasingly clear. There are two primary reasons for this. One is that it’s simply unrealistic and operationally unsustainable to manage them separately, using different risk management approaches. The other reason—far more critical than the first—is that most areas of organizational risk today don’t really exist independent of other risks; rather, they cross over into other areas.
For example, engaging with a cloud service provider presents a security risk, a resiliency risk and a third-party risk. In other words, the cloud service provider could be the source of security data breach, an operational disruption, a compliance issue or a reputational risk. If that business relationship isn’t considered in each of these dimensions, there is a gap in truly understanding the risk. Therefore, organizations need to be able to leverage business processes to build an integrated picture of risk that crosses operational functions and fosters a multidisciplinary approach to risk management.