Blog post

Without a Solid Foundation, Risk Management Is Doomed

By John A. Wheeler | August 23, 2015 | 0 Comments

Technology and Emerging TrendsTech and Service ProvidersStrategic riskSecurity and Risk Management LeadersRisk ManagementOperational risk managementGRCEnterprise risk managementDigital riskCyber securityCyber riskAudit and Risk

This week, I’m in Sydney at our 2015 Gartner Security & Risk Management Summit speaking about Integrated Risk Management Solution (IRMS) strategies. Many companies are looking to RMS technology to enable their cyber risk management programs, particularly in Australia. For example, the Australian Securities & Investments Commission (ASIC) published guidance earlier this year for its regulated entities to bolster their cyber risk management practices. Here’s how ASIC describes the purpose of the guidance:

“It is intended to help our regulated population improve their cyber resilience by increasing their awareness of cyber risks, encouraging collaboration between industry and government, and identifying opportunities for them to improve their cyber resilience. It also aims to identify how cyber risks should be addressed as part of current legal and compliance obligations that are relevant to ASIC’s jurisdiction.”

To undertake this guidance, Australian companies will most certainly look to IRMS to help. However, based on our numerous client interactions, it is clear that many firms are either investing in IRMS before they have designed their risk management program or simply “cherry picking” solutions for specific risk management needs with no clear IRMS strategy. In both cases, the result is a weak or non-existent IRMS software platform that cannot produce a comprehensive understanding of an enterprise’s cyber risk profile.

So, how can companies create a solid foundation for IRMS? I will be exploring the Market Guide report plus our Magic Quadrant for Operational Risk Management with our Sydney Summit attendees this week. I’m sure we will be discussing the implications for meeting the ASIC guidance with IRMS technology. I’m looking forward to hearing how Australian companies are addressing these challenges to become more resilient.



The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed