Request Demo

NIST Risk Management Framework

What The End of The GRC Era Means for Risk Managers

down-arrow

Gartner predicts that by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities from a risk-centric lens and that the IRM solutions market will grow to $7.3 billion or more by the year 2020. But what does this mean for risk and compliance managers?

For most organizations, building an IRM program means blowing up all of those traditionally siloed off risk areas and replacing them with a single, holistic view of enterprise risk that business leaders get. 

Gartner defines IRM as a set of practices and processes supported by a risk-aware corporate culture and by enabling technology adoption that improves both decision making and performance by looking at quantified risk. Business leaders have realized the importance of risk and compliance standardization and the importance of the risk manager role. These risk and compliance teams develop and implement a solid risk-based program that will, in part, mitigate fears of CEOs and other executives... fears that their company might be the star of the next breach-based headline. 

Thus, to enable business leaders to truly understand the importance of risk mitigation and compliance, the idea of "Governance, Risk and Compliance" has phased out in favor of a new term: "Integrated Risk Management" - organizations are shifting focus away from Governance, Risk and Compliance (GRC) to IRM solutions. IRM goes beyond traditional, less automated, and compliance-driven GRC solutions to provide actionable insights align with business strategies and goals, as opposed to simply aligning with regulatory compliance requirements. Another important aspect of IRM is that it includes Digital Risk Management, or DRM. 

At its core, the move to Integrated Risk Management is a reflection of the shifting needs of today's enterprises, especially with the evolving digital landscape. New risks coming from new technologies, a large volume of new and complex regulatory requirements, paired with demands from the business have forced the GRC market to evolve. Today's compliance and risk management tools need to aggregate, integrate, and visualize risk data and bring in compliance status data to help support that risk quantification.

As a risk manager who is now speaking the language of, and aligning with, business leaders in their goals as well as yours, look both vertically and horizontally on how risk projects are done.

Vertically, this means risk managers and teams must link the overall corporate risk reduction and mitigation strategy with quantifiable business objectives. This way of doing things can be achieved by deploying specific risk mitigation actions across the organization in all departments with the support of the cybersecurity and IT infrastructure.

As a risk team member, you're doing a lot of risk assessments against, sometimes all, company assets. An “integrated” view that you could take across your risk management activities, therefore, can take on various perspectives from others. The legal, financial, and other departments may have their own definition of risk and their own mitigation procedures and strategies, but that legal definition of risk varies drastically from the way cybersecurity risk is being addressed. By using one, integrated and centralized risk management program across the enterprise, an organization can build a strong foundation from which to grow, adn risk managers can lead that effort.

You may also like

Data Breaches WILL Happen: The ...
on January 17, 2019

As we’ve all seen in the predictions for 2019, more and more cyber attacks and data breaches are expected. Statistically, it only makes sense: with more organizations embracing ...

George Wrenn
Risk Management In the Digital Age
on January 15, 2019

The digital risk management function of an integrated risk management approach is the most nebulous facet of IRM. For many mid-level and enterprise CISO’s, their organizations are ...

The Role Of A CISO During ...
on January 21, 2019

A role created in reaction, filled by proactive leaders The role of information security is rooted in information technology, the origin of which was catalyzed by the development ...

What The Winner Of CES' Highest ...
on January 8, 2019

This week, technologists will gather in Las Vegas for what could be considered the hallmark event of the year for hardware: the Consumer Electronics Show (CES). CES can be best ...

Digital Risk Management: A Working ...
on December 20, 2018

Introduction We all live in a rapidly digitizing world - the computing power of your phone in your pocket exceeds the world’s supercomputers just a few decades ago. We have all ...

Risk Quantification Decoded
on December 18, 2018

For security teams, the idea of risk is nothing new - in fact, most security teams work with risk every day. However, the concept of distilling that risk down into numbers, risk ...