Originally published in NAVEX Global's Top 10 Risk & Compliance Trends for 2021 eBook. You can download the full eBook here.
In the last five years, integrated risk management (IRM) has gone from buzzword to practice. The primary driver of IRM across industries is uncertainty. IRM mitigates uncertainty and improves business decision making by integrating risk intelligence with business intelligence.
And 2020 was the year of uncertainty.
- IRM is a process that improves decision-making and enhances business value by integrating risk intelligence into activities across the enterprise, such as strategic planning and strategy execution, investment decision making, project portfolio management, enterprise performance management, third party performance management, and information governance.
- Risk intelligence is risk data or information that is applied through IRM initiatives to business activities beyond risk management, compliance, audit, and other defensive programs.
Over the next year, organizations will re-direct some GRC-related resources from compliance to a risk-focused approach that supports strategic and operational decision making. This shift will be accompanied by increased investments in the collection and analysis of real-time risk intelligence, enabling companies to better identify and respond to rapidly changing events and more fully embrace IRM practices and processes. However, businesses should not mistake this as a return to normalcy.
It is tempting to view 2020 as an anomaly, a self-contained series of chaotic circumstances that can be fixed and forgotten. However, a STEEP analysis (social, technological, economic, environmental, and political) of the current business environment highlights persistent factors of uncertainty that will continue to drive change and impact businesses in the coming years:
Organizations will direct GRC-related resources from compliance to a risk-oriented approach, to support strategic and operational decision making: such as increased investments in the collection and analysis of real-time risk intelligence.
Around the world, social unrest has escalated to levels that are unprecedented in the last 50 years, and there is no resolution in sight.
Social media has made it easy for anyone to capture and share unfiltered opinions and events and promote real and fake news. Big Tech has come under fire for anti-competitive practices, and many tech companies face increasing scrutiny from lawmakers and regulators over the next several years.
Perhaps at no time since the Great Depression has economic uncertainty been higher. COVID-19 lockdowns, followed by government and bank interventions, have caused national economies to whiplash from crash to recovery with swings of annualized 30% of GDP or more. National debt and central bank debt portfolios have swollen to unprecedented peacetime levels. Some industries will never recover fully, and small business failures are accelerating.
Extreme recent environmental events have given new urgency to the issue of climate change, while governments struggle to balance health and safety needs against the negative economic effects of COVID shutdowns. With effective vaccines, COVID-19 should be under control by year-end 2021; climate change, however, will not.
In many democracies, political polarization and populism have increased over the last few years, creating an environment conducive to nationalism. While the uncertainties facing society, business, and government have been building for over a decade, in the past they have occurred in waves that peaked at different times.
The events of the past year led all STEEP uncertainties to peak simultaneously. Though that may not happen again soon, these uncertainties remain, and boards and senior executives are demanding better risk intelligence to support effective business decision making.
Steps You Can Take
Successful risk management and compliance leaders will respond to the demands for better risk intelligence by revamping their programs to support traditional compliance and audit-related activities and enable business decision-making with ongoing risk intelligence.
Fortunately, many of the basic processes are already in place, including frameworks that provide best practices guidance; ISO 31000 provides strategy and business-oriented guidance for IRM initiatives. Compliance leaders looking for a framework that already aligns with their controls-oriented activities can complement ISO 31000 with the COSO Enterprise Risk Management framework.
Collaborating with strategic planners is a good place to start with IRM. But don’t stop there. Risk management principles advance and secure many areas of business: new product development, third-party risk management, and even help companies avoid reputational damage and the impact of political upheaval.
Now that integrated risk management is mainstream, make 2021 the year to start or expand your IRM initiatives.