Risk management trends are constantly changing, and the many global events we’ve experienced in the past year and a half have only accelerated that.
We interviewed Cential Partner & Principal Consultant Jannie Wentzel to hear his insights on risk management trends that are popping up in 2021 and how organizations can stay up-to-date in the dynamic world of risk.
What emerging trends are you seeing in 2021 that you think people should be aware of when it comes to risk management and GRC?
Wentzel: “I think there’s a couple of things; the first thing that comes to mind for everybody is the increasing amount of fully remote workforces. If you think about it from an organizational perspective, it’s the question of ‘how do you establish your corporate culture?’ Think about how you establish a culture of transparency and your ethics—it’s no longer through people working together in one spot where you can talk face-to-face or talk around a cup of coffee. It’s now people talking on a zoom or a virtual call.
So what does that mean? How do you build your underlying corporate culture? One of the challenges from a more overall, holistic view is ‘how do you establish that culture and manage the risk from the start?’ Because that’s now being done a lot more virtually and electronically than it is through people getting together in a physical location.
That’s one of the big-picture challenges, and then with that comes the issue of us and our organizations and what our social responsibility is. When do you open the doors up? When do you let yourself travel again? What’s the right time?
There’s the balance between ‘I need to generate revenue,’ and ‘I need to protect my workforce.’ And then the next step is, ‘When is it the right time to physically visit my client and not expose my client or put undue pressure on my client to see them following a pandemic?’ It’s going to be a challenge.
Then, on top of that—are your people that are working from home working from an unsecure network or their home network? Is there an ID function that protects a physical network? How do you manage the access of different people managing your work functions? Are you allowing people to access your network from different devices? Do they have a virtual assistant, an Alexa, a Google Home or anything like that in the background? How do they secure that? Am I appropriately protecting my corporate information?
Those are questions that are going to be more and more important going forward. If we look at what happened in the last year, ransomware and other cybersecurity elements are becoming more and more relevant. There are lots of different moving parts that have been developing since the beginning of last year.”
What is the best way that an organization can stay on top of knowing what risks are popping up and which ones are a high priority? How do we stay educated on what’s constantly changing in the dynamic world of risk?
Wentzel: “There are a number of very important things to consider.
First, don’t attempt to do these things on your own. You are operating in a community of people, whether it’s suppliers or vendors, clients, or customers. Continuously stay in contact with them; don’t just do the business transaction alone but instead talk about the risk environment and what they’re experiencing in your supply chain. Rather than only asking your clients just the traditional questions about vendor risk management or third party risk management, talk to them about what trends they are seeing and what they are concerned about as an organization and start working together to address those risks. That will help you to focus on more than just your few internal risks.
Second, there are a number of features and functions that you can utilize that share what the latest security trends are. There are publications and more virtual meetings than ever before. You can also listen to podcasts that share a lot of information, follow authoritative sources on Twitter and LinkedIn, or subscribe to e-newsletters. There are more articles, publications, and other information being shared on those medias than ever before.
Stay on top of those platforms, because you don’t know what you don’t know unless you start reaching out.”
How can an organization work with other people internally or externally to make sure that they’re unified in their risk management process?
Wentzel: “We’ve talked about Integrated Risk Management for a long time and how we shouldn’t do risk in silos in our organizations. So that means if I look at my business risk, my supply chain risk, and my information security risks, those are not mutually exclusive, but they work together.
But now the world is changing even more. For instance, right now I’m using a cloud provider to provide my infrastructure and I don’t have my own data center. So suddenly, that integrated risk now needs to be transformed more and more into what we call Transformative Risk Management—where we start managing that risk as a community.
Who is my cloud provider, and what are the risk functions that they manage? And what am I supposed to manage? Let’s work together to start thinking about that.
On top of that, if I have suppliers or customers that directly connect to me and I share that information with them, we should be getting together as communities to start managing risk as a community. We like to call that transformative risk management research.
To take that further, we then call that the ‘herd immunity’ for risk. How do we start managing risk in a group so that we protect our community and not all try to go at it alone?”
If you have questions about what Wentzel shared regarding the future of risk management or would like to learn more about how Cential can help your organization stay on top of their risks in an ever-changing risk environment, contact us here.