Mature IRM processes for summer and beyond

Published on May 25, 2018

Memorial Day weekend kicks off summer in America. AAA projects nearly 42 million will travel at least 50 miles away from home. Outside the office is where many find inspiration for what needs to change in the office.  

Our suggestion for change is to work on maturing your organization’s integrated risk management (IRM) processes. Mature IRM processes increase efficiencies, improve risk-based decision-making, make company goals easier to reach, strengthen incident response, and more.  

But where do you begin? What are the two or three things that you can do to get things rolling for summer, third and fourth quarter, and beyond?  

Current IRM maturity
Before you can mature your IRM processes, you need to determine where you are on the IRM maturity scale. There are two ways to do this. You can take our maturity quiz. Or self-assess by selecting the maturity level stage below that best describes your organization.  

Beginner
Using manual processes like Excel, Word, e-mail, and SharePoint. 

Intermediate
Using a platform to perform one or two compliance activities. 

Experienced
Relying on a platform to integrate compliance and risk management functions. 

Expert
Leveraging platform capabilities to continually integrate risk management processes enterprise-wide, plus Experienced.  

By knowing where you are on the maturity scale, you can then set your sights on a goal that’s attainable. In camping parlance, there’s a big difference between pitching a tent in the backyard and spending the weekend with Bear Grylls.  Be realistic about what can be accomplished. When you achieve it, celebrate for a moment, and then set a new goal. As Grylls website says: “Be brave. Inquisitive. Prepared for the journey. Ready for anything. Unafraid to fail.”  

Change is hard but necessary
Change is challenging for organizations because people naturally resist it. In her keynote at LPRS18 on the topic of building a culture open to change, Carole Switzer with OCEG shared the reasons why. People believe if a process isn’t broken, why change? There is a fear that a new process will make jobs harder. Risks outweigh the benefits. Or there’s a collective sense that the transition period won’t go well.  

To win over people resistant to change, involve them in the change process. Form a cross-departmental task force of individuals that the IRM changes will impact, share the rationale for the changes, and how the changes will improve workday lives and benefit the organization.  

The other sure-fire tactic to pull off IRM changes is to involve an IRM champion–an executive who can lead the charge. This was noted in the GRC Buyer’s Guide with guidance to turn a senior-level exec into a GRC Sherpa.  Here’s an excerpt: 

Mount Everest climbers employ Sherpas to carry their equipment. That same principle applies to maturing your IRM program. Having a senior-level exec supporting you makes all the difference in the world. 

Maturing your IRM program won’t be easy, but with early adopters and a champion leader on your team, your odds of success increase dramatically.  

Making it happen 
Right now, you’re in the planning stages for maturing your IRM processes. This is a great time of the year to plan changes. We’re well into the year but months remain for working toward goals. People in key positions will take time off this summer, come back refreshed and should be more open to change.  

IRM maturity is a growing necessity in a world of GDPR, cyber risk, digital risk, third-party risk, operational risks, in essence, risks of every kind. Given the business world we’re in, efforts to mature IRM processes are warranted. 

As we kick off summer, plan our getaways, fire up grills, and honor those who served our country and paid the ultimate price, spend some time planning and plotting IRM maturity changes.  You can’t wave a magic wand and make them happen. They take time, teamwork and leadership. Well? Make it happen!  

Related Articles:

NYDFS Cybersecurity Regulation Isn’t Just a Phase

NYDFS Cybersecurity Regulation Isn’t Just a Phase

The New York Department of Financial Services (NYDFS) Cybersecurity Regulation was a first-in-the-nation cybersecurity regulation when it became effective on January 1, 2017. It was big news then, and it’s big news now.