Gartner Blog Network

How a “PRACtical” Approach to Risk Management Will Aid COVID-19 Recovery Efforts

by John A. Wheeler  |  September 15, 2020  |  Submit a Comment

The global economic downturn associated with the COVID-19 pandemic is often compared to the last one known as the “Great Recession”. While there certainly are some similarities, one of the most significant differences is how the economy recovers. The Great Recession required a reconstruction of our financial services infrastructure to address the opaque, complex nature of the global securities marketplace. However, the COVID-19 recovery will be grounded in how business operations in industries as varied as manufacturing, transportation, retail, healthcare, life sciences, energy, etc. re-start safely and soundly.

As the recovery efforts fully take hold in 2021, a deep understanding of the integrated nature of risks associated with business operations will take center stage. Those businesses that employ a “PRACtical” approach utilizing integrated risk management (IRM) will be in the best position to recover quicker and more successfully.

A “PRACtical” Approach Provides a Balanced View of Risk

So, what is a “PRACtical” approach? It is simply a balanced view of risk focusing on the following four business objectives – better Performance, stronger Resilience, greater Assurance and more effective Compliance – see figure below.

Integrated Risk Management - PRAC objectives and use case domains


While this seems relatively straightforward, many businesses place greater focus on one of the four objectives at the expense of the others. For example, boards of directors often have looked to enterprise risk management (ERM) to guide their risk oversight duties. Unfortunately, ERM tends to focus primarily on assurance (in other words, assuring that the right risks are addressed in the right way) only at a strategic level. That leaves board members with significant blind spots across the other three objectives.

It is this single-minded approach that prevents the businesses from predicting how risks will be manifested in their day-to-day operations. Not surprisingly, global professional services firm EY reported earlier this year that 87% of boards do not believe that ERM is highly effective at providing predictive insights – see figure below.

EY Global Risk Survey - 2020


IRM Technology Improves ERM

IRM technology is designed to improve ERM and its ability to provide predictive insights across the four “PRACtical” business objectives. Essential to IRM is its ability to vertically integrate key risk indicators (KRIs) that support related business outcomes, processes and technology assets.  By linking risk metrics in this way, businesses have a broader and deeper understanding of their internal policy and procedure effectiveness in delivering successful products and services to their customers – see figure below.

PRACtical IRM approach

Many may argue, including this author, that the lack of an integrated view of risk across the four “PRACtical” business objectives is a key reason why ERM fails to deliver critical insights. To learn more about how IRM technology can better inform a “PRACtical” view of risk, please explore my related blog posts on the Gartner Blog Network (non-Gartner subscribers) or read my latest research publication “Technology Outlook for Integrated Risk Management” (Gartner subscribers only).

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Tags: cybersecurity  enterprise-risk  enterprise-risk-management-2  grc  grc-software  integrated-risk-management  irm  legal-risk-2  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.