FutureRisk spotlights emerging risk areas and unique approaches to risk treatment with risk leaders from the world’s most prominent organizations.
For the first installment of FutureRisk, series moderator John Wheeler, former Gartner IRM Analyst and AuditBoard’s Senior Advisor, Risk and Technology, sits down with Richard Marcus, AuditBoard’s Head of Information Security, to discuss the vision for the series, including:
- Where are organizations placing their bets around future risk.
- Where to look for big risks that may be looming on the horizon?
- Upcoming topics for FutureRisk — AI, cybersecurity, supply chain, TPRM, and more!
Watch the full conversation, and read the can’t-miss highlights below.
What is FutureRisk?
Richard Marcus: Welcome to FutureRisk, AuditBoard’s new series spotlighting emerging risk areas, and unique approaches to risk treatment. I’m Richard Marcus, the Head of Information Security at AuditBoard. Here to tell us what FutureRisk is all about, is its upcoming host and moderator, John Wheeler, our Senior Advisor for Risk and Technology. John, what is FutureRisk, and why should people tune in?
John Wheeler: I think that this series can be so important and useful for viewers because risk, for many organizations, is becoming a driving force around how they manage their business operations. What we are doing at AuditBoard, and where my research really has focused for the last 10 years, is about the need for a more integrated risk view.
We certainly see a lot of discussion around cybersecurity and the need for strong cybersecurity practices within an organization, and that is simply extending as more and more technology becomes used in very different ways — pushing forward a more digital business model, if you will, and the need to understand how the technology assets connect into the broader business process view of an organization and their business operations, and then ultimately how those technology assets and business processes enable the strategic business outcome that an organization is looking to achieve.
Strategic business outcomes are certainly requiring more of an understanding of risk because of the pervasive nature of digital risk, but also understanding how better risk quantification can enter into the equation to help key business leaders put together true business cases around these new digital products and services and understand, from a quantifiable perspective, what the risk truly means to their chances at success.
Where are organizations placing their bets around future risk?
Richard Marcus: Risk management certainly is getting harder and more complicated, so these topics are certainly going to be valuable for risk professionals. If there are risk professionals out there that are preparing for future risk, where do you see them placing their bets?
John Wheeler: More than anything, on the heels of the pandemic, organizations and their business leaders are looking for avenues of growth. Yet, the pandemic and the resulting business impacts have created an awareness that growth alone will not drive success. That growth must be achieved in ways that protect the long-term viability of their organization and the environment at large.
To achieve growth with greater risk awareness, business leaders are looking to audit, compliance, and risk management professionals to integrate their programs and practices in a brand new way. CEOs and their suite of leaders need visibility and understanding across a risk spectrum from technology and cybersecurity to operational and strategic and enterprise risk, and that’s not all. They need real-time insights from both inside and outside the organization, across the entire ecosystem of technology assets that are dynamically changing, and through this process, they’ll have a better understanding of their digital products and services, and this is where the real bets are being made, and our exploration of future risk begins.
Where do you look for big risks on the horizon?
Richard Marcus: John, the title FutureRisk implies uncertainty — unless you’ve got a crystal ball and can see into the future. How do you go about looking for the big risks that might be looming on the horizon?
John Wheeler: In my experience, the biggest, most relevant risks are generated by major change. The growth challenge is driving major change by spurring companies to create new digital products and services, and that’s fully supported by what PwC just revealed in their 2022 Pulse survey, and in it, more than 70% of risk executives resoundingly said that capitalizing on digital transformation initiatives is critically important to their company’s growth in 2022.
The name of the channel is “FutureRisk.” How will that title and the purpose behind it shape the exploration of topics in future episodes?
Richard Marcus: It’s interesting that you chose the title FutureRisk for the name of this series. Tell us a little bit more about that title, the purpose behind it, and how that will shape the topics that you might discuss.
John Wheeler: Given that major change is a great harbinger for future risk, that’s where we will focus our attention. Changes are on the horizon in areas related to digital risk, like cybersecurity, sustainability, or the growing complexity of vendor and third-party relationships. The common denominator of future risk is interconnectedness. No longer can we view or manage risks in a siloed, or one-dimensional way.
As host and moderator, my goal is to illuminate the interconnectedness of risk, and how it can be better managed through integrated risk management. Upcoming episodes will take us on a journey through the four key IRM objectives: performance, resilience, assurance, and compliance. We will be interviewing thought leaders and business executives about how they are preparing for the future, and the future risk landscape. Topics will include things like digital risk discovery, what it means in 2022 and beyond, supply chain and third-party risk challenges, how auditors might use forensic analysis and predictive analytics to support internal auditing, and how compliance professionals might use artificial intelligence from an ethics, conduct, sustainability, and cybersecurity perspective.