Enterprise risk management (ERM) professionals say they face multiple emerging challenges relating to the ongoing digitalization of organizations. These challenges involve digitalization’s many implications for acquiring and retaining talent, ensuring compliance with regulations and maintaining a competitive edge in the market.
The more aligned ERM is to its organization’s strategic and corporate objectives, the more it can report in a way that creates an explicit link between objectives and risks
“Gartner defines an emerging risk as a risk that is not materially impacting the organization today and also exhibits significantly higher volatility and uncertainty in its evolution,” says Matt Shinkman, Managing VP, Gartner. “Because these risks are so hard to measure precisely, and because their paths are harder to predict, risk management leaders must be vigilant to ensure these risks are seriously considered and acted upon by business leadership.”
Gartner’s latest (1Q19) survey of risk management professionals identified the top four sources of emerging risk, and insights around how top-performing organizations address them.
Accelerating privacy regulation
Although data privacy risk is not new, General Data Protection Regulation’s (GDPR) launch in 2018 began a new era of regulatory volatility as lawmakers try to keep pace with technology.
For example, the California Consumer Privacy Act of 2018 (CCPA) will take effect in January 2020. This new legislation states companies must disclose what information they’re collecting, how they’re using it and who can access it. This will likely affect future budget forecasting, as many functions are contributing budget dollars to GDPR-compliance already.
The potential for large fines and the technical nature of many GDPR requirements means many IT and information security teams contribute financially toward GDPR compliance. CCPA mirrors GDPR in many respects, but nevertheless has important distinctions. Organizations must prepare for the burden of addressing CCPA regulatory compliance in the months to come, and also prepare for more copycat legislation in other jurisdictions.
Read more: How Legal Stays Ahead of Data Privacy Risk
Pace of change
The pace of change is accelerating, driven by new digital business models. Organizations that are unable to respond to this new reality run the risk of stagnation and even decline. The fear of disruptions and inability to grow is also propagated by the concern of becoming the next Blockbuster, Toys R Us, or Sears of their industry — former leaders in their field that did not adapt to digital competitors such as Amazon and Netflix.
ERM teams in leading organizations partner with their colleagues to understand stakeholders’ immediate priorities and objectives
To cope in this environment, the ERM function should be well-aligned with corporate strategy, and its role in the strategic planning process supported by a clear framework. ERM teams in leading organizations partner with their colleagues to understand stakeholders’ immediate priorities and objectives. The more aligned ERM is to its organization’s strategic and corporate objectives, the more it can report in a way that creates an explicit link between objectives and risks. This empowers business leaders to employ monitoring mechanisms and triggers to predetermine course-corrective options.
As demand for talent converges on critical roles and in-demand digital-world skills, companies can no longer rely on labor markets to fill their talent needs. Critical skills may become too expensive to acquire. Organizations must define workforce planning and recruitment strategies that enable them to compete for this talent pool while investing internally in their existing workforce’s employability. Heads of risk management should collaborate with their HR leaders to put effective risk mitigation plans in place, to uncover trends and to understand key drivers of talent risk.
In the Gartner 2018 State of the ERM Function Survey, just 29% of respondents felt prepared to address digital transformation risks, and 10% say they are “not at all” prepared to address these risks. Most firms expect their transformation will take at least two to three more years, and a growing number of signs point toward a recession before they are completed.
Leading organizations are focusing on the digital dexterity of their workforces
A majority of ERM teams are participating in strategic planning. Although two-thirds of the Gartner Risk Management Leadership Council members are currently undergoing a digital transformation, only 35% of ERM teams are playing a role in that transformation. Leading organizations are focusing on the digital dexterity of their workforces by enabling enterprise agility, developing digital competencies to drive collaboration, and crafting a compelling digitalization narrative to clearly define and measure future success.
“Risk management executives with limited resources face a difficult trade-off: managing a rapidly expanding risk landscape without hampering their organization’s ability to grow in line with its peers,” says Shinkman. “By focusing on these key areas of risk, however, risk leaders can certainly make headway with the most likely causes of disruption in the near term.”