Mature IRM processes for summer and beyond
Memorial Day weekend kicks off summer in America. AAA projects nearly 42 million will travel at least 50 miles away from home. Outside the office is where many find inspiration for what needs to change in the office.
Our suggestion for change is to work on maturing your organization’s integrated risk management (IRM) processes. Mature IRM processes increase efficiencies, improve risk-based decision-making, make company goals easier to reach, strengthen incident response, and more.
But where do you begin? What are the two or three things that you can do to get things rolling for summer, third and fourth quarter, and beyond?
Current IRM maturity
Before you can mature your IRM processes, you need to determine where you are on the IRM maturity scale. There are two ways to do this. You can take our maturity quiz. Or self-assess by selecting the maturity level stage below that best describes your organization.
Using manual processes like Excel, Word, e-mail, and SharePoint.
Using a platform to perform one or two compliance activities.
Relying on a platform to integrate compliance and risk management functions.
Leveraging platform capabilities to continually integrate risk management processes enterprise-wide, plus Experienced.
By knowing where you are on the maturity scale, you can then set your sights on a goal that’s attainable. In camping parlance, there’s a big difference between pitching a tent in the backyard and spending the weekend with Bear Grylls. Be realistic about what can be accomplished. When you achieve it, celebrate for a moment, and then set a new goal. As Grylls website says: “Be brave. Inquisitive. Prepared for the journey. Ready for anything. Unafraid to fail.”
Change is hard but necessary
Change is challenging for organizations because people naturally resist it. In her keynote at LPRS18 on the topic of building a culture open to change, Carole Switzer with OCEG shared the reasons why. People believe if a process isn’t broken, why change? There is a fear that a new process will make jobs harder. Risks outweigh the benefits. Or there’s a collective sense that the transition period won’t go well.
To win over people resistant to change, involve them in the change process. Form a cross-departmental task force of individuals that the IRM changes will impact, share the rationale for the changes, and how the changes will improve workday lives and benefit the organization.
The other sure-fire tactic to pull off IRM changes is to involve an IRM champion–an executive who can lead the charge. This was noted in the GRC Buyer’s Guide with guidance to turn a senior-level exec into a GRC Sherpa. Here’s an excerpt:
Mount Everest climbers employ Sherpas to carry their equipment. That same principle applies to maturing your IRM program. Having a senior-level exec supporting you makes all the difference in the world.
Maturing your IRM program won’t be easy, but with early adopters and a champion leader on your team, your odds of success increase dramatically.
Making it happen
Right now, you’re in the planning stages for maturing your IRM processes. This is a great time of the year to plan changes. We’re well into the year but months remain for working toward goals. People in key positions will take time off this summer, come back refreshed and should be more open to change.
IRM maturity is a growing necessity in a world of GDPR, cyber risk, digital risk, third-party risk, operational risks, in essence, risks of every kind. Given the business world we’re in, efforts to mature IRM processes are warranted.
As we kick off summer, plan our getaways, fire up grills, and honor those who served our country and paid the ultimate price, spend some time planning and plotting IRM maturity changes. You can’t wave a magic wand and make them happen. They take time, teamwork and leadership. Well? Make it happen!
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.