Today’s businesses operate in dynamic, distributed, and disruptive environments where the only thing certain is change. To maintain the integrity of the organization, as well as to drive strategy and performance, professionals in risk management need to relook at their programs, and determine if they are effectively designed to adapt to change and uncertainty to enable an organization to reliably achieve objectives in the midst of uncertainty. Today's organization has to be able to see individual risk (the tree) as well as the interconnectedness of risk (the forest) as it relates to organizational objectives and performance. This is important because what seems like a small disruption or risk exposure may, in combination with other risks, have a massive impact on performance.
The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent.” By that token, risk management has to be integrated and aligned with business objectives and performance management to truly add value.
A mature risk-management program does not operate in isolation from the business. A mature risk-management program is integrated with corporate performance, strategy, and objective management. This requires that the organization relate performance to risk, allows for multiple inputs impacting the risk environment from both internal and external contexts, and has a variety of ways to look at risk information to analyze, model, and relate risk back to performance and strategy.
This GRC Red Flag episode will look at how effective and mature risk management delivers:
Panel Discussion with special guests
GRC in the News