Lay a common foundation
Source: 2020 Global Risk Study
Pushing from communicating to collaborating requires a common foundation
It’s hard, if not impossible, for risk functions to share risk insight and adopt clearer, more-comprehensive views on risk when each risk function is categorizing risks in its own individual way, leveraging stand-alone technology, drawing on different data sources, building its own analytics, and defining its own metrics. Yet, at the majority of organizations, that is the norm.
Data and technology vary by risk function and are typically disconnected from the broader IT strategy and from other risk functions. Just half (51%) of organizations in our study say they have the right data today to manage risk.
“Our single enterprise system, in combination with our common risk taxonomy and other foundational elements, provides a good base for greater collaboration. Enterprise risk management, compliance, vendor risk management and other second line teams rely on the technology and internal audit uses insights from it to support audit plan development. Drawing data and insight from a common foundation is extremely helpful to us in connecting the dots across our activities.”
Tricia Bartylla, Vice President and Chief Audit Executive, Target Corporation
Does each risk function have its own set of tools and its own set of insights?
Consider these steps to make more powerful risk insight possible.
Come to consensus on a common risk language and measurements.
A common risk taxonomy is the dictionary that helps everyone think about, prioritize and communicate risks in the same way as one another.
You can use key risk indicators to monitor enterprise risks, but if all functions don’t use the same language – or risk taxonomy – it’s very challenging to align on risks, insight and issues.
Bring disparate technologies together through a common platform.
Risk functions use many different tools and technologies, and it is time-consuming and inefficient to consolidate risk insight and reporting if risk functions do not connect into a single platform. Technology investments can be difficult for any one risk function to swallow, but when functions consolidate their business case for investment, the value proposition gets much stronger.
Our single GRC platform will help us get to a single source of truth that can be leveraged by the board, senior executives and other stakeholders as they make business risk decisions.
Embed within the organization’s data strategy.
More than ever before, there exists an abundance of data both inside and outside organizations from which to draw more-intelligent risk insight. Now is the time to collaborate across risk functions with a view to determine how that volume of data can best be used by all lines. Risk functions should embed themselves in their organization’s enterprisewide data strategies and data asset development efforts to make their collective data and functional requirements known.
Three actions to consider to move risk functions along the collaboration journey
Setting the tone for collaborative risk management
Ensure a collaborative tone and appropriate governance of risk management
Contact us
