Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Risk and compliance: A 2021 comeback strategy

By Haywood Marsh
risk management
February 18, 2021

The pandemic tested corporations in 2020 like never before, and the fallout of the pandemic has sparked a host of additionally destructive risks: cybersecurity, supply chain, health and safety, financial fraud, and regulatory compliance.

If the experiences of 2020 taught us anything, it’s that risk in the modern world cannot be understood or sufficiently mitigated with a siloed approach. Individual threats, such as regulatory risk and IT security, converge. Lacking a high-level view, it’s difficult to see the web of cause and effect – making it more difficult to anticipate, prepare, or mitigate the biggest risks. 2020 may be over, but the challenges remain in 2021. Compliance and risk management will need a shared umbrella of information and communication to tackle the complex, integrated risks of today’s landscape.

This year, the most successful organizations will:

  1. Integrate compliance, IT, operational, reputational, third-party, and corporate social responsibility (CSR) processes and practices.
  2. Appoint more Chief Risk Officers (CROs) or Chief Risk and Compliance Officers (CRCs) and/or establish risk and compliance committees to manage an integrated risk strategy and to establish clear lines of responsibility.
  3. Respond to board-level committees tasked with addressing enterprise-wide risk.

The Future of Risk Integration

The U.S. Department of Justice (DOJ) and other regulators scrutinize organizations’ ability to prevent misconduct from happening; other risks, like those arising from climate change or supply chain failures that threaten enormous operational disruption, don’t fall within the scope of regulatory enforcement concerns. But they are no less important to a company’s financial and reputational health.

Social media advocates can easily draw public attention to corporate missteps, asking, essentially: How did the company not see this coming? That’s a question corporate boards and CEOs never want to ask.

In 2021, boards will need tools and information to assess, manage, and report enterprise risks. Risk integration isn’t new, but the pandemic and instability of 2020 has accelerated the need for effective corporate governance. Spreadsheets, standalone systems and working in silos aren’t enough to track and weigh the many complex risks of the near future; purpose-made integrated risk management technology is the most effective way to monitor risk on an ongoing basis.

Integration of Risk Management Processes is Inevitable

Governments around the world are already responding to the complex, new risk landscape by pushing organizations toward increased transparency and accountability. In the U.S., the DOJ updated its guidance for evaluating effective compliance programs in 2020; and the new Biden Administration has already indicated it will seek more disclosure from corporations on climate change and racial equity. The European Union’s new whistleblower protection rule will go into effect at the end of 2021. Enforcement of anti-corruption, anti-money laundering, data privacy, and human trafficking laws has also increased dramatically, and new laws around these issues are already on the books.

These dynamic social, regulatory, and economic pressures require an integrated approach to risk management.

The board, senior executives, and business unit leaders should have a comprehensive understanding of organizational risks. Companies who can evolve and meet these new demands will have the advantage of informed decision-making and improved performance.

4 Steps to Future-proof Your Risk Management Program

1. Build Company-wide Support for IRM

Integrated risk management affects the legal, internal audit, IT, and compliance functions, as well as any existing risk management functions. In addition to working with other departments, advocates for IRM need to identify and cultivate the support of in-house partners, senior management, and the board, which has the ultimate responsibility for assuring effective risk management.

2. Clarify Roles and Responsibilities

How will compliance and risk management functions intersect? This can be a delicate question, but decision-making hierarchy, and ultimately, accountability, requires clarity around roles and responsibilities. If you don't have a CRO or CRCO, or at the least a risk and compliance steering committee, consider designating a member of senior management to assume these duties and/or form the committee.

3. Define Risks and Mitigation Steps

Leaders throughout the enterprise will need to use risk assessments to map risks to processes and requirements, such as:

  • supply chain management
  • IT risks
  • compliance risks
  • reputational risks
  • financial liquidity
  • litigation threats
  • workplace operations risks, like extreme weather events or pandemics

Use risk management frameworks to identify and mitigate risks. This can be an ambitious undertaking; role clarification is an important prior step.

4. Enhance Your Monitoring and Reporting Capability

For quick mitigation, risks must be monitored on an ongoing basis. Further, new risks should generate an alert and be reported to key stakeholders so risk management leaders can prioritize the organization’s high-level risks, pressing concerns, and less urgent considerations, and mount a strategic response.

It is tempting to view 2020 as an anomaly, and in many ways, it was. However, the events that sparked the many crises of 2020 - political instability, weakening institutions and norms, social unrest, increasingly complex supply chains, trade wars and sanctions, ecological disruption, and accelerated climate change, just to name a few – will be with us for years.

Businesses that isolate compliance risk from other business risks will not be able to strategically respond.

Those companies that bring risk and compliance together under the same umbrella will be poised to respond when the next storm hits. Which it inevitably will.

KEYWORDS: compliance tools cyber security enterprise security risk management supply chain security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Haywood Marsh is General Manager of Risk Services at NAVEX Global.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Three women sitting around a desk

    Beyond compliance theater: Crafting a compliance strategy that works

    See More
  • business-risk-management.jpg

    Why cyber risk assessments should be a part of your business strategy

    See More
  • risk-management-freepik1170x6586905 (1).jpg

    Digital risk management and compliance as a code

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing