Risk management programs must address a widening array of IT threats associated with digital business.
Organizations are experiencing risks that have actually translated into significant operational surprises, and it is becoming more challenging to forecast critical risks. Siloed risk management programs are no longer effective. Integrated risk management (IRM) is key.
John Wheeler, research director at Gartner, advises security and risk management leaders to implement IRM during his presentation at the Gartner Security & Risk Management Summit in National Harbor, MD this week.
What is IRM?
Many organizations are good at domain-specific risk management, but they struggle to harmonize the three key pillars of a successful security and risk management program: a strong framework, metrics and systems. IRM can remedy this challenge.
“IRM is a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks,” says Wheeler.
IRM encompasses a holistic analysis of internal and external risk factors. Successful organizations design a framework that seamlessly connects risks at a strategic, operational and IT level. “To understand the full scope of risk, organizations require a comprehensive view across all business units and risk and compliance functions, as well as key business partners, suppliers and outsourced entities,” says Wheeler.
Wheeler says to think about IRM like a road trip. A GPS maps the route and shows progress and a vehicle enables you to reach your destination. Similarly, a framework maps an organization’s risk, metrics measure progress and systems drive an organization to meet their goals. Security and risk management leaders can take these four steps to develop an IRM program to bridge the gap between enterprise risk, technology risk and digital risk:
- Develop an effective framework that is unique to the organization’s risk profile
- Employ metrics to identify how risk influences the behavior and ability of individuals to achieve the organization’s goals
- Use a pace-layering methodology to design, implement and integrate risk management systems
- Grow the maturity of an organization’s risk management disciplines to mitigate future digital business risks
Gartner predicts, by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities, and that the IRM solutions market will grow to $7.3 billion by 2020.
Why is IRM important?
Gartner predicts, by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities, and that the IRM solutions market will grow to $7.3 billion by 2020. Digitized organizations are prioritizing the need for risk management programs that alleviate IT security threats.
“Key decision makers are increasingly focused on major operational risks across the extended global organization. Security and risk management leaders need to manage the diversity of these extended risks with an integrated approach to risk management,” says Wheeler.
Security and risk management leaders need to evolve their risk thinking. Adopting a risk management program that addresses the threats associated with digitization is imperative. They should implement an IRM solution to meet the demands of digital transformation and move their organization forward in a safe, profitable way.
Gartner clients can learn more about the state of risk management in Top 10 Factors for Integrated Risk Management Success and Risk Management Program Primer for 2017, by John Wheeler, et al.
Visit the Gartner Digital Risk & Security hub for complimentary research and webinars.
Gartner Security & Risk Management Summits
Attend a global Gartner Security & Risk Management Summits.Explore Gartner Events
2019 Planning Guide Overview: Architecting Your Digital Ecosystem
Technical professionals are confronting increasingly complex technology ecosystems. They must overcome this complexity to create solutions...Read Free Research
The Top IoT Technologies That Will Disrupt Your Enterprise
The Internet of Things (IoT) is generating the most rapid technology evolution and disruption the industry has seen in many years. IoT...Start Watching