Among the respondents to EY’s most recent GRC survey, a promising trend is emerging. Namely, an overwhelming percentage (97%) of responding organizations recognize the need for bridging the gap between risk management and business objectives. Yet, among those 97%, only 16% believe that they have taken advantage of the opportunity for greater alignment. Clearly, an increasing number of companies recognize the value of directly incorporating risk management into business decision making, but there has yet to be significant progress in risk’s successful integration. To achieve a greater level of risk integration, EY has established three levels that represent an organization’s journey to full business-risk alignment.
Advance, Optimize, Embed
- Advance The first step, advancing strategic thinking to improve value creation, challenges the way an organization thinks about risk management. Simple identification and assessment of possible risk is not sufficient if risk management isn’t envisioned within its proper context. While organizations are not created for the sole purpose of risk management, they are intended to generate business value. In this way, risk management needs to be seen as a necessary step along the path towards the continual generation of business value.
- Optimize The optimization phase focuses primarily on how organizations execute their risk strategy. Organizations must define clear ownership and accountability for risk activities to enable effective coordination, communication and reporting. In this step, it is crucial to align functions by allocating talent and optimizing risk management processes. As Michael O'Leary, the EY Global Internal Audit Leader notes, "Having the right structure and mechanisms in place, and adapting them as needed, is critical to improve the efficiency and effectiveness of risk activities across the organization."
- Embed The final, and most important phase, is embedding risk management into the fabric of an organization. Process optimization is all for nothing if a cycle of continuous improvement is not enacted. Risk management can only be truly effective and drive business value for an organization when embedded solutions can proactively respond to risk. Continual monitoring and testing, made possible through the adaptation of enabling GRC technologies, help organizations execute their risk response plans more effectively.
Keep It Simple
In spite of the obvious truth that risk management only drives business value when it is done on a continuous basis, only 49% percent of EY’s respondents utilize one or more GRC technologies to enable their risk management activities. Leveraging GRC technologies can help organizations not only optimize internal control frameworks to eliminate duplication and add automation controls, but GRC technologies also play a crucial role in helping organizations adopt a cycle of continuous improvement.
Mavim for Risk Management
Mavim strives to embed a cycle of continuous improvement in all disciplines that impact business decision-making. Our software helps organizations analyze, audit and manage risk by bringing all risk analysis reports, information and documents into a central repository. This allows impact analysis and traceability reports to be conducted from a single source of truth, before being published to the wider organization. Connecting people, processes and systems in the Mavim software turns unrefined data into priceless information that drives business value. Let us support you in managing preventable business risks.