Page 6 - Risk Management Bulletin January-June 2023
P. 6

RMAI BULLETIN JANUARY - JUNE 2023


             centralizing and contextualizing information about risk  "Companies with a transformational approach to risk,"
             management and automating risk policy enforcement.  Valente explained, "can mobilize their teams and busi-
                                                              ness leaders quickly to jump on a new gap in the mar-
             2. ERM technology stacks expand into             ket." When, for example, Ikea's store traffic plum-
                                                              meted during the initial pandemic lockdown, the re-
             GRC                                              tail furniture company quickly implemented a new
             Enterprise risk management has expanded beyond   contactless pickup system that allowed customers to
             simple financial governance, reaching into security, IT,  securely pick up their purchases, according to Valente.
             third-party relationships and governance risk and com-
             pliance (GRC). A comprehensive GRC platform can be  4. Wider use of risk appetite state-
             a critical integration tier for all types of risk manage-
             ment activities to create and manage policies, conduct ments
             risk assessments, understand risk posture, identify  Risk appetite statements emerged in the financial in-
             gaps in regulatory compliance, manage and respond  dustry to improve communication with employees,
             to incidents and automate the internal audit process.  investors and regulators. Some risk is required to ex-
                                                              pand a pool of loans, but if too many customers de-
             CIOs need to confirm that their risk technology stack  fault, a bank needs a program in place to trigger deci-
             is adequate for each task and used thoughtfully,  sive action. So, for example, banks might establish a
             proactively and not just reactively, Valente suggested.  safety baseline for mortgage defaults or fraudulent
             Consider integrating the following into a more compre-  transactions that still allows them to turn a profit.
             hensive risk technology stack:
             Y   intelligence analytics for geopolitical risks, natural  Risk appetite statements are starting to gain popular-
                 disasters and other incidents;               ity in other industries to replace rudimentary "check

             Y   third-party risk assessment tools to track sanc-  the box" exercises with a process that more definitely
                                                              guides day-to-day risk management decisions, ob-
                 tions, security incidents and financial health;
                                                              served Chris Matlock, vice president, advisory -- cor-
             Y   security systems to assess the potential impact of  porate strategy and risk practice at Gartner. This risk
                 vulnerabilities, breaches and cyber attacks; and
                                                              management trend comes with a caveat: "It is difficult
             Y   social media monitoring capabilities to track sud-  to do," Matlock warned, adding that "the payoff for
                 den changes in brand reputation.             organizations that do it is extremely high."

             3. ERM seen as a competitive advan-              He explained that companies face numerous chal-
             tage                                             lenges in implementing an effective risk appetite state-
                                                              ment. Some executives believe it could limit their abil-
             Many companies view risk management as a way to  ity to pursue new opportunities, while others are con-
             increase their competitive advantage instead of sim-  cerned that a poorly worded statement might be mis-
             ply avoiding bad situations -- especially since the on-  interpreted as condoning unacceptable practices.
             slaught of the COVID-19 pandemic.

                                                              5. Panels of subject matter experts
             "Although many companies suffered economic losses
             during the pandemic," Valente noted, "we also saw  expedite risk assessment and re-
             many companies pivoting to new opportunities that
             did not exist before."                           sponse
                                                              Bringing all the risk information together is important,
             Valente's research team has been exploring the differ-  but experts are also required to make sense of it. En-
             ences between traditional chief risk officers (CROs)  terprises are increasingly using the GRC platform to
             who are laser-focused on minimizing risk and so called  create an informed network of subject matter experts
             transformational CROs who see risk management as a  for critical projects, Matlock said. When issues emerge
             competitive advantage -- examining how risks can in-  that span multiple departments, such as a security
             terfere with business strategy and limit revenue  incident involving IT, legal and HR, an appropriate
             streams.                                         panel of experts in those areas can quickly and auto-


                                                            4
   1   2   3   4   5   6   7   8   9   10   11