Surviving today’s chaotic risk environment demands that companies find new ways to get ahead of risk. Business leaders need to be more effective in identifying, understanding, and measuring the risks and risk priorities most relevant to their businesses, enabling them to make better, more risk-informed decisions. As the risk spectrum continues to expand, integrated risk management (IRM) is quickly becoming a business imperative. IRM offers a comprehensive and balanced view of an organization’s risk positions, from strategy to execution. Understanding that any business activity carries inherent risk, IRM ties together different risk categories across the business, folding risk assessments and mitigation strategies into every aspect of the company.
Businesses increasingly understand the benefits of IRM, but may feel unsure how it fits into their organizations or where to begin. I’ve created a framework to help business leaders prioritize and understand their key risks and build a foundation for successful, sustainable IRM. Over my years of research and experience as a senior risk management executive and advisor, I’ve identified four universally applicable risk management objectives that provide a foundation: Performance, Resilience, Assurance, and Compliance (PRAC). PRAC examines the key questions companies must ask to build a more balanced and integrated view of risk:
- Performance — How well are you running the business?
- Resilience — Are you prepared to respond to and recover from risk events?
- Assurance — Are you mitigating the right risks in the right way?
- Compliance — Are you identifying and remediating areas of non-compliance?
Read on to better understand the business case for IRM and IRM technology, as well as how the PRAC objectives connect with key risk areas, disciplines, and leadership roles. For a significantly deeper dive into PRAC, why it matters, how it’s measured, and the integrated risk priorities that matter most in the current risk environment, download the new guide, The Integration Imperative: Connecting People, Technology, and Business in a New Era of Risk.
A Clear Path Forward: PRAC Objectives and IRM Technology
The PRAC objectives serve as a risk management guidepost for the new era of uncertainty. For businesses, this new era is characterized by ongoing economic and geopolitical instability, persistent supply chain disruption, escalating cybersecurity challenges, and a talent management crisis atop a rebalancing workforce. In Protiviti’s Executive Perspectives on Top Risks 2023 & 2032, respondents rated risk severity and magnitude at the highest levels in the study’s 11-year history. The report specifically references talent, technology, and culture challenges as driving a need for new risk management approaches and solutions, evident among 2023’s top-ranked risks:
- #1 “Organization’s succession challenges and ability to attract and retain top talent in a tightening talent market may limit ability to achieve operational targets.”
- #4 “Resistance to change may restrict the organization from making necessary adjustments to the business model and core operations.”
- #7 “Adoption of digital technologies may require new skills in short supply, requiring significant efforts to reskill/upskill employees.”
- #8 “Organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues.”
Protiviti’s report issues several unambiguous calls to action — including, first and foremost, a call for innovation and transformation that states, “Technology is now the path forward rather than a mere tool.” Specifically, the study recommends that companies modernize legacy applications, capitalize on new tech platforms and capabilities, leverage data analytics and insights, prioritize cybersecurity and data privacy, and “improve agility through rapid response and strong operational resilience.” Other key calls to action are to “Build a resilient culture” that includes “a philosophy of embracing change,” and to prioritize risks and initiatives with “a balanced perspective.”
The “PRACtical” approach to IRM described in The Integration Imperative: Connecting People, Technology, and Business in a New Era of Risk offers a foundation to help you advance all of the above calls to action. The four risk objectives of performance, resilience, assurance, and compliance offer a clear path forward for IRM and digital transformation, equipping your organization to more effectively prioritize, connect, and manage risk for a new era.
The Case for Integrated Risk Management
Every business looks to achieve better performance, stronger resilience, greater assurance, and more cost-effective compliance. The new era of risk, however, means that these risk objectives are more critical than ever for business leaders and the success of their organizations. This truly is an “integrate or die” scenario.
Balancing the critical IRM objectives of performance, resilience, assurance, and compliance can help companies establish an essential foundation for long-term business success. The graphic below illustrates how the four PRAC objectives interconnect and overlay with key risk areas, disciplines, and organizational leadership roles. It also conveys the concept of balance, since organizations must maintain a practical and balanced view of risk that doesn’t overly emphasize one objective at the expense of the others. For example, overemphasizing performance may result in cutting corners on compliance. While this may serve short-term needs for better performance, it will most certainly result in less cost-effective compliance from greater fines and penalties.
Risk Keeps Changing, But PRAC Stays the Same
New risks will keep emerging, and existing risks will continue to evolve. It’s more important than ever for businesses to have an integrated, balanced view of the risks that matter most. The future of risk demands connected technology and teams that tie risks together across the business and help business leaders make better decisions. Even as the risk spectrum expands, the PRAC risk management objectives of performance, resilience, assurance, and compliance offer a stable and strong foundation for sustainable IRM. Download the full guide, The Integration Imperative: Connecting People, Technology, and Business in a New Era of Risk to help your organization build a business case for — and get on the path to — implementing IRM that connects people, technology, and the business in the critical ways demanded by the new era of risk.