Search Results

Given the ongoing supply chain disruptions that continue to impact an organization’s operations, supply chain management has never been more critical. According to Gartner*, by 2025 supply chain risk management will be a critical success factor for over 50% of organizations. It is paramount to reduce supply chain risks and enhance resilience. In fact, IDC’s** research reveals that 63% of organizations view a lack of resiliency to be a key supply chain gap. * Gartner: How Supply Chain Leaders Can Prepare for the Next Big Disruption (June 8, 2022) ** IDC, Progressing Supply Chain Resiliency, Simon Ellis Gaining visibility into your supply chain is not only advantageous but imperative. Understanding your complex vendor relationships is essential for identifying vulnerabilities, assessing potential disruptions, and implementing proactive measures to ensure supply chain resilience. When organizations leverage advanced visualization, they can gain valuable insights into the dynamics of their supply chain ecosystem enabling them to make better decisions, become more resilient, and mitigate risk effectively. To learn more, join us for our webinar “ Building Resilient Supply Chains: Strategies for Success ” featuring GRC 20/20’s Michael Rasmussen and Archer’s Sarah Kassoff to learn: How to enhance your organization's supply chain resilience amid increasing uncertainties Strategies to reduce supply chain risk and ensure uninterrupted business operations The impact and benefits of visualization in tackling complex supply chain challenges Webinar: October 10, 2023 11:00 am Eastern Time Register Now! Visit Archer Third Party Governance for more information. Contact us to speak to an Archer Expert.

There are several key questions to ask in evaluating how well the content and associated documentation is managed for your use cases (like policy management). Is your change management program well designed? How would you demonstrate that to a stakeholder or outside party? Is the program applied earnestly / in good faith? How do you report on the results of the work done? The Archer Document Governance solution provides tools to manage your policy management’s critical documentation and help strengthen your program around these questions. 1: Key elements to a well-designed program: control and collaboration Policy programs are dynamic, with ongoing updates needed to keep policies and procedures current. A well-designed program will have both the agility and the control needed for ongoing change management. Archer Document Governance can help provide the agility and control you need through: Enabling simultaneous collaboration on documentation changes – no need to lose time emailing versions back and forth or risking lock-out of a collaborator from a shared network file Making teams aware of changes in the approval chain for the documentation they manage Providing a real-time view to where a document may be delayed in the change management process Documenting redlined changes for every published version Enabling quick response to audit inquiries 2. Enabling a strong culture of discipline: reinforcing the positive, removing the barriers In tandem with your leadership communications and targeted performance indicators, the right tool can help simplify and demonstrate diligent application of your policy management program. Archer Document Governance can support your culture of execution through how you manage the creation, governance, and publication of your program’s mission-critical documentation. Document Governance helps by: Simplifying through standardizing the creation, management, and distribution of policies and procedures Configuring your governance workflows and providing transparency into the process Accelerating the review and sign-off of documentation changes Serving as a single system of record for your documentation 3. Demonstrating program results Monitoring and reporting on the results of your policy management program takes both quantitative and qualitative measurements. Archer Document Governance can help you track and demonstrate program results through: Facilitating internal and external audits, providing detailed change logs, and redline comparisons for evidence across published versions Detailed management reporting, showing everything from change management cycle times to analysis where approvals get delayed by document type and team Contact us to speak to an Archer expert about how Archer Document Governance can support your program goals.

We have all seen our favorite risk management output – the vaunted risk heat map. These colorful graphs stimulate conversation and are staples of risk reporting. However, we are also very aware of their shortcomings. Unfortunately, qualitative output, even when bounded by scales and ranges, are still subject to interpretation. More importantly, qualitative assessments lack a level of detail that is critical to making the right business decision. Today, we announced our next generation of risk quantification capabilities for Archer Insight and the new Archer Insight Workbench offering. Using Archer Insight, organizations can use quantitative assessments within their enterprise risk management (ERM) programs to calculate financial and non-financial risk exposures and provide critical business insights to better assess, aggregate and report on risk. The new Archer Insight Workbench risk modeling tool is purpose-built for risk analysts and enables them to create their own models to dig deep into risk scenarios. Unlike systems that utilize qualitative risk analysis techniques, Archer Insight is designed to simplify the calculation and aggregation of risk exposure. It enables risk functions to standardize the calculation of financial exposure, differentiate risks in terms of rate of occurrence and magnitude, measure the value of controls, and manage risk based on the relative impact to the business. In short, it replaces qualitative and semi-quantitative scales with two simple questions – what is the general rate of occurrence of a risk? and what is the range of potential impact? Of course, the first question that comes up is “Where do I get the data for these estimates?” The good news is that quantitative assessments take uncertainty into account. Instead of being vague about uncertain inputs (“I think the likelihood is Medium”), shifting to quantitative inputs (“I think the rate of occurrence is 5 times a year”) puts a more tangible estimate into the equation. Then, these estimates can be tracked against real occurrences and shifted to better reflect the risk. In other words, by being more specific about the uncertainty, you are more aware of what you should be monitoring and the adjustments you make in the future are meaningful. This release puts vital tools in the hands of risk teams. The two approaches - quantitative assessments within ERM and risk modeling – provide risk teams with broad capabilities to better analyze and communicate risk. A major benefit of this approach is the agnostic nature of Archer Insight. The quantitative assessment built into Archer Insight can be applied to all types of risks including enterprise, operational, and cyber risks. As risk management teams seek to put the best information in the hands of their decision makers, risk quantification has become a critical element of their strategy. Archer Insight brings exciting new capabilities to your GRC program and takes ERM to the next level. To read our announcement, visit: Archer Introduces Next-Generation Risk Quantification Capabilities for Archer Insight and New Archer Insight Workbench

In an era of constant disruption, becoming operationally resilience has become a critical need for organizations worldwide. Operational resilience is the ability to prepare, adapt to, withstand, and recover from disruptions and unexpected events that can include natural disasters, cyber-attacks, power outages, supply chain disruptions, pandemics, and others. Operational resilience is not only about preparing for disruptions, but also about designing and implementing systems and processes that can continue to function under unexpected circumstances and recover quickly if disrupted. Organizations that prioritize operational resilience are better equipped to protect their critical functions, continue to provide their products and services even in the face of disruption, and quickly return to normal operations after a disruption. As a result, the organization is better able to maintain its reputation and trust with customers and stakeholders and create sustainability and long-term business value. We all look to great examples in our lives to show us the way, and FNZ is cracking the code on operational resilience. FNZ is a global wealth management firm that empowers 20 million people to invest through partnerships with over 650 financial institutions and 8,000 firms. Their strategy, process, and implementation of Archer recently earned them the 'Best in Class GRC in Risk & Resilience Management' award from GRC 20/20. Archer invites you to register for our upcoming webinar at 11:00am Eastern Time on August 30, Mastering Operational Resilience: Lessons from FNZ’s Award-Winning Strategy to: Uncover FNZ's award-winning strategies for building resilience and the outcomes achieved. Identify challenges and potential roadblocks in implementing operational resilience for your organization, with expert advice on how to maneuver around them. Understand how technology can significantly boost your organization's operational resilience, with real-life examples from FNZ's successful collaboration with Archer. For more information about how Archer can help your organization become resilient, check out Archer Business Resiliency .

Supply chain risk continues to be a critical challenge that organizations need to address. Due to the ongoing reliance on third-party products and services, an important part of managing supply chain risk effectively is implementing a robust third-party risk management strategy. The lack of visibility into an organization’s third-party vendors is a significant challenge when it comes to managing supply chain risk. This lack of visibility is a critical risk because any issues with suppliers can substantially impact an organization’s overall supply chain. Developing a third-party risk management strategy that provides visibility into an organization’s nth vendors is a key part of effectively managing supply chain risks. Additionally, it is crucial to consider risks from your entire supply chain that could potentially impact your organization when implementing this strategy. Four key supply chain risks to consider are cyberattacks, natural disasters, material scarcity, and economic conditions. These supply chain risks can affect suppliers throughout your supply chain, which, in turn, may impact your organization. Having a comprehensive strategy to mitigate these risks will help achieve the best possible outcomes for your organization. To ensure you are managing supply chain risks from all vendors in your supply chain, organizations should evaluate supply chain dependencies and identify regional dependencies to understand supply chain risk. This information can be beneficial in assessing the risk level and determining how to mitigate those risks if an unforeseen event causes a supply chain disruption. Managing supply chain risk is an ongoing process that requires continuous effort. By implementing a robust third-party risk management strategy, you can better protect your supply chain from potential disruptions and build resilience in your operations. To learn more about how effective third-party risk management can mitigate supply chain risks, read our whitepaper "Mitigating Supply Chain Risks: The Power of Effective Third-Party Risk Management".

Humankind has been performing risk assessments since the first time a caveman peeked out from his dwelling and determined if it was safe to run to the watering hole. Assessing risk is an inherent capability we are all aware of and is the foundation by which we attempt to understand uncertainty. In today’s world, uncertainty is an unwelcome but constant companion and organizations clearly understand the role risk management plays in ensuring success. Thus, the process of systematically assessing risk across the business has become an absolute pillar of the risk management program. However, this practice is not without its own evolution. Gone are the days when an organization can feel comfortable with a simple periodic review of potential issues. Risk assessments have changed significantly in response to changing times. More time and effort is being spent on risk assessments due to the highly visible nature of risk and the interest level of executive management, audit and risk committees and board of directors. Just like the caveman learned it was insufficient to take a quick peek and head out into the jungle, organizations are taking a more mindful approach and dedicating resources to ensure the most relevant and appropriate data is reviewed to inform risk reporting. This is no longer a ‘check the box’ exercise but a real input into decision making and strategy building at the highest levels of the organization. The frequency of risk assessments has increased to provide a more continuous view into potential issues within business operations. Along with spending more time and effort to gather information, data is being collected on risks on a much more frequent basis to keep pace with business and operational changes. The volatility of the market, the increased regulatory pressures and the amplified consequences of negative events have pressed risk management functions to quicken pace into an ongoing cycle of assessment. The need for tangible, defensible outputs from risk assessments has led to an increased focus on quantification of risk to better support decision making. While qualitative assessments can provide general direction and prioritization, the broad categorization of risks using traditional heatmap methods makes it impossible to truly stack rank potential issues and balance investment with return. Translating uncertainty into potential exposures and financial impacts is enabling organizations to evaluate where the biggest bang for the buck comes from when making decisions to implement controls. The evolution of risk management needs has led to many organizations recalibrating their approach to risk assessment. Download our short white paper “Evolving Your Risk Assessments: Tips for build a future proof strategy’ for recommendations on how to position your risk assessment approach to meet the immediate and future needs of your organization.

In today's interconnected business landscape, where companies heavily rely on third-party vendors, the need for robust cyber risk management practices has become crucial. The increasing frequency of cyberattacks originating from external vendors calls for proactive measures to safeguard sensitive data, protect business reputation, and mitigate potential financial losses. To ensure your strategic vendors prioritize cybersecurity, it's important to ask them the right questions. These are six important questions you can ask your vendors to help assess your vendors' cyber risk management practices and foster a secure business environment: 1. Has the third-party developed a comprehensive cybersecurity risk management program that addresses and manages their own supplier ecosystem - including their partners and other providers? A strong cybersecurity risk management program should encompass not only the third-party vendor itself but also extend to its suppliers, partners, and other providers within its ecosystem. By understanding how your vendors manage security across their entire network, you can assess their commitment to minimizing cyber risks and maintaining a robust security posture. 2. Are third-party employees well educated on security awareness and kept up to date on phishing schemes and other security-related concerns? Employee awareness and education play a pivotal role in combating cyber threats. Inquire about the training programs and initiatives implemented by your vendors to educate their staff on security best practices. A well-informed workforce that remains vigilant against phishing attempts and other security-related concerns can significantly reduce the likelihood of successful cyberattacks. 3. How is the third-party vendor alerted in cases of potential unauthorized access to their own data? Unauthorized access to your vendors' data can have serious implications for your business as well. It's crucial to understand how your vendors detect and respond to potential breaches within their systems. Prompt identification and remediation of security incidents can help minimize the impact on your organization and enable effective collaboration with vendors during such events. 4. What plan does your third-party vendor have in place to notify your company in cases of breaches or other security-related incidents? Timely communication is key in addressing security breaches or incidents. Ask your vendors about their notification processes and protocols in the event of a security breach. Having a clear understanding of how your vendor will inform your company enables you to respond swiftly, mitigate potential damages, and maintain transparency with your stakeholders. 5. Does your third-party vendor continuously monitor cybersecurity performance? Cybersecurity is an ongoing process that requires constant monitoring and evaluation. Inquire about your vendors' practices for monitoring their cybersecurity performance. Regular assessments and audits, vulnerability management, and adherence to industry standards demonstrate a commitment to maintaining a strong security posture. Continuous monitoring ensures proactive identification and mitigation of potential vulnerabilities before they can be exploited by malicious actors. 6. How well do your third-party vendors' Business Continuity Management (BCM) plans support your own operational resilience? Business Continuity Management (BCM) is crucial for maintaining operational resilience in the face of disruptions. Assess how your vendors' BCM plans align with your own business requirements. Understanding their strategies for mitigating risks, ensuring redundancy, and minimizing downtime during incidents enables you to gauge their ability to support your organization's operational continuity. As the cyber threat landscape continues to evolve, it's imperative to prioritize cyber risk management when engaging with strategic vendors. By asking these six essential questions, you can gain valuable insights into your vendors' cybersecurity practices and make informed decisions to protect your business. To learn more about effective cyber risk management, read our whitepaper: " Why Your Third-Party Risk Management Strategy Should Address Cyber Risk ."

Supply chain risk management has become increasingly critical in today's interconnected and complex business environment. Organizations rely heavily on third-party products and services, which introduces a new layer of risk that must be proactively managed. Failure to address these risks can lead to supply chain disruptions, compromised data security, and reputational damage. To enhance resilience and minimize vulnerabilities, organizations need to integrate third-party risk management into their overall supply chain risk management practices. Understanding the Importance of Third-Party Risk Management Managing third-party risks requires a comprehensive and systematic approach. It involves conducting due diligence on potential partners, assessing their risk profiles, and ensuring they have robust strategies and controls in place to prevent and mitigate risks. Clear contractual agreements should be established, outlining expectations for risk management, and specifying mechanisms for monitoring and addressing emerging risks. The Four Key Supply Chain Risks: Cyberattacks: Cyber risk management is crucial, considering the increasing prevalence of cyber threats. Organizations must develop strong partnerships with suppliers that have robust strategies to prevent loss or restore services promptly. Rigorous due diligence, regular assessments, and clear contractual agreements are essential for mitigating cyber risks. Natural Disasters: Natural disasters can cause widespread disruptions, impacting multiple suppliers in a specific region. Organizations should adopt a supply chain-based approach and consider backup capabilities and alternative suppliers in different parts of the world to reduce vulnerability caused by disruptions. Rising Consumer Demand/Material Scarcity: Managing increased consumer demand and material scarcity requires data-driven approaches. Leveraging technology and predictive analytics allows organizations to make informed decisions regarding inventory management, anticipate potential scarcities, and optimize supply chain operations accordingly. Increasing Freight Prices/Inflation/Economic Conditions: Collaboration within the supply chain network and leveraging technology play vital roles in managing risks associated with economic conditions. By actively engaging with suppliers, monitoring risks, and utilizing advanced analytics tools, organizations can optimize operations, reduce costs, and adapt to the evolving economic landscape. To learn more about how to mitigate supply chain risks through effective third-party risk management, read our eBook " Mitigating Supply Chain Risks: The Power of Effective Third-Party Risk Management ."

Artificial Intelligence (AI) refers to computer science that focuses on creating intelligent machines capable of mimicking human cognitive abilities. AI aims to develop systems that can perceive, reason, learn, and make decisions autonomously. Machine learning (ML) is a subset of AI that focuses on algorithms and statistical models that enable computers to learn from data without being explicitly programmed. AI can play a crucial role in enhancing business resiliency by providing advanced analytics, automation, and intelligent decision-making capabilities. For example: McKinsey & Company’s Noble Intelligence has developed a computer-vision algorithm that assesses damage to buildings using pre-and post-disaster satellite imagery. The algorithm classifies each building into one of four categories (from “no damage” to “destroyed”) within minutes of receiving the relevant satellite data, with no human input. This quick analysis can help relief workers and organizations deploy emergency aid and allocate scarce resources more quickly. Organizations are using AI techniques to interpret social media feeds following disasters. This type of analysis provides vital on-the-scene information about infrastructure damage and aid being provided to victims by flagging images from shelters where people are without blankets or waiting outside in the streets. AI models can also use satellite and other data to predict at-risk areas. Damaged buildings and areas can be geo-tagged to help relief workers identify vulnerable areas and allocate resources for faster response and recovery. AI can also provide optimal route planning based on damage assessment maps for faster aid delivery in post-disaster areas. Faster damage assessments can help teams understand and provide necessary resources more quickly. In addition to a focus on strengthening the resiliency of communities or organizations, incorporating AI results into integrated risk management (IRM) automation can significantly enhance the efficiency and effectiveness of these processes. Here is some ways AI could be incorporated with an IRM technology like Archer: Risk Assessment and Management : AI can analyze vast amounts of data to identify risks and assess their potential impact. AI-powered risk assessment models can provide real-time insights into emerging risks, help prioritize risks based on their severity and likelihood, and support decision-making in risk mitigation strategies. These AI-generated risk assessments can be integrated into IRM automation systems, enabling automated risk monitoring, reporting, and mitigation workflows. Data Analytics and Predictive Insights : AI-powered data analytics can be integrated into IRM automation to identify trends, patterns, and potential risks. By analyzing historical data, AI can generate predictive insights, such as identifying areas with a higher likelihood of compliance breaches or potential vulnerabilities. These insights can support proactive risk management and compliance planning. Automating Incident Response : AI can automate parts of the incident response process, improving response time and effectiveness. AI-powered systems can analyze and correlate security alerts, assess the severity of incidents, and recommend appropriate response actions. This assists teams in managing incidents more efficiently, reducing response times, and minimizing the impact of disruptions. Business Continuity Planning : AI can aid in developing robust business continuity plans by simulating different scenarios and predicting their impact on operations. It can model various disruptions and devise strategies to minimize downtime, ensure supply chain continuity, and maintain critical functions during crises. Supply Chain Optimization : AI can optimize supply chain management by analyzing complex data sets, including inventory levels, demand patterns, transportation logistics, and supplier performance. It enables businesses to identify potential disruptions, optimize inventory levels, streamline logistics, and respond swiftly to changes in demand or supply. Continuous Monitoring and Auditing : AI can facilitate continuous monitoring and auditing within IRM processes. By analyzing large volumes of data in real-time, AI algorithms can detect deviations, monitor control effectiveness, and identify potential compliance issues. These AI-driven monitoring capabilities can be integrated into IRM solutions to enable ongoing monitoring and automated auditing, reducing the need for manual sampling and periodic assessments. Integrating AI results into IRM automation like Archer opens the floodgates to additional insight but requires careful consideration of data quality, model accuracy, and regulatory requirements. Collaboration between AI experts, IRM professionals, and IT teams is essential to ensure a robust and compliant integration between AI and IRM automation keeping in mind that AI may require human intervention to interpret the results of analyses, or to draw conclusions that drive actions. Regular updates and validations of AI models should be conducted to maintain their effectiveness in an evolving risk and compliance landscape. While AI offers significant potential, its successful implementation requires careful consideration of ethical implications, data privacy, and transparency to build trust among stakeholders. Read this white paper to learn more about Strategies for Building Business Resiliency . Contact us to speak to an Archer expert.

There are few absolutes in the business world. Perhaps “the customer is always right” and “you have to spend money to make money” are contenders. The most certain thing in business is uncertainty. Uncertainty grows as the enterprise scales and managing uncertainty – via risk management programs – becomes a significantly complex problem. The resulting mix of people, processes, and data involved in risk management morphs into a multifaceted program with many moving parts. There are parallels between risk management programs and other key elements of the modern enterprise such as Human Resources, Finance and Sales and Marketing. These functions leverage enterprise-class systems, such as Customer Relationship Management (CRM) and Finance suites, to manage the complex business processes involved with managing customers or finances. These systems provide a range of benefits, including increased efficiency and better decision-making capabilities. Enterprise systems can improve collaboration by providing employees with access to shared data and information facilitating communication and interaction between departments. For example, a CRM system can provide sales teams with access to marketing data, which can help them develop more effective sales strategies. Similarly, a finance suite can provide business leadership with access to financial data, which can help them make better-informed financial decisions. The time has come to consider a risk management platform as a necessary enterprise system just like an HR or CRM platform because it enables organizations to manage their risks comprehensively and efficiently. The traditional approach of managing risks in silos is no longer sufficient, as it fails to address the interdependent nature of risks and their potential impact on the organization as a whole. There are many ways an instantiated risk hits the bottom line such as regulatory fines, reputational hits, and operational losses. An integrated risk management approach is necessary to effectively address these challenges but there are complexities within organizations that must be addressed. Optimizing a solution to the problem involves consolidating risk management functions into a single, comprehensive system that can identify, assess, and manage risks holistically. An integrated risk management platform consolidates all risk management functions into a single system, providing a holistic view of risks and their impact on the organization. To learn more about how integrated risk management has become a critical enterprise capability, read our white paper “ Integrated Risk Management: The Enterprise Capability Your Organization Needs ” .

Organizations are increasingly relying on vendors, making third-party risk a growing concern for businesses. Unfortunately, many organizations still depend on traditional methods of risk management, such as onboarding controls and infrequent assessments. With this approach, organizations face several challenges. These challenges include limited visibility into changes or developments in a vendor's operations, security posture, or compliance status. Additionally, there is an inability to identify emerging risks and vulnerabilities, failure to meet updated compliance regulations due to constantly evolving requirements, and an incomplete understanding of a vendor's business continuity plans, security practices, and risk environment. According to Gartner, 83% of legal and compliance leaders reported that they identified third-party risks after due diligence and before recertification. To effectively manage third-party risks, organizations must incorporate continuous monitoring into their risk management strategy. This method involves ongoing, proactive monitoring of vendors throughout their lifecycle to ensure timely and accurate insights into associated risks. To learn more, register for our upcoming webinar on June 13, 11:00 am EDT, Third-Party Continuous Monitoring: Benefits & Best Practices with Michael Rasmussen , to: Learn how continuous monitoring can transform your organization's third-party risk management strategy. Discover best practices for implementing continuous monitoring most effectively. Explore how Archer can elevate your third-party risk management program to keep you ahead of third-party risks. Visit Archer Third Party Governance for more information. Contact us to speak to an Archer expert.

Can your organization respond to a major disruption without incurring losses or other negative impacts? Unfortunately, Gartner reports that only 12% of organizations are able to do so. With today’s evolving threats of geopolitical events, economic downturns, supply chain disruptions, pandemics, and complex technology-related issues, it is crucial for organizations to become resilient. A resilient business is one that is able to quickly respond to, and recover from, these types of events while minimizing the impact on the business and its stakeholders. Some key components of business resiliency include: Risk management: Identifying potential risks and taking proactive steps to reduce their impact on the business. Business prioritization: Focusing efforts to make the most important business services and supporting processes, people, and technologies resilient. Continuity planning: Developing plans and processes to ensure that critical business functions can continue in the event of a disruption. Crisis management: Having a clear and structured approach to managing crises, including communication plans and decision-making frameworks. Flexibility and adaptability: Being able to quickly adapt to changing circumstances and make decisions based on new information. A resilient business is one that is able to quickly respond to and recover from disruptive events while minimizing impact on the business and its stakeholders. But building business resilience goes beyond responding to risks and disruptions. You need to create a sustainable organization that can withstand unforeseen challenges and emerge stronger and more prepared. Archer invites you to register for our upcoming webinar on June 22, 2:00 pm EDT, Best Practices for Reducing Risk and Building Business Resilience , to: Discover the top risks your organization should be planning for in today's complex business landscape. Learn about best practices for building business resiliency, from risk identification and evaluation to implementing resilience measures. Gain insights into creating a resilient organization that can withstand unforeseen challenges and emerge stronger and more prepared. For more information about how Archer can help your organization become resilient, check out Archer Business Resiliency .