ERM constitutes GRC and security. These are the two pillars that can save you from the dreaded cyber threats. Since more companies are taking their businesses online, you cannot but think otherwise. Moreover, organizations are creating enterprise risk management (ERM) communities. Vendors are also clubbing governance, risk, compliance (GRC) and security in their service offerings. In this article at InformationWeek, Lisa Morgan explains why enterprise risk management is necessary for your company.
GRC and Security as a United Front
According to Forrester Research analyst Alla Valente, “Digital transformation requires a very tightly knit coordination between all of these functions.” Let’s find out what led companies to take the GRC and security accord seriously:
Siloed Risk Management
Company hierarchies differ based on industry, size, and culture. The C-suite committee comprises chief security officer or chief information security officer (CSO/CISO) apart from CIO. Chief privacy officer (CPO) and chief risk officer (CRO) are newer additions. The CPO is under chief legal officer (CLO) or CSO/CISO, who directly reports to CIO, COO, or CEO.
Many of these risk procedures and roles are after-effects of the 2008 recession or new laws like GDPR and Sarbanes-Oxley (SOX). So, departments of companies without an enterprise risk management setup have separate departmental GRC tools and procedures. PwC’s Cybersecurity and Privacy practice principal Joe Nocera points out that the siloed activities downgrade their efficiency.
ERM Is the Need of the Hour
With enterprise risk management, the board of directors can collaborate across all departments to address and mitigate risks faster and more effectively. The popularity of ERM has made Gartner claim that integrated risk management (IRM) software would eventually replace GRC tools. However, the differentiating factor is that an enterprise risk management committee is about ‘people, processes, and technology’. The unit ensures that the right people hear your message at the right time. Also, a collective agreement regarding risk tolerance and acceptance allow better risk responses and strategies. Info-Tech Research Group principal research advisor Christine Coz remarks that risk management gone south can harm your brand reputation. Furthermore, it is a ‘differentiator’ when everything you see today is ‘replaceable’.
Benefits of Emerging Technologies
Enterprise risk management is ready to leverage new technologies like AI, machine learning, and robotic process automation (RPA). KPMG Cyber Security Services principal Rik Parker believes that these new tools would help detect as well as automate decisions.
To view the original article in full, visit the following link: https://www.informationweek.com/strategic-cio/security-and-risk-strategy/governance-risk-compliance-and-security-together-or-apart/a/d-id/1337732?