Digital risk has continued to grow and transform as the application of technology solutions has evolved over the past few years. In January of this year, I proposed that 2022 would be “the year of digital risk discovery” as the world’s dependency on digital products and services continues to accelerate at an unprecedented rate. According to a recent Gartner survey, over half of all corporations have named digital technology investment the number one initiative, with others supporting digital growth listed in their top five priorities. With the amount of investment in digital products and services impacting such a wide variety of business functions, only an Integrated Risk Management (IRM) approach can effectively respond to the risks faced by organizations.
Accelerated Digital Investment
Growth in digital investment is anticipated to accelerate beyond $800 billion in the next two years, according to the World Economic Forum (WEF). Along with this investment, the associated digital risk is increasing exponentially. Digital technology initiatives that drive the increased risk include products and services, hardware and software, and the business transformations tied to those tools. The WEF points out that it is not just the digital tools, but “the interconnectedness and convergence of these digital tools will continue to increase,” and this interconnected digital landscape results in unintended consequences and unforeseen risks.
Medical technology offers a great illustration of the convergence of digital tools and potential digital risks. The substantial investments made by the medical industry in digital tech have improved convenience and safety with remote access to healthcare providers, but with the increased investment comes significant digital risk. The medical industry now allows individuals to consult with doctors through telehealth, which can involve a consultation through web conferencing tools on a mobile device while accessing digital records online that contain health data transmitted from a wearable device. In just this example, digital risk impacts multiple networks, applications, connected devices (internet of things), third-party risks, data privacy, and potential regulatory concerns.
An Integrated Risk Management Response
Organizations are investing in risk management as a response to increased digital risk, but there is still much room for improvement related to maturity. A mature Integrated Risk Management program aligns with four main risk objectives: performance, resilience, assurance, and compliance. Considering digital tools and risk within these objectives allows an organization to identify the risk quickly and measure the impact as their company invests additional capital and commits to digital initiatives. A leading IRM program will also map risk objectives with the company’s technology, business, and policies and procedures (compliance risk) for a holistic view that business leaders can use to make decisions.
Source: Wheelhouse Advisors IRM Navigator, March 2022
One key to closing the gap is through technology that enables an Integrated Risk Management program. In the past, the software we had available in governance, risk and compliance (GRC) tools fell short, as these tried to aggregate business functions without proper consideration for integrating data in a useful way for risk-based decision-making. Since overreaching GRC solutions have only reinforced existing silos, many organizations attempt to use disconnected tools and homegrown spreadsheets to capture digital risk. Still, as we discussed, the complexity requires a purpose-built connected risk management platform that aligns audit, risk, and compliance data all in one place so you can have a complete view of risk across the enterprise.
IRM Technology Enables a Connected and Balanced Risk View
Achieving a comprehensive IRM view requires a connected and balanced approach that spans an organization. An effective approach links elements of technology/cyber risk, operational risk, and strategic/enterprise risk. Linking these risk elements allows companies to close the Business Resilience Gap — the gap between the risks generated by business (including digital) products and services and mitigation driven by company policies and procedures. With so much investment happening today and anticipated to continue into the future, now is the time to build a connected, balanced risk management approach, explore IRM technology, and work toward closing the business resilience gap to turn digital risk into a competitive advantage.