Analysts Answer: What's the Best Way to Plan for Risk?

May 15, 2017

Contributor: Kasey Panetta

Gartner analysts share why risk management activities and tying risk management to the organizations strategy are key in 2017.

Security leaders in 2017 are tasked with the challenging prospect of securing technology in a rapidly changing digital world.   Ahead of Gartner Security & Risk Management Summit 2017, Smarter With Gartner reached out to analysts presenting at the event to learn the best way to manage and plan for risk.

What’s the best way to manage and plan for risk in 2017?


In 2017, companies continue to struggle to manage IT, operational and strategic risks in an integrated way. As a result, today only 25% of companies view risk management as an important strategic tool. Gartner’s new approach, called integrated risk management (IRM), is keenly focused on bridging the gaps between specific risk management domains such as vendor risk management and business continuity. At the same time, IRM provides a way for companies to link risk and performance management to propel their businesses forward in a safe and secure manner.”    


The best way to manage risk in 2017 is to drive better decision making through your risk management activities. Address risk-engaged culture with your non-IT executives and get them involved. Stop any risk management activity that is essentially a time-wasting, paper-pushing process that delivers no value.


Short answer…ensure your risk management program is tied to the organization’s strategy and mission. Develop a strong working knowledge of the risk tolerances and how they impact the enterprise. Remember, without risk, there’s no reward.       JeffreyWheatman

Learn your business. Without a comprehensive understanding of your enterprise's strategy, goals and objectives, it is inevitable that you will be caught flat-footed and blindsided. Be a better and more effective communicator — the old approaches of purely quantitative risk communication don’t work. Leverage risk perception and sentiment. Remember that risk management is another business discipline. If we act like what we do is magic, we won’t be invited to the important meetings.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.