To succeed in the risk environment, risk, audit, and compliance leaders need to focus on what Gartner calls “reflexive risk ownership.” This is a future state where business leaders don’t just identify and manage risks after they occur, but instinctively recognize and respond to them as part of their daily decision-making.
Rethink risk management
At the opening keynote of the Gartner Enterprise Risk, Audit & Compliance Conference, Gartner experts highlighted how risks are now emerging faster, overlapping, and becoming harder to classify. This makes it essential for organizations to rethink how they approach risk management.
“Risk management is now one of CEOs’ most critical priorities; its importance has increased by over 50% since last year,” said Chris Audet, Chief of Research in the Gartner Assurance Practice. “This has created a unique moment for assurance leaders.”
Developing this kind of organizational risk reflex takes more than policies and procedures. It requires coaching risk owners and leveraging technology, especially AI, to support them.
“Eighty-eight percent of risk owners are highly motivated to meet expectations around managing risks,” said Tegan Gebert, VP in the Gartner Assurance Practice. “Yet only 35% feel confident they know how to do so. They need assurance leaders to show them how.”
Coaching
Much like a sports coach is responsible for creating the systems, stimuli, and structures that foster great athletes, assurance leaders must coach their risk owners to develop a risk reflex. To coach an organization towards having a risk reflex will involve deliberate, marginal steps towards a larger goal.
“Assurance leaders need to be the coaches their risk owners need: leveraging tools, insights and influence to get them to practice, to improve, and to persist,” said Gebert. “An organizational risk reflex will be enabled by a series of actions that are learned or practiced until they happen so automatically that they appear reflexive. Assurance leaders must create the larger system that both encourages and reinforces the right risk ownership behaviors.”
To make risk management feel natural, like a reflex, Gartner suggests that assurance leaders focus on three core areas: engineer, provoke, and recognize. These foundations work together to make good risk behaviors easier to follow, harder to ignore, and more rewarding to maintain.
Engineer
The first step is to design systems that make it simple for people to do the right thing and difficult to skip important risk steps. Small, intentional changes to processes and tools can lead to big improvements. Many assurance leaders are already simplifying guidance, cutting down on unnecessary documentation, and weaving risk checks into everyday tasks.
But making things easier isn’t enough. The systems themselves need to push people toward compliance by making risk actions visible, expected, and part of the culture. For instance, imagine a contract management system that also acts as a third-party risk platform. A risk owner could renew a contract or pick from a list of vetted suppliers without needing to go through a long approval process. Compliance would be built into the workflow, not added on later.
Provoke
The second focus area is about sparking deeper thinking. Assurance leaders need to create moments that challenge assumptions and drive people to take action. This can be done through risk assessments, workshops, or feedback sessions that are designed to uncover blind spots and surface new ideas.
Practical examples include asking more thought-provoking questions in risk surveys or shifting the focus of audits. Instead of reviewing project governance, an audit might look at the overall environment that led to risks in the first place.
Recognize
Finally, the right behaviors need to be reinforced. Recognition works best when it’s public and tied to effort, transparency, and progress, not just results.
This could mean celebrating teams that tackle risks early, sharing success stories across the company, or using dashboards and other tools to highlight when someone goes above and beyond. When people see their actions acknowledged and valued, those good habits are more likely to stick.
Source link
