Integrated Risk Management (IRM) technology is uniquely suited to address the myriad of risks arising from the current crisis and future COVID-19 recovery. Gartner’s 2020 expanded coverage of IRM use cases (see figure below) coincides with rapidly evolving customer demands linked to crisis response and recovery efforts. These efforts demonstrate the rising need for an integrated approach to risk management and highlight the following four IRM market trends.
1. IRM buying center continues shift from IT leaders to business leaders
As more businesses are maturing their risk management practices, the buying center for IRM is shifting. This is primarily driven by an increasing need to better understand the tactical view of technology risks in a strategic business context. In 2019, Gartner saw a 36% increase in IRM client inquiry by business leaders. In addition, 73% of the more than 760 IRM client interactions in 2019 were business leader focused.
This heavy focus on business leaders is a key reason why Gartner’s IT Leaders analyst group selected to suspend the IRM Magic Quadrant in 2020. The analysts who authored last year’s 2019 IRM Magic Quadrant are now focused on IT security buyers who are no longer well positioned as IRM buyers. As Gartner grows its coverage of IRM and related risk management technology in other parts of the research organization, the publication of the IRM Magic Quadrant may be resumed.
2. The current crisis is operationally-centered
Unlike the 2008-2009 Great Recession that was financially-centered in its origin and resolution, the COVID-19 crisis is operationally-centered. This means that the economic impacts from this crisis are driven by a break-down in business operations due to health-related closures. The financial stimulus provided by governments around the globe are merely a bridge to the other side of the crisis – business operations recovery. Once recovery begins, IRM will provide visibility of interconnected risks (i.e. third-party, digital, business continuity, health & safety, legal and ethics & compliance risks) businesses must navigate to succeed.
3. Risk visibility is needed vertically through the enterprise, not just horizontally
This risk visibility is needed both horizontally across the organization (as seen in most enterprise risk management (ERM) programs) and vertically down through the organization (see figure below). A single view of the key linkages between strategic, operational and technology risks will be needed to re-start business operations as the workforce slowly transitions back to full speed.
4. Digital transformation is rapidly becoming a “must have” for businesses
As we all now know, digital transformation is now a “must have” not only for future competitiveness and growth, but also for survival. The entire business world is now relying on digital operations to maintain business continuity in this crisis. This shift will not fade as we recover. It will remain as a new way of conducting business in a cost-optimized, more efficient environment. As such, management of digital risks in an integrated way will become a top priority for businesses.
These are trying times for business leaders and their organizations. The only way through this crisis is to increase our degree of certainty in a highly uncertain world. That is what IRM is designed to help organizations do. If you want to learn more, please read my latest research publication, “Why Leading Technology Providers Have Shifted From GRC to IRM” (Gartner subscription required).
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: audit-and-risk enterprise-risk-management-program-management risk-coverage risk-response-strategies
Tags: digital-risk-2 enterprise-risk-management-2 erm gartner integrated-risk-management irm operational-risk risk-management vendor-risk
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.