Blog post

How a “PRACtical” Approach to Risk Management Will Aid COVID-19 Recovery Efforts

By John A. Wheeler | September 15, 2020 | 0 Comments

Technology and Emerging TrendsTech and Service ProvidersSecurity and Risk Management LeadersRisk ManagementLegal and ComplianceIRMintegrated risk managementEnterprise risk managementAudit and Risk

The global economic downturn associated with the COVID-19 pandemic is often compared to the last one known as the “Great Recession”. While there certainly are some similarities, one of the most significant differences is how the economy recovers. The Great Recession required a reconstruction of our financial services infrastructure to address the opaque, complex nature of the global securities marketplace. However, the COVID-19 recovery will be grounded in how business operations in industries as varied as manufacturing, transportation, retail, healthcare, life sciences, energy, etc. re-start safely and soundly.

As the recovery efforts fully take hold in 2021, a deep understanding of the integrated nature of risks associated with business operations will take center stage. Those businesses that employ a “PRACtical” approach utilizing integrated risk management (IRM) will be in the best position to recover quicker and more successfully.

A “PRACtical” Approach Provides a Balanced View of Risk

So, what is a “PRACtical” approach? It is simply a balanced view of risk focusing on the following four business objectives – better Performance, stronger Resilience, greater Assurance and more effective Compliance – see figure below.

IRM Objectives and Use Cases


While this seems relatively straightforward, many businesses place greater focus on one of the four objectives at the expense of the others. For example, boards of directors often have looked to enterprise risk management (ERM) to guide their risk oversight duties. Unfortunately, ERM tends to focus primarily on assurance (in other words, assuring that the right risks are addressed in the right way) only at a strategic level. That leaves board members with significant blind spots across the other three objectives.

It is this single-minded approach that prevents the businesses from predicting how risks will be manifested in their day-to-day operations. Not surprisingly, global professional services firm EY reported earlier this year that 87% of boards do not believe that ERM is highly effective at providing predictive insights – see figure below.

EY ERM Board Insights


IRM Technology Improves ERM

IRM technology is designed to improve ERM and its ability to provide predictive insights across the four “PRACtical” business objectives. Essential to IRM is its ability to vertically integrate key risk indicators (KRIs) that support related business outcomes, processes and technology assets.  By linking risk metrics in this way, businesses have a broader and deeper understanding of their internal policy and procedure effectiveness in delivering successful products and services to their customers – see figure below.

PRACtical IRM approach

Many may argue, including this author, that the lack of an integrated view of risk across the four “PRACtical” business objectives is a key reason why ERM fails to deliver critical insights. To learn more about how IRM technology can better inform a “PRACtical” view of risk, please explore my related blog posts on the Gartner Blog Network (non-Gartner subscribers) or read my latest research publication “Technology Outlook for Integrated Risk Management” (Gartner subscribers only).

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed