One of the biggest challenges facing CIOs today is a lack of flexibility within the organization. In today’s marketplace, more than ever, companies have to adapt and respond to changing conditions. However, while businesses strive to be flexible, they also need to be stable in order to establish continuity, customer loyalty, and employee buy-in. This seeming contradiction between agility and stability is where using risk management framework (RMF) becomes important for companies that want to empower business agility.
Companies need to be both resilient and responsive. Resiliency is the strength and stability to survive outside threats. Responsiveness means agility in adapting to changing circumstances, and even profiting from challenges. The best companies find a way to use the changing marketplace to their advantage, and using risk management framework is a simple way to codify best practices in agility and stability.
What Is Risk Management Framework?
The federal government is probably not the first place you’d look for guidance on business agility. However, according to Mike Lloyd in a recent Forbes article, the National Institute for Standards and Technology (NIST) fits risk management and agility together perfectly in its risk management framework.
The risk management framework is a cycle of new information systems development, but it can be applied to many areas of business. The cycle begins with the categorizing the information you currently have and understanding what your assets are that need protection. Next, consider, select, and implement security controls for the assets. After implementing the controls, quickly test those controls to assess the overall level of security provided by your first implementation to look for weaknesses. If the controls are adequate, authorize the information system and continue to monitor the system.
The risk management framework closely mirrors agile processes in software design and other business practices. It’s based on quick cycles of implementation and testing that respond to changing needs and challenges. In September 2017, NIST updated its risk management framework guidelines, and anyone interested in implementing risk management should read those.
How to Empower Business Agility by Using Risk Management Framework
Modern companies face challenges from all sides. Another Forbes article found that business agility was the deciding factor for business success when businesses faced disruptions from changing technology, cybersecurity, and smaller, faster competitors. In fact, being a big company is no longer enough to guarantee stability. 70% of the companies that were in the Fortune 1000 a decade ago are no longer around, in large part due to rapidly changing digital trends.
A recent interview with the top management consultants at McKinsey pointed out that good implementation of risk management shouldn’t be complicated, and it shouldn’t involve too many rules or processes for business teams to follow. The key finding from these consultants was that the best way to respond to challenges in the marketplace is to reduce structure and barriers in your organization, the opposite of most managers’ first instincts.
Consultants at PWC backed up McKinsey’s findings, adding that long-term success in the modern business environment is contingent on a two-sided approach to risk management: resiliency and agility. Reducing structure and bureaucracy in your organization means you’ll be able to deflect the damage from market disruptions and respond quickly to benefit from change.