DM Sep-Oct 2023

Dm STRATEGY: RISK MANAGEMENT
We are all risk managers
Global executives are evolving their approach to risk, says
Sue Trombley, Managing Director of Thought Leadership,
Iron Mountain, examining who is responsible for risk
management and how they can adopt solutions that
protect all parts of the organisation
Risk management is not a new topic,
especially for records and information
leaders. Risk and cost reduction have
been strategic and operational objectives in
organisations for decades. But given
heightened and complex disruptions over
the past three years, executives are taking a
new look at how to identify, anticipate, and
manage risk. New research provides a
message that is loud and clear: senior
executives must lead from the top to ensure
that all employees are "risk literate" - because
everyone is a risk manager.
EXAMINING PERCEPTIONS
A recent global study sponsored by Iron
Mountain and conducted by Economist
Impact (the research arm of the popular
weekly newspaper The Economist) surveyed
more than 650 executives from around the
world and across both private and public
sectors. The study examined these leaders'
perceptions of risk, how it has changed
since 2020, and how they have adjusted
their strategies to protect their most
significant vulnerabilities.
An overwhelming 90% of respondents say
they have increased the importance they
assign to identifying risk since 2020. And
80% are now more sensitive to indicators
that could have an impact on their
reputation, giving nearly equal consideration
to operational, environmental,
technological, and workforce indicators.
The study also found that 77% of
executives agree that risk management
spans the entire organisation, yet over half
admit that they need to improve crossfunctional
collaboration and only 46% have
invested in the creation of enterprise-wide
risk management teams. Only 36% report
integrating risk management into their
overall strategy or placing decision-making
as a priority feature of their risk
management system.
Other research highlights include:
76% of respondents say technology is a
much more important risk factor than it
was three years ago
Only 29% have clear policies around risk
management and only 22% have clear
accountability for risk management
86% say their organisation needs more
continued support from management
73% say there's a lack of standardised
evaluation to measure risk
Over 63% aren't relying on or thinking
about third-party contracts, vendors,
and supply chain partners for risk
management, failing to establish a riskaware
chain of custody for their records
and information storage
86% of executives say they need better
assessment and awareness of how
climate change impacts risk.
Risk has always been present, but this
research confirms that risk management
must evolve from a siloed function to an
integrated and active part of an
organisation's culture.
Risk awareness and management are the
responsibility of an entire enterprise,
including its vendors and partners. Going
beyond the singular role of risk manager or
risk officer, risk management is an effort that
requires an interdisciplinary, interconnected
approach that creates a rigorous framework
for anticipating and mitigating risk.
EVERYONE IS RESPONSIBLE
When asked "Who is responsible for risk
management in your organisation?" survey
respondents identified a range of roles from
CEO to the head of IT, showing a lack of
consensus. Because risk identification and
management are happening on the ground
in day-to-day activities, it's important to
equip everyone to be a risk manager and
continually promote collaboration.
A strong indicator of effective risk
awareness is representation by key
stakeholders, yet only 4% of surveyed
executives report having a risk management
committee that is directly responsible for
driving risk management. Such a
committee creates the scaffolding needed
to build a comprehensive, cross-functional
team dedicated not only to informed
26 @DMMagAndAwards September/October 2023 www.document-manager.com