By Patrick O’Neill, Founder and President, Redhand Advisors
We live and work in an increasingly complex world, so it’s no surprise that integrated risk management (IRM) is growing in popularity as enterprise businesses look to gain a more comprehensive grasp on its risks and outcomes.
Our 2023 RMIS Report revealed that a significant number of organizations (over 30%) are now expanding their risk technology usage beyond operational risk to also manage compliance, strategic risk, environment, health and safety, and third-party risk. These nontraditional risks that have historically been managed in silos and are now being brought into the fold on organizations’ risk management technology platforms.
And it’s not just the type of risks that have increased; over the last five years there’s also been a dramatic rise in the number of users on an organization’s risk technology platform. Over 50% of organizations now have more than 10 users on their system, and over 8% have more than 500 users within their risk management information system (RMIS).
Redhand Advisors recently hosted a webinar to explore how we can and why we should master IRM with guests Brannon Transue, AVP of Decision Support and Analytics at Aramark, and Patrick Eslick, Senior Director of Product Management at Riskonnect — “Mastering Integrated Risk Management: Building Resilience in an Uncertain World.”
What is IRM and why are organizations adopting it?
IRM is a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks.
Powerful forces are driving the need for organizations to adopt IRM into their core functions, including:
- Accelerating digitization of risk management
- Growing importance of risk management in corporate strategy
- Data-driven intelligence to solve enterprise challenges
- Rapidly changing compliance and regulatory requirements
These rapid macro changes are impacting organizations swiftly and broadly, and those that lack a holistic approach to risk management are left in the dark on vital information that affects the well-being of their businesses:
- 70% of executives are not confident in their risk management policies and practices
- 80% of executives cannot proactively detect risk-related issues
- 80% of executives agree that they lack integrated risk processes and technology across the organization
Implementing IRM in your organization starts with fostering a more risk-aware culture. It’s crucial to have buy-in and active support from key stakeholders to drive the importance of risk management as a foundational aspect of the organization’s functions.
Case in point: Aramark
How to weave IRM into the fabric of your organization
Aramark, a global hospitality services organization, has prioritized IRM for over a decade.
Aramark initially started with a traditional RMIS as they sought to get technology in place across the organization and then subsequently branched out to incorporate other types of risk management into their software, including organizational risks, internal audits, and operational risks.
Their risk management team was the first in their organization to have a consolidated platform that enabled them to track data across departments. With over 12,000 users on their IRM platform, employees at all levels of the organization benefit from holistic risk management insights.
Aramark’s IRM has given them the ability to quickly and easily identify risk in particular locations and settings, allowing the organization to create mitigation strategies that effectively and efficiently support the operations teams.
Aramark created a broad risk-aware culture within their organization by engaging key stakeholders to take ownership and leadership over risk management company-wide.
They credit three key ingredients to their success:
- The governance committee. This group is responsible for the oversight, direction-setting, and prioritization for IRM across the organization, which helped ensure senior-level executives were bought in and supportive of the hefty initiative from the beginning.
- Clear and effective communication. Aramark understands the importance of stakeholders being well informed and holds a quarterly meeting to ensure leaders across the company are current on the impact IRM has on the entire organization, and to foster senior leadership accountability for its implementation.
- Flexibility. Aramark has stayed true to their IRM implementation in part because they knew and accepted when they needed to pivot in response to unforeseen challenges and setbacks.
Now, get started!
It’s easy to see the many benefits of adopting an IRM system, but it can be intimidating to take the plunge.
Every organization has its own combination of unique risks to manage and prioritize, and it’s essential that your platform is adaptable to these different combinations and types of risk. To learn more about how the right RMIS can help your organization achieve Integrated Risk Management, schedule an inquiry call with Redhand Advisors today.