2021 brought much disruption and change as the COVID-19 pandemic forced companies to respond in different ways to the continuing crisis. Many had to automate the way they serve their customers to mitigate health and safety risks. Others shifted to digital processes to accommodate their employees working remotely. Also, repeated shutdowns across the globe led to severe supply chain disruptions requiring adjustments to key supplier relationships. These changes may have helped to address the immediate crisis, but the ripple effect of digital risk is just beginning — which is why I see 2022 as the year of digital risk discovery.
Emerging Risk: Dependency on Digital Systems
In the recently published World Economic Forum 2022 Global Risks Report, the “growing dependency on digital systems” is viewed as a major area of emerging risk. According to the report, this dependency has been “intensified by the COVID-19 response.” In fact, the report states that the growth in value of digital commerce is estimated at $800 billion in 2024 alone. However, that growth comes with great change and breeds new types of digital risk that will translate into business success or failure.
The unique aspects of digital risk include both its pervasiveness and opaqueness. Digital products and services rely on a wide array of technology assets — data, software apps, cloud services, interfaces, etc. — that can be poorly controlled by third parties. A great example of this pervasiveness and opaqueness can be found in the recent discovery of the Apache Log4j vulnerability in systems across the globe. Ironically, this vulnerability exists in open source software intended for logging events to assist with identifying problems with software applications. Since it is available as a free, open source service, Log4j is widely utilized. However, the ripple effect of digital risk can be difficult to determine since it may lurk in third-party software that is a critical part of a company’s digital product or service portfolio.
Turning Digital Risk Into Competitive Advantage
Companies that discover these new digital risks early will gain a competitive advantage through better performance and stronger resilience. The question then becomes “how can we discover these new digital risks quickly and act on them effectively?” The answer is through an integrated risk management (IRM) approach that links strategic, operational and technology risks to allow for better informed decision making.
During my time as a Gartner analyst, I conducted extensive research into ways risk management and compliance practitioners could improve their governance, risk and compliance (GRC) solutions to enable better risk visibility and understanding. Fragmented and compliance-driven, these legacy GRC technologies were not providing the insights needed by business leaders to address the most relevant risks to the enterprise. It became increasingly clear that an integrated approach that links operational and technological risks to strategic business objectives is the next step beyond GRC.
Now as a senior advisor to AuditBoard and CEO of Wheelhouse Advisors, I plan to explore how IRM technologies such as AuditBoard’s modern connected risk platform can help companies move beyond their compliance-driven, legacy GRC solutions to increase their risk visibility and understanding.