In today’s fast-paced digital risk landscape, technological advancements quickly render traditional siloed approaches to compliance and risk management obsolete. Organizations must now recognize the interconnected nature of risks to provide a resilient defense against potential threats.
I recently had the privilege of speaking with HubSpot’s Miryam Ormond (Senior Director and Head of Internal Audit), Angela Hainsworth (Director of Enterprise Risk Management), and Patrick Helmes (Senior Manager and Head of Compliance Assurance) about how they are revolutionizing their risk management strategies, aligning people, processes, and technology across the enterprise to navigate complex regulatory environments and mitigate emerging threats. I’d like to highlight some of the best practices they shared to help fellow audit, risk, and compliance leaders better collaborate to get ahead of today’s interrelated risk ecosystem.
Understanding Risks Within Context
Risk management doesn’t happen in a vacuum. Hainsworth aptly noted, “Risk management is not managing a list of risks; it’s solving business problems.” This perspective underscores the necessity of understanding risks not as isolated incidents but as integral parts of the business landscape that require comprehensive solutions. Measuring risks effectively and providing a consistent visualization of these risks are crucial steps in the right direction. By doing so, organizations can better understand potential threats and their implications on business operations.
Cultivating Collaboration and Communication
For a connected risk approach to be successful, the organization should establish frameworks that empower seamless communication and synergy among teams. Centralizing and aggregating critical data allows for more efficient reporting of key business findings to executive leadership teams. A centralized data repository ensures all relevant information is accessible, promoting transparency and informed decision-making. However, a connected risk strategy goes even further by unifying risk terminology, sharing workflows, and combined reporting. In turn, this allows more time to be spent by risk teams to surface more risks, help increase frontline ownership of those risks, and improve team efficiency.
As Ormond pointed out, “A good place to start the connected risk strategy is alignment on key risk indicators (KRIs). This alignment ensures that the organization can effectively measure and manage risks, providing a clear picture of the risk landscape and the effectiveness of control measures.” Helmes adds, “Understanding control maturity is also vital, as it helps organizations become comfortable that a risk is well controlled and allows for continuous improvement in risk management practices.”
Overcoming Challenges to Connected Risk
Despite the clear benefits, several obstacles can hinder the adoption of a connected risk approach. Hainsworth notes, “Many organizations are inherently designed to operate in silos, which can impede the development of a unified risk management strategy.” Building relationships across departments is crucial to overcoming this barrier.
Another significant challenge is the stigmatization of risk management. Helmes emphasizes, “Organizations need to destigmatize the audit, risk, and compliance functions, presenting assurance as a value differentiator rather than a burdensome requirement.” Demonstrating the tangible value assurance functions provide can help shift perceptions and garner broader organizational support.
Ormond highlights additional challenges, stating that “Nearly all organizations will need to contend with the potential lack of executive buy-in and insufficient resources, including time and priorities.” This mismatch between increasing risk demand and insufficient risk management capacity creates a risk exposure gap — and addressing these issues requires clear communication of the benefits of a connected risk approach and strategic allocation of resources to support its implementation.
From Silos to Connected Risk
As HubSpot has demonstrated, thriving in this complex environment requires organizations to adopt a modern, cross-functional, connected risk approach. A connected risk strategy aligns teams across the enterprise, breaking down silos and fostering a culture of collaboration, accountability, and continuous improvement. Helmes summarizes the situation by saying, “Risk management is a team sport that everyone in the organization should play.” A holistic approach enhances the organization’s ability to make informed, risk-based decisions and effectively fosters collaboration across the business. By breaking down silos and fostering a culture of collaboration and continuous improvement, HubSpot is positioning itself to navigate the complexities of the modern business environment more effectively.
Looking Ahead to Cultivate a Culture of Collaboration
The interconnected nature of risks in today’s digital landscape necessitates a shift from traditional siloed approaches to a more integrated, connected risk management strategy. HubSpot’s experience demonstrates that organizations can create a more resilient defense against potential threats by aligning people, processes, and technology.
Cultivating a culture of collaboration, accountability, and continuous improvement, alongside addressing challenges such as organizational silos and stigmatization of risk management, are crucial steps in this journey. As more organizations recognize the value of a connected risk approach, they will be better equipped to navigate the complexities of the modern business environment, secure their operations, and scale their businesses effectively. HubSpot’s unified approach to optimizing its assurance teams is a blueprint for others who aim to enhance their risk management practices and achieve long-term success.
Tom O’Reilly is the Field Chief Audit Executive and Connected Risk Advisor at AuditBoard. In his role, Tom meets, collaborates, and shares internal audit and connected risk strategies and tactics with the AuditBoard community and customers to help improve the practice of internal audit and how second and third line functions work together. Connect with Tom on LinkedIn.