There is no question organizations today are in a rapidly changing risk environment and the pressure to improve risk management practices is being driven top down from boards and executives. Managing a cultural shift from the reactive checking the box of compliance to a more proactive risk management model requires change and participation across the organization. A cohesive risk environment protects against loss while supporting as much growth as possible. But this shift relies on common processes for measuring and reporting risk postures across the enterprise being integrated into daily business practices. Plus, organizations must be able to share risk information with stakeholders, provide a thorough understanding of the risk environment, and communicate the potential impact risk could have on the business, both good and bad. When you can proactively link risk management to business objectives, risk becomes a new source of competitive advantage.
In addition, given the velocity at which risks continue to emerge, risk management can no longer be the sole responsibility of the risk professional. While the risk management team is a critical part of the organization’s risk management framework, business units or operations management must be more directly involved in the identification, assessment and remediation of risk. Business unit managers are the most likely to know what is going on within their business units, what is changing, what risks are emerging and what risk treatments are being implemented. Business units have the best knowledge of which controls are operating and which are not, and they are ultimately accountable for their risk and internal control framework.
Hence the many drivers for Governance, Risk and Compliance are churning away and technology is a key part of those strategies. When you think of GRC technology solutions, most people immediately focus on the technology itself. However, technology is not just about writing code. Technology today is about inspiring people to change the way they think and live. Think about the piece of technology everyone has in their pocket or purse today. Mobile technologies inspire people to change the way they live every day. They connect to old friends through Facebook, they manage their finances on a daily basis through mobile banking and monitoring stocks, they share a picture of their lunch on Instagram.
GRC solutions must do the same. They need to INSPIRE the users to change the way they think about compliance and risk. Just as the GRC program needs to change the way the business unit managers and front line employees conduct their business, the technology underpinning that effort needs to fuel that shift in thinking.
This is why I am so pleased to announce the upcoming launch of RSA Archer GRC 6 which brings together technology and business processes to inspire everyone to own risk within an organization. This release offers:
- A new user experience for all RSA Archer GRC solutions, with new features including a walk-up friendly, task-driven user interface and drag-and-drop advanced workflow capabilities. All solutions will see the updated interface that includes the new color scheme, fonts, icons, navigation and more. Advanced configuration options include task-driven landing screen integration, workflow chevrons, action-driven user interface, multi-layout workflow, and more.
- New capabilities for RSA Archer Operational Risk Management includes end-to-end support for the self-assessment lifecycle; enhancements for loss event origination, routing, and approval; and metrics management. These features are designed to better engage business unit managers (the first line of defense) and risk managers (the second line of defense) in the organization’s risk management program. Operational risk use cases come with out-of-the-box workflow, reports, user personas and dashboards that align with the “three lines of defense” principle.
Trying to get a clear risk picture across the business is typically chaotic and incomplete, despite an organization’s best efforts. RSA Archer GRC 6 is the latest step in providing a solution that uniquely provides a holistic risk viewpoint, with business context tracked across all risk use cases. Business units can establish the business entities, assets, products, services, and processes that have the highest impact on the bottom line, and use RSA Archer as a lens through which to review different risk types, including continuity, compliance, cyber or security, resiliency, and supplier risk.
Join us for a Virtual Launch event next Tuesday, November 10th at 11:00 EST to hear how RSA Archer 6 can inspire your users.