Here is an excerpt from an article written by Richard Chambers for MIT Sloan Management Review. To read the complete article, check out others, sign up for email alerts, and obtain subscription information, please click here.
Illustration Credit: A. Richard Allen/theispot.com
* * *
Risk management in many organizations is hampered by disparate teams that don’t collaborate or share technology.
Companies today must manage an increasingly complex array of risks, including cybersecurity threats, the impact of geopolitical tensions and major weather events on supply chains, and economic volatility — among others. Many businesses are challenged to marshal sufficient resources, personnel, and advanced technology to fully understand potential threats. But few recognize that their efforts are also hindered by the silos within their risk management functions that leave their teams with visibility into only select pieces of the overall threat matrix.
Lack of collaboration among risk management teams is pervasive across industries. More than 86% of audit and risk professionals believe that data silos affect their team’s ability to manage risk effectively, according to new data from AuditBoard. When teams and data are disconnected, efforts are duplicated and gaps in risk coverage open up. There is limited communication between governance, risk, and compliance teams, even though they share a common mission of safeguarding the future of the business. What is needed instead is a holistic, connected risk approach in which collaboration and data sharing are ingrained in the culture, and disparate teams work together to solve problems and meet the shared goal of mitigating risk.
How Risk Management Efforts Become Fragmented
Good risk management isn’t a monolithic function. The Institute of Internal Auditors advises companies to have three lines of defense. Operational management oversees risk mitigation involving business processes; risk and compliance functions set policies and monitor risk controls used by operational management; and internal audit monitors the effectiveness of the first two lines of defense by systematically evaluating and verifying that risks are adequately managed in a way that is aligned with the company’s objectives.
Silos arise in part because, historically, risk and assurance professionals have preferred to operate independently. To some degree, this is because they value ownership and recognition of their individual outputs, but they also want to maintain independence and objectivity. And like many other professionals, those working in risk and assurance often cling to outdated practices because they are more comfortable with familiar ways of doing things.
* * *
Here is a direct link to the complete article.
Richard Chambers is senior adviser for risk and audit at AuditBoard.