Top Takeaways From the Connected Risk Report

Top Takeaways From the Connected Risk Report

In today’s rapidly evolving and highly interconnected risk landscape, organizations must manage an unprecedented volume of emerging risks — spanning cybersecurity, AI, supply chain, third party, sustainability, and beyond — often without adequate resources.

Organizations must adopt an integrated approach to navigate complex risks effectively by connecting their key people, data, processes, and technology, an approach that we call connected risk.

AuditBoard and Ascend2 interviewed 514 information security, compliance, risk management, and internal audit professionals in the U.S., UK, and Ireland. Our research overwhelmingly revealed that traditional, siloed approaches to risk management are no longer sufficient for today’s risk needs. Additionally, while many organizations believe they are advancing in connected risk maturity, significant gaps exist between executive-level perception and operational realities. 

The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience examines the survey findings and shares guidance and connected risk quick wins for key roles in internal audit, risk management, information security, and compliance. 

Continue reading to explore top takeaways from our research, and download the report here for a deep dive into the full results and tailored guidance to jump-start connected risk at your organization. 

The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience

Connected Risk Maturity: A Disconnect Between Executives and Operational Teams

Nearly half of organizations are moving beyond basic risk management and working towards more cohesive practices. 42% of those surveyed report that ​​strategic risk management practices exist and there is strong collaboration and alignment across departments (Level 3). Over one-third report optimized risk management where teams, processes, data, and technology are fully integrated (Level 4). 

Connected Risk and Maturity Levels

Execs vs. Non-Execs: 40% of Executives report high levels of connected risk maturity compared to about 31% of Senior Leadership and managers, indicating a potential misunderstanding highlighting the need for better organizational alignment and communication to manage risks effectively.

Take Action: Unify stakeholders and build a stronger business case to ensure connected risk is a top organizational priority. Start by developing a strategic roadmap that aligns governance, risk, and compliance (GRC) roles and initiatives with process improvements and technology upgrades. This approach promotes resource efficiency and reduces complexity, addressing critical challenges in implementing connected risk strategies.

Data Silos Remain a Major Challenge Despite High Self-Reported Integration

86% of organizations report that data silos negatively impact risk management, while 42% claim to have high levels of data integration. This emphasizes the ongoing struggle with data silos in the era of big data and the importance of proper integration.

Connected Risk and Data Integration

Execs vs. Non-Execs: While 59% of executives report high levels of data integration, only 34% of non-executives share this view. This could be due to executives’ focus being geared toward large-scale data systems, such as data warehouses. At the same time, those in senior leadership and manager roles are more likely to experience the day-to-day challenges created by data silos.

Take Action: Data integration is critical for achieving a unified risk perspective. A connected risk approach advocates integrating data sources to enhance risk quantification and enable predictive analytics. Organizations with high levels of data integration are over 2x more likely to have full standardization across departments (56% vs. 25%), demonstrating the importance of connected risk systems in promoting uniformity. Implement organization-wide data governance policies and invest in systems that facilitate data standardization and sharing. This approach enhances the effectiveness of risk identification, assessment, and monitoring.

High Adoption of AI Amidst Significant Challenges

89% of organizations plan to use AI but face challenges like data privacy concerns and high costs, showcasing the balancing act organizations must perform to leverage AI benefits while mitigating associated risks.

Connected Risk and AI

Organizations that have integrated AI into their risk management processes are experiencing notable benefits. Two-thirds of those surveyed report improved efficiency, time savings, and better data analysis and insights. Over half of the respondents have experienced increased data accuracy and reliability and enhanced risk detection and mitigation. These benefits demonstrate AI’s potential to streamline risk management operations, allowing organizations to identify and address risks more effectively while reducing manual workloads.

Execs vs. Non-Execs: 74% of executives strongly agree that they fully understand how AI is used within their organization, compared to only 51% of all others. This heightened confidence may result from executives being unaware of unsanctioned or “shadow” AI being used.

Take Action: Invest in modern risk management technologies while addressing associated risks. Develop policies and controls to manage technology risks, ensuring that AI adoption aligns with organizational risk appetite and compliance requirements.

Plans to Increase Investment in Risk Management Technology

84% of organizations plan to boost budgets for risk management tech in the next two years. This reflects a broader trend of organizations recognizing the critical role of technology in managing modern risks.

Connected Risk and Technology

Execs vs. Non-Execs: There is a growing recognition that advanced risk management solutions are essential for staying competitive and safeguarding operations. Executives expect more increases in the coming years than senior leadership and managers, with 91% of executives expecting increased investment in risk management tech, compared to 81% of others. Those not prioritizing this investment now may find themselves falling behind later as the landscape continues to evolve, trending toward connected risk practices.

Ready to Advance Your Connected Risk Journey?

To dig deeper into these insights and get targeted guidance for foundational projects and quick wins to implement a connected risk approach in your organization, download the full report: The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience.

The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience
Tom

Tom O’Reilly is the Field Chief Audit Executive and Connected Risk Advisor at AuditBoard. In his role, Tom meets, collaborates, and shares internal audit and connected risk strategies and tactics with the AuditBoard community and customers to help improve the practice of internal audit and how second and third line functions work together. Connect with Tom on LinkedIn.

Richard

Richard Marcus, CISA, CRISC, CISM, TPECS, is VP, Information Security at AuditBoard, where he is focused on product, infrastructure, and corporate IT security, as well as leading the charge on AuditBoard’s own internal compliance initiatives. In this capacity, he has become an AuditBoard product power user, leveraging the platform’s robust feature set to satisfy compliance, risk assessment, and audit use cases. Connect with Richard on LinkedIn.