Blog post

How a “PRACtical” Approach to Risk Management Will Aid COVID-19 Recovery Efforts

By John A. Wheeler | September 15, 2020 | 0 Comments

Technology and Emerging TrendsRisk ManagementIRMintegrated risk managementEnterprise risk management

The global economic downturn associated with the COVID-19 pandemic is often compared to the last one known as the “Great Recession”. While there certainly are some similarities, one of the most significant differences is how the economy recovers. The Great Recession required a reconstruction of our financial services infrastructure to address the opaque, complex nature of the global securities marketplace. However, the COVID-19 recovery will be grounded in how business operations in industries as varied as manufacturing, transportation, retail, healthcare, life sciences, energy, etc. re-start safely and soundly.

As the recovery efforts fully take hold in 2021, a deep understanding of the integrated nature of risks associated with business operations will take center stage. Those businesses that employ a “PRACtical” approach utilizing integrated risk management (IRM) will be in the best position to recover quicker and more successfully.

A “PRACtical” Approach Provides a Balanced View of Risk

So, what is a “PRACtical” approach? It is simply a balanced view of risk focusing on the following four business objectives – better Performance, stronger Resilience, greater Assurance and more effective Compliance – see figure below.

Integrated Risk Management - PRAC objectives and use case domains

 

While this seems relatively straightforward, many businesses place greater focus on one of the four objectives at the expense of the others. For example, boards of directors often have looked to enterprise risk management (ERM) to guide their risk oversight duties. Unfortunately, ERM tends to focus primarily on assurance (in other words, assuring that the right risks are addressed in the right way) only at a strategic level. That leaves board members with significant blind spots across the other three objectives.

It is this single-minded approach that prevents the businesses from predicting how risks will be manifested in their day-to-day operations. Not surprisingly, global professional services firm EY reported earlier this year that 87% of boards do not believe that ERM is highly effective at providing predictive insights – see figure below.

EY Global Risk Survey - 2020

 

IRM Technology Improves ERM

IRM technology is designed to improve ERM and its ability to provide predictive insights across the four “PRACtical” business objectives. Essential to IRM is its ability to vertically integrate key risk indicators (KRIs) that support related business outcomes, processes and technology assets.  By linking risk metrics in this way, businesses have a broader and deeper understanding of their internal policy and procedure effectiveness in delivering successful products and services to their customers – see figure below.

PRACtical IRM approach

Many may argue, including this author, that the lack of an integrated view of risk across the four “PRACtical” business objectives is a key reason why ERM fails to deliver critical insights. To learn more about how IRM technology can better inform a “PRACtical” view of risk, please explore my related blog posts on the Gartner Blog Network (non-Gartner subscribers) or read my latest research publication “Technology Outlook for Integrated Risk Management” (Gartner subscribers only).

Leave a Comment