As the risk landscape evolves, organizations need a holistic, integrated risk management (IRM) strategy that emphasizes a cross-departmental, consistent view of business risks across the organization. In this article, two leaders from Deloitte, Jared Maslak (Senior Manager) and Ryan Crossan (Manager), share their thoughts on the key components of a successful IRM transformation.
Centralize Business Risk Activities
An IRM approach can help your organization prioritize efficiency, develop deep insights, and improve response times to risk events. The goal is to achieve a strategy that automates and enables risk management across risk areas. Once this has been achieved, risk and control information flows through the organization with coordinated oversight. To reach this point, data must be standardized, aggregated, and centralized. This enables efficient analysis and general consumption.
Technology Strengthens IRM
A single-pane-of-glass approach with purpose-built technology is critical to support your IRM transformation. The priority is to elevate communication and information sharing with seamlessly integrated end-to-end workflows. Once you’ve eliminated siloes and established strong communication, it’s time to use this technology to facilitate engagement among stakeholders. Jared Maslak recommends, “Make sure you have a diverse team of stakeholders around you, not from only the business side, but from the technical side as well. You need people who can help you understand what information is required and how to get to the information in a meaningful way.”
IRM Transformation Process
Prioritizing integrated risk management takes a strong strategy. Ryan Crossan recommends, “Identify your pain points and vision for the future first. You need to understand where you are now compared to your goal of a mature IRM program. Next, you develop a strategy with that vision in mind. Then, you identify the stakeholders you need to have involved in this process from different teams and from the executive level to help ensure a cohesive strategy within the organization. Finally, mobilize the process with in-house and third-party assistance needed to help you deliver this journey.” Simply put, IRM also involves change management. You’re transforming how people work, think, and interact with technology. It’s an essential step to make decisions in today’s fast-paced modern risk landscape.
Strong Governance and Executive Sponsorship
To achieve a truly collaborative transformation, an IRM journey requires input from many different stakeholders. That’s why strong governance and executive sponsorship are key. To start, focus on defining objectives with a clear roadmap.
Start by working backward from your end goal. For instance, you may need to help audit committee executives view insights into risk and controls. In that case, the next step is to determine what information may have the most impact, identify where the data resides, and then automate data gathering and analysis.
Starting the IRM Journey
An IRM transformation may seem overwhelming at first. Remember that choosing a starting point and taking one step at a time is important. Start by first understanding the organization’s process universe. Then, identify the core data you need. This will help you understand potential targets for integration and key players while narrowing down information sources. This integrated management approach can help your organization evolve in a shifting landscape, outpace competitors, and identify vulnerabilities.