With businesses facing a multitude of risks and tightening regulations, risk managers and decision-makers will have to deal with many terms and their acronyms. A major part of today’s risk management is GRC (governance, risk, and compliance), as well as its subset ERM (enterprise risk management).
According to Jim Wetekamp (pictured above), CEO of Riskonnect, GRC is a set of processes and procedures that help organizations achieve business objectives, address uncertainty, and act with integrity. GRC aims to instill good business practices into an organization’s daily operations. GRC is an umbrella that spans multiple disciplines, including compliance, third-party risk management, internal audit, and ERM.
“As a subset of GRC, ERM is a structured, proactive, and continuous process that is applied across the enterprise to collectively look at all risks, how they relate, and the cumulative impact on the organization,” Wetekamp said. “ERM goes beyond traditional risk management, which generally focuses on insurable risks, to include all risks and opportunities that affect an organization’s performance, including non-insurable risks like reputation. As the spectrum of potential risks continues to expand, adopting an enterprise-wide approach to risk management is critical for proactively identifying and mitigating potential threats.”
Wetekamp said that today’s business leaders face a risk landscape that is much more volatile, uncertain, and interconnected than before. What started as a health and safety issue could end up affecting other parts of the business, such as supply chain, business relationships, business continuity, workforce productivity, and more. As a result, executives are under pressure to make smart decisions about risk quickly and without error. This means they need fast access to facts to help them come up with an informed response.
“A comprehensive GRC strategy can pave the way by removing silos and enabling better data sharing and collaboration,” he said. “GRC also aligns the entire organization around the right objectives, actions, and controls to drive resiliency and overall success. “
Trends in GRC and ERM
Among the various developments in the field, environmental, social, and governance (ESG) is the top concern of businesses. According to Wetekamp, customers, regulators, investors, and other stakeholders are demanding authenticity in organizations’ ESG promises and actions. Regulators around the world are increasingly looking to establish reporting standards around certain aspects of ESG.
“The US Securities and Exchange Commission recently proposed new climate risk disclosure requirements for large, public companies and – for some – their extended supply chains,” Wetekamp said. “Regulators in the EU, UK, and more are also in the process of establishing requirements for ESG reporting. These forces are putting pressure on organizations to get their facts in order. If business leaders and risk managers aren’t actively taking steps to improve the way they measure, monitor, analyze, govern, and report on ESG risks, they’re already a step behind.”
Wetekamp advised businesses to get all their ESG-related data in one place so they can understand what they have, who is responsible, and what else they may need. Another possible hurdle is data collection, with even a team of people with spreadsheets becoming overwhelmed by the amount of data needed to satisfy reporting requirements. Integrated software can help with reporting as well as become a strategic advantage that enables an organization to gain the largest return on their ESG investment, he said.
Riskonnect’s acquisition of Sword GRC
In April, Riskonnect completed its acquisition of Sword GRC, a UK-based software company that specializes in project and enterprise risk management software. According to Riskonnect, the deal strengthened Riskonnect’s integrated risk management approach by incorporating project risk into its platform and enabling customers to bring all aspects of enterprise risk under one roof.
“Our mission is to help organizations transform the way they manage risk by bringing all aspects of risk under one roof for complete visibility,” Wetekamp said. “The acquisition of Sword GRC directly advanced that goal by adding another aspect of risk – project risk – into our platform. With billions of spending pouring into infrastructure, energy, aerospace and defense in an environment of escalating supply chain disruption, commodity inflation, and talent/resource turnover – the need for strong project risk automation has never been higher. Through the Sword GRC acquisition, we have expanded our roadmap to deepening our project risk capabilities and integrating these insights to our broader enterprise risk management toolset.”
Wetekamp said that Sword GRC’s software was a “natural fit” with Riskonnect’s integrated risk management offering. The acquisition also gave Riskonnect an opportunity to grow globally and expand into new markets, including aerospace and defense, energy, and government. The combined entity now has 700 employees and over 1,300 customers worldwide.
Having acquired three companies over the past two years, Riskonnect is an actively growing firm, Wetekamp said. It recently entered a strategic partnership with Zurich Resilience Solutions UK that will enable it to reach the middle market and expand its presence throughout Europe and beyond.
“We’ve built out our executive team with several incredible leaders, including our newest additions, David Rockvam as chief financial officer and Fritz Hesse as chief technology officer. Both will play a big role in supporting Riskonnect as we enter our next phase,” Wetekamp said. “Today’s risk environment is highly complex, and the need for IRM technology is only going to increase. We’re eager to keep growing so we can reach more organizations and equip them with the tools to help them confidently manage risk.”