Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organizational risk profiles in at least four key areas, according to Gartner, Inc.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, vice president with the Gartner Risk and Audit Practice. “As ERM leaders reassess their organizational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
Gartner has identified four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues:
- Talent Risk – While organizations’ first order of business is to address the health and safety of employees directly affected by the war, Shinkman noted there are many second and third order effects that could impact employee well-being at this time. Employees across the globe could have family and close friends at risk in the region. Internal communications addressing employee well-being and outlining counselling services will need to be carefully calibrated and distributed at a higher frequency. At an organizational level, talent risks can manifest through productivity constraints in the affected region, as well as disrupting access to the large amount of IT talent concentrated in the countries impacted by the war.
- Cybersecurity Risk – The potential for increased cybersecurity attacks during this time means that the frequency of tabletop exercises should be increased, as well as ongoing review of protocols to defend against ransomware and other malware attacks. Gartner research previously identified new models of ransomware that defy typical mitigation strategies as a key emerging risk impacting organizations. As a result, Shinkman said it’s more critical than ever for ERM leaders to lead the business in clearly defining their high-value assets and have a response plan in place so that triage and decision-making are not made on the fly during an attack.
- Financial Risk – In the event of direct financial exposure to Russia, ERM leaders should be in close communication with third-party service providers on how best to provide and receive alternative payments that do not violate current sanction policies. Beyond direct exposure to the region, the war is likely to continue to raise key commodity prices and be a driver of inflation. As a result, financial models for raw materials will need more frequent updates, while currency and interest rate impacts will likely be more volatile this year. ERM leaders should coordinate with peers across assurance functions to analyze financial risk information and prepare mitigation strategies at more frequent intervals in this environment.
- Supply Chain Risk – ERM leaders should ensure that their organizations have updated supplier contingency plans in place that reflect the current environment. Supply chain risk should be freshly evaluated and efforts made to identify and limit any individual supplier dependency. Longer-term, ERM leaders should lead discussions on how their organizations will cope with the potential for key materials shortages, higher expenses, and assess alternative logistics options for obtaining materials and critical components.
More detailed analysis is available to Gartner clients in the full report: Responding to the Russian Invasion of Ukraine: A Guide for Audit and Risk Leaders.
Nonclients can read more in: Resources for Executives and Their Teams Amid Russia’s Invasion of Ukraine
About Gartner for Legal, Risk & Compliance Leaders
Gartner for Legal, Risk and Compliance Leaders provides expert guidance and tools to help leaders across legal, risk, audit and compliance departments more effectively manage an increasingly complex risk landscape and build next-generation functions. Additional information is available at gartner.com/en/audit-risk and gartner.com/en/legal-compliance. Follow news and updates on LinkedIn and Twitter.