Insights /
Audit and Risk /

3 Ways to Stop Risks From Falling Through the Cracks

December 27, 2019

Contributor: Rob van der Meulen

Assurance teams that are not aligned may miss gaps in their risk management processes and corporate compliance.

Every day, sources of risk seem to proliferate. Assurance teams are under pressure to perform risk management and ensure corporate compliance under tight budgetary constraints. One way to do more with less is to coordinate risk assessments across assurance functions.

“Good coordination between functions makes risk management simpler,” says Cindy Zhang, Specialist, Research at Gartner. “First, risk leaders can be more confident that risks aren’t slipping through the cracks between functions, but it’s also important not to waste resources and organizational goodwill on duplicated work.” 

To help assurance leaders coordinate their risk management strategies, Gartner recommends three tools to get started.

Aligned assurance calendar

This is a simple step in today’s cloud-enabled world, but few assurance functions to date use shared calendars to increase the visibility of each function’s risk activities. If each function uses a shared calendar, color-coded for clarity, potential overlaps and synergies will surface more easily. 

For example, you might notice that both compliance and privacy plan to send out risk surveys in the same month. Why not combine them into a single survey? The burden on the overall workforce is reduced. It should also boost the survey response rate while encouraging two distinct assurance functions to collaborate with each other. 

Risk coverage quality mapping

It’s important to have a way to confirm who “owns” risk across an organization and what that coverage looks like. This enables assurance teams to target their efforts toward areas in which risk ownership or corporate compliance is patchy or lacking.

To this end, assurance functions should work together to create a risk map in which they identify each major risk and score its coverage from 1 to 5. A “5” means the function is concentrating resources to mitigate that risk. A “1” indicates that the function is only conducting a high-level review. By collaborating to score risk coverage in this way, assurance functions can more easily monitor and control risks consistently across the organization.

Calibration of risks across assurance

This is all about making sure that each function is aware of what others are  doing in assurance. Start by having each function work separately to rank their top risks and what they are doing about them. Then bring the teams together to explain their rankings and discuss any differences.

This enables assurance functions to collectively create an integrated risk management process, which can save hundreds of hours of duplicated work. Moreover, these functions can improve overall risk management and present a unified message to stakeholders. It can also help to address questions the board of directors will inevitably ask of assurance.

Experience Gartner Conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.