Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organizational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
“As ERM leaders reassess their organizational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
Four areas of risk ERM leaders should monitor
There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues:
While organizations’ first order of business is to address the health and safety of employees directly affected by the war, Shinkman noted there are many second and third order effects that could impact employee well-being at this time. Employees across the globe could have family and close friends at risk in the region. Internal communications addressing employee well-being and outlining counselling services will need to be carefully calibrated and distributed at a higher frequency.
At an organizational level, talent risks can manifest through productivity constraints in the affected region, as well as disrupting access to the large amount of IT talent concentrated in the countries impacted by the war.
The potential for increased cybersecurity attacks during this time means that the frequency of tabletop exercises should be increased, as well as ongoing review of protocols to defend against ransomware and other malware attacks. The research previously identified new models of ransomware that defy typical mitigation strategies as a key emerging risk impacting organizations.
As a result, Shinkman said it’s more critical than ever for ERM leaders to lead the business in clearly defining their high-value assets and have a response plan in place so that triage and decision-making are not made on the fly during an attack.
In the event of direct financial exposure to Russia, ERM leaders should be in close communication with third-party service providers on how best to provide and receive alternative payments that do not violate current sanction policies. Beyond direct exposure to the region, the war is likely to continue to raise key commodity prices and be a driver of inflation.
As a result, financial models for raw materials will need more frequent updates, while currency and interest rate impacts will likely be more volatile this year. ERM leaders should coordinate with peers across assurance functions to analyze financial risk information and prepare mitigation strategies at more frequent intervals in this environment.
Supply chain risk
ERM leaders should ensure that their organizations have updated supplier contingency plans in place that reflect the current environment. Supply chain risk should be freshly evaluated and efforts made to identify and limit any individual supplier dependency.
Longer-term, ERM leaders should lead discussions on how their organizations will cope with the potential for key materials shortages, higher expenses, and assess alternative logistics options for obtaining materials and critical components.