Blog

Business-Integrated Risk: How Complexity is Driving a New GRC Normal

Business integrated risk - Blog banner

KPMG’s 2024 future of risk paper1, found that almost two thirds of executives surveyed recognize that the level of risk facing firms in the near future will rise dramatically as will their responsibility and accountability for managing those risks. Likely sources of increased risk management include regulation, cyber and technology risk, geopolitical and social risk, and the multidimensional risk of AI.

So how should organizations adapt to ensure they keep pace?

Whilst the maturity of the first line of defense in risk management has undoubtedly evolved, it has not evolved at the same pace as the risk environment. Owe-Lie Bjelland, Director of GPRC at Corporater acknowledges that in many cases, “complexity has accelerated to the point where the challenges of the contemporary business context have outgrown the capabilities of the organization’s GRC program”.  Risks often shape-shift and crystallise too rapidly for a static GRC program which is reviewed and updated once a year and which manages and reports only on point in time risk.

Risk Management is a much more complex and fluid concept than ever before and therefore GRC programmes require greater business integration than ever before to create meaningful context.  One risk event triggers another risk event which compounds to create a material impact and results in a company performance issue (e.g. supplier failure + service outage = reputational damage + impact to company performance and objectives).

To try and meet this challenge head on, firms are looking for an evolution in the way that risk is assessed, viewed, and managed and the conversation around holistic, business integrated, Risk Management is growing louder, particularly for firms operating in the enterprise space.  Indeed, the same KPMG report highlights that over 70% of risk leaders feel that “the integration of systems, domains and processes can significantly enhance the effectiveness of risk-related decision making.

Business Integrated Governance, Performance, Risk, and Compliance

According to Wheelhouse Advisors’ 2024 Navigators2 report, Integrated Risk Management is a holistic linkage of Enterprise Risk Management (ERM), Operational Risk Management (ORM), Technology Risk Management (TRM), and Governance, Risk, and Compliance (GRC).  In their article Next Generation GRC: Business-integrated/aligned GRC3, GRC20/20 explores a similar concept but goes even further by linking integrated GRC to business performance, stating that, “[a business integrated] approach isn’t just about meeting compliance requirements but embedding the essence of GRC into the very fabric of business processes, thus enabling an organization to dance in rhythm with the dynamic beat of the market”.

This holistic linkage enables firms to assess impact and manage risks both individually and collectively outside of traditional risk domain silos.  Corporater formalises these concepts with our GPRC software platform, which links risk management to governance, compliance, and business performance (i.e. objectives and corporate strategy).

For practitioners, function heads and business leaders faced with thousands of individual siloed risks, an integrated approach creates a holistic view of risks and crucially, links that to business objectives. By increasing risk visibility in this way on material and interconnected risks it promotes clarity on what really matters to the business (i.e. performance, achieving goals and objectives).  Removing siloes and creating clarity improves reporting, gets GRC functions speaking business language, reduces frustration with duplicated effort and harmonises data across the integrated programme.  Perhaps most importantly, an integrated approach reduces the total cost of ownership for risk management programmes and increases accountability of risk owners.

To understand the linkages and relationships between risks and organisational objectives, a successful integrated risk programme requires a technology solution.  As stated in the KPMG report “Building trusted organizations requires an integrated platform that addresses every type of risk, with common data architecture and systems as an ”ERP for risk,” delivering a consistent view of risks.”

Firms should consider the below criteria as a starting point for a technology to support these aims:

  • Easily configurable to ensure the tool can evolve alongside the programme.
  • The capability to view risks through multiple lenses, from a single asset, product, or service to an aggregated view across departments, entities, and geographies.
  • Powerful data integration capabilities to import and export data to and from a variety of sources, such as spreadsheets, CMDB, Supplier systems, cyber tools at an appropriate cadence.
  • Provide data analysis and meaningful reporting and business insights.
  • To promote uptake of an IRM programme, a tool will work best if it can be designed to reflect existing internal risk assessment or management processes across all integrated domains, and enable their evolution.

Corporater is a global leader in software solutions for Governance, Risk, and Compliance (GRC) along with Performance Management (jointly addressed as GPRC)and has promoted the need for firms to develop a business integrated approach for many years.  Integrated Risk Management it is a foundational capability in Corporater’s software platform for GPRC, allowing firms to integrate relevant risk domains.

Corporater has been endorsed by globally recognised GRC industry analysts.  Wheelhouse Adviserst4 places Corporater in the global Top 10 for Integrated Risk Management, GRC20/20 recognises Corporater as a “next-generation business management platform focusing on governance, performance, risk management, and compliance,” and Gartner identifies5 Corporater as a Representative Vendor for GRC for Assurance Leaders.

An integrated Risk Management programme presents a clear opportunity for organisations to evolve risk management in an increasingly uncertain environment, spread “risk ownership across the organization,” and support business leaders to “build risk into their strategy and make it part of their everyday thinking.”

About Corporater

Corporater is a leading global provider of enterprise software solutions for Governance, Performance, Risk, and Compliance (GPRC) management. With more than 20 years of experience, innovation, and customer satisfaction, Corporater empowers medium and large organizations to achieve their objectives for effective GRC and Performance programs. Whether traditional GRC challenges such as enterprise risk management, internal control system, IT risk, incident management, and Internal Audit or emerging challenges such as ESG or operational resilience, Corporater can deliver an integrated system on one platform. Visit corporater.com or follow us on LinkedIn.

References:

1 https://kpmg.com/xx/en/our-insights/risk-and-regulation/future-of-risk.html#accordion-f627e624d2-item-733bf43c51

2 https://www.wheelhouseadvisors.com/risktech-journal/why-fortune-500-companies-are-turning-to-irm-to-tackle-ai-risks-head-on

3 https://grc2020.com/2024/04/11/next-generation-grc-business-integrated-aligned-grc/

4 https://www.wheelhouseadvisors.com/irm-navigator-reports/p/irm-navigator-annual-viewpoint-report

5 https://www.gartner.com/doc/4677799

Subscribe to Corporater Newsletter
Subscribe Now