WHITE PAPER THE 6 DIMENSIONS (& OBSTACLES) OF RISK MANAGEMENT

Similar documents
WHITE PAPER 5 THINGS TO KNOW WHEN RESEARCHING RISK MANAGEMENT PLATFORMS

COMPLIANCE TRUMPS RISK

SOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS

RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

RSA. Archer Risk Intelligence Index

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

TOP 10 REASONS TO MOVE YOUR CONTACT CENTER TO

RSA ARCHER INSPIRE EVERYONE TO OWN RISK

CORPORATE PERFORMANCE MANAGEMENT: BEYOND PLANNING, BUDGETING, AND FORECASTING

SOLVING THE MARKETING ATTRIBUTION RIDDLE Four essentials of decoding the multitouch attribution, beyond the last click.

WHITE PAPER THE RSA ARCHER BUSINESS RISK MANAGEMENT REFERENCE ARCHITECTURE

THE FIVE BUILDING BLOCKS OF AN EXCEPTIONAL WEB EXPERIENCE. Your guide to winning the personalization race.

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL

Vendor Support Agreements: A Competitive Weapon for Optimizing Organizational Assets

RESEARCH PAPER OCTOBER DevOps: The Worst-Kept Secret to Winning in the Application Economy

IBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.

UNDERSTANDING. CLOUD VALUE How to Take Your Cloud Program to the Next Level by Expanding Adoption

Resource Management 2.0 The Next Chapter of Just-in-Time Resourcing

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

MATURITY MODEL SNAPSHOT REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Business Outcomes Management: The Undervalued Business Priority

Achieving Balance: The New Pivotal Points of Software Development

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Simplify Application Portfolios Across the Business and IT

Using Micro Focus Chatbots with Microsoft Teams

Achieve Your Business and IT Goals with Help from CA Services

Predictable Success: 4 Steps to a Dynamic Workplace

Proactive Ways You Can Grow Your Business Now

SOLUTION BRIEF MAINFRAME SERVICES FROM CA TECHNOLOGIES

An Overview of Guiderails: Keeping Aligned and on Track

Is your operational risk management helping execute your strategy?

ORACLE SOA GOVERNANCE SOLUTION

Accenture Architecture Services. DevOps: Delivering at the speed of today s business

MUST-HAVE AGILE TRAITS

The Future of Workload Automation in the Application Economy

Why PMOs Fail: Is Your Organization at Risk?

Action List for Developing a Computer Security Incident Response Team (CSIRT)

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

How to Plan for a Successful Deployment

Progressive Organization PERSPECTIVE

Gain Greater Insight and Facilitate Actions. Brochure Analytics & Big Data

A T S A l p h a T e c h S o l u t i o n s

7 Ways to Outperform Your Competitors in New Product Development Jim Brown President Tech-Clarity

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

An Epicor White Paper. 10 Critical Questions Small Manufacturers Should Ask Before Buying a Cloud-based ERP Solution

Cincom CONTROL. Business Operations Management and ERP Solutions. NOW, Become the Company You Really Want to Be SIMPLIFICATION THROUGH INNOVATION

Preparing your organization for a Human Resource Outsourcing implementation

Service management solutions White paper. Six steps toward assuring service availability and performance.

AVEPOINT CLIENT SERVICES

DATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE

Have You Outgrown Your Old Accounting System? 5 Signs Your Accounting System is Holding You Back

CONTINUAL SERVICE IMPROVEMENT: BRINGING IT TO LIFE

Strategic or Bust: Why Project Execution Needs to Change

Joy E. Spicer, President & CEO. March 28, 2011

Deloitte Discovery Advisory Enabling an agile response to discovery, investigatory, and regulatory requests

IIA ERM Summit. August 22, 2010

Our Approach to the Scaled Agile Framework (SAFe )

Have You Outgrown Your Old Accounting System? 5 Signs Your Accounting System is Holding You Back

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Overcoming Barriers Facing Agile Adoption Eliassen Group. All Rights Reserved --

STRATEGY IN THE AGE OF INDUSTRY X.0

invest in leveraging mobility, not in managing it Solution Brief Mobility Lifecycle Management

Using ClarityTM for Application Portfolio Management

Unleash the Power of Mainframe Data in the Application Economy

A Journey from Historian to Infrastructure. From asset to process to operational intelligence

AI Factory. A flexible framework designed to maximize data value. bhge.com/digital

Information governance for the real world

Next-Generation IT. Aligning multiple domains to deliver agility. Sponsored by. Publication Date: 09 February 2017.

Ontario Hospital Association. Strategic Plan

Sphera is the largest global provider

I.T. s New Mission: Be a Catalyst for Change and Strategic Partner to the Business

An Overview of the AWS Cloud Adoption Framework

A 6-step approach for ITSM and ITOM to work better together Steps 1 and 2

IBM Rational Software

BEST PRACTICE GUIDE Getting Started with Kronos Workforce Analytics for Healthcare

Operational Risk Management

Agility to Compete. Manage Costs to Fuel Growth and Make it Sustainable

IMPACT HIRING: FRAMING LESSONS LEARNED FOR FIRST JOBS COMPACT EMPLOYERS. Niko Canner, Incandescent Abigail Carlton, The Rockefeller Foundation

IMPACT HIRING: FRAMING LESSONS LEARNED FOR FIRST JOBS COMPACT EMPLOYERS. Niko Canner, Incandescent Abigail Carlton, The Rockefeller Foundation

SAP SuccessFactors HCM Suite

Social Media in Healthcare Leverage Social Media for Real Business Impact

PARTNER SOLUTION BRIEF

SOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

can I consolidate vendors, align performance with company objectives and build trusted relationships?

What is ITIL 4. Contents

Application-centric Infrastructure Performance Management (IPM)

Application-centric Infrastructure Performance Management (IPM)

Accenture and Salesforce. Delivering enterprise cloud solutions that help accelerate business value and enable high performance

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

10 Steps in Presenting an Effective Business Case for a Learning Management System

Supply chain visibility Avoiding short-sighted goals

How ready are you for operational SOA?

Transforming software delivery with cloud

VFA Data Maintenance Services

Successful Selling: Acing Advanced Analytics to Drive Commercial Growth

IBM Analytics. Data science is a team sport. Do you have the skills to be a team player?

Risk & Compliance. the way we do it. QualityData Advantage. for Basel Compliance

MASTERING DIGITAL TRANSFORMATION

Transcription:

WHITE PAPER THE 6 DIMENSIONS (& OBSTACLES) OF RISK MANAGEMENT

Risk management efforts often begin as focused attempts to improve certain elements of risk or compliance management within one functional area such as IT, security or finance. The function takes on the challenge of building a defined approach to methodically review risk or catalog compliance obligations to ensure that individual piece of the organization is properly tracking towards its objectives. The drivers for this effort can be many regulatory pressure from an external entity, strategic acknowledgement by executives or bottom-up efforts by front-line managers to reduce risks. Eventually, this function designates resources, implements processes and utilizes some technologies to address risk and compliance issues. As more functions understand that risk and compliance management is part of managing business operations, more risk management processes are created. Most organizations take the path of building individual pieces of this overall program independently, since each function has its own nuances and challenges. As the implementations become more mature, the organization realizes there are significant benefits to streamlining processes, reducing efforts and eliminating redundant activities. This is the point at which the organization determines an integrated approach to risk management would be a benefit to the overall organization and launches an initiative. THE DIMENSIONS (AND OBSTACLES) OF RISK MANAGEMENT PROGRAMS When you look at establishing your risk management program, it is useful to consider some fundamental dimensions that can be examined to assess overall effectiveness. Breadth, depth, adaptability, ecosystem, track record and strategic value are all indicators of a strategic approach to addressing business risks. Each of these dimensions is associated with a barrier to success. When building your strategy, it is beneficial to understand and plan for these obstacles. Breadth (Obstacle: Silos) Breadth is defined as the scope of your risk program across the enterprise from an organizational, technical and functional perspective. Organizations that create silos, or individual functions with no connection to other risk functions, miss the point of integrated risk management. The resulting program will have individual kingdoms that rarely share information or that have do-it-my-way mentalities. Risks today are connected like never before. For example, a security incident can result in a compliance failure, initiation of a disaster recovery play or involvement of a third party. Traditional functions in this example, security, compliance, business continuity and third-party management, respectively that are not connected will not adequately manage the risk. 1

How broad is our risk management strategy and the technical solution plan to support it? What mechanisms (organizational and technical) are we putting in place to dissolve silos into an integrated approach? What organizational and technical changes do we need to make to foster collaboration and promote the cultural change to break down the silos? Depth (Obstacle: Time/resources/skills) Depth is defined as implementing effective risk management processes within operations. Organizations that lack the time, resources or skills to implement or maintain the program have difficulties driving the program into the heart of risk. The depth at which your organization attacks risk will depend on your ability to leverage industry best practices and expertise to quickly implement processes and keep those processes on pace with the business. If you are addressing risk only at the surface, perhaps by simply working the issues identified during assessment processes, you will miss many root causes of systemic issues. How do we not only raise up issues but also strive to understand the root cause of risk and compliance issues? How are we keeping our risk and compliance teams up to date on current best practices? What are we doing from a technology perspective to get deeper visibility into risk in business operations? Adaptability (Obstacle: Rigidity) Adaptability is defined as the ability for the risk management program to adjust to changing requirements. Organizations that implement rigid processes or rely on technologies that hard-code data, workflows, reporting, etc., can t react quickly to changes. Business change is one of the most common causes of gaps in risk and compliance processes the business changes too fast and the risk management program cannot keep up. Many times this is due to a lack of flexibility in both processes and technology. 2 How fast can risk, security, compliance and other risk-related functions respond to a business change? Has organizational and technical adaptability been built into the program? What capabilities do we have to enable change, and do we have the right governance structure in place to respond appropriately? Ecosystem (Obstacle: Culture) Ecosystem is defined as the collaborative environment necessary to address the multidimensional nature of risk. Organizations that don t address the cultural changes necessary to implement

risk management will start hitting ceilings in terms of maturity. Risk management requires a strong relationship between the risk functions and the business. Building these relationships is necessary to get both sides on the same page. This impacts everything from strategic planning to operational implementation. Are we getting IT, the business and risk management functions talking on a regular basis? How are we instituting a change in how risk is perceived and managed across the organization? How are we transferring risk management knowledge to the front-line operations to better engage them and educate them as the first line of defense? Track Record (Obstacle: Lack of wins) Track record is defined as the series of program successes that demonstrates reliability of the overall program. Organizations that have a lack of wins (or a failure to achieve a continued progression of program successes) can lose faith in the program. This will cause issues for the program champions and undermine credibility in the business. Your strategy must allow you to implement those processes you need first, show progress and then move on to the next set of use cases. This applies to both organizational successes and technology implementations. Maturity Does our strategy unfold where we can demonstrate success on a regular basis? How do we communicate successful stages in our program? How well is our technology suited to incrementally expand the program in the context of our strategy? Strategic Value (Obstacle: Lack of measurement) Strategic value is defined as the long-term positive business outcome of the risk program. Risk programs that don t measure success will lack a method to show the strategic value to the business. This will lessen the program s impact and potentially affect funding and executive support. To show a return on the investment, you must plan in advance how you will measure your successes in tangible terms. 3 What metrics (time, budget, effort, etc.) are we measuring today that we can monitor over time to demonstrate improvements? How will we accurately capture and report on key metrics as we execute our strategy? What is the best approach to show strategic value (return on investment, time efficiencies, reduction in costs) and how does it align to overall business objectives?

SUMMARY Dimension Key barrier Organizational impact How RSA Archer solutions help overcome these barriers Breadth Managing risk holistically, crossing risk domains (operations, IT, resiliency, etc.) Silos Organizational silos create kingdoms of do it my way. RSA Archer solutions provide a common platform to address multiple dimensions of risk. Depth Implementing effective processes (best practices) Resources Without the resources to implement and scale, processes are inches deep and don t really get to the heart of the risk. RSA Archer use cases are built on industry best practices to speed implementation. We also offer specific courses through RSA University to ensure your resources are trained and knowledgeable. Adaptability Agility to modify and respond to business changes Rigidity Organizations that hard-code processes or technologies can t react to changes. The RSA Archer platform provides a flexible implementation path through our many use cases. The flexibility of the RSA Archer platform enables your organization to build risk management processes based on your business requirements. 4

Ecosystem Building a strong community to learn/share/ engage Culture A closed culture impedes communication, sharing, knowledge transfer and collaboration. RSA s professional services and partners have specific offerings to keep your program moving from strategy planning to ongoing implementation support. Track Record Demonstrating definitive progress within a long-erm strategy Lack of Wins Lack of progress will cause loss of faith, political turmoil and second guessing. The RSA Archer use case strategy allows you to implement individual processes within a broader strategy. Our track record in the market shows how we can support cross-functional risk programs. Strategic Value Demonstrating clear ROI, business value from investments Lack of Measurement Programs can lose funding with no way to articulate value. The RSA Archer Community is an excellent venue to draw from the experiences and expertise of our broad, global customer base. Overcoming the barriers to an integrated risk management program requires a strategy that is built around key principles of risk management, coupled with an understanding of the nuances of your business. The end goal of risk management is to help the business achieve objectives and improve decision-making. However, the implementation of a risk management program is not a simple step 1, step 2, step 3 type of project. It requires cross-functional teams working together and consistently progressing towards the long-term objectives. 5 Silos, resource limitations, rigidity, culture, a lack of wins and a lack of measurement are common obstacles to success. These impediments can be

overcome by building an appropriate strategy and working with a technology partner that has the right capabilities in place: DEPTH: RSA Archer solutions incorporate the industry-leading best practices you need to get an effective business risk management program up and running quickly. BREADTH: The RSA Archer Suite includes multidisciplinary risk management solutions and use cases that address the most critical domains of business risk. ADAPTABILITY: RSA Archer solutions are designed to help you evolve your risk management program as your business changes. ECOSYSTEM: With RSA Archer solutions, you can tap into the collective knowledge of our community and certified RSA Archer experts to help you get your risk management program on the right path from the start. TRACK RECORD: The RSA Archer Suite is recognized by industry analysts as a perennial leader in providing superior risk management solutions. STRATEGIC VALUE: RSA Archer customer stories are the best evidence of the positive outcomes from our business risk management solutions. RSA Archer solutions offer depth, breadth and adaptability to manage risk in multiple domains, combined with the ecosystem and track record to deliver strategic value to your organization. Learn more about RSA Archer solutions for business risk management at rsa.com/grc. 6 RSA and the RSA logo, are registered trademarks or trademarks of Dell Technologies in the United States and other countries. Copyright 2017 Dell Technologies. All rights reserved. Published in the USA. 10/17 White Paper H16755 RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback