Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” says Matt Shinkman, vice-president with the Gartner Risk and Audit Practice. “As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-suite as to the critical changes that require attention now.”
Gartner has identified four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues:
* Talent Risk – While organisations’ first order of business is to address the health and safety of employees directly affected by the war, Shinkman notes there are many second and third order effects that could impact employee well-being at this time. Employees across the globe could have family and close friends at risk in the region. Internal communications addressing employee well-being and outlining counselling services will need to be carefully calibrated and distributed at a higher frequency. At an organisational level, talent risks can manifest through productivity constraints in the affected region, as well as disrupting access to the large amount of IT talent concentrated in the countries impacted by the war.
* Cybersecurity Risk – The potential for increased cybersecurity attacks during this time means that the frequency of tabletop exercises should be increased, as well as ongoing review of protocols to defend against ransomware and other malware attacks. Gartner research previously identified new models of ransomware that defy typical mitigation strategies as a key emerging risk impacting organisations. As a result, Shinkman said it’s more critical than ever for ERM leaders to lead the business in clearly defining their high-value assets and have a response plan in place so that triage and decision-making are not made on the fly during an attack.
* Financial Risk – In the event of direct financial exposure to Russia, ERM leaders should be in close communication with third-party service providers on how best to provide and receive alternative payments that do not violate current sanction policies. Beyond direct exposure to the region, the war is likely to continue to raise key commodity prices and be a driver of inflation. As a result, financial models for raw materials will need more frequent updates, while currency and interest rate impacts will likely be more volatile this year. ERM leaders should coordinate with peers across assurance functions to analyse financial risk information and prepare mitigation strategies at more frequent intervals in this environment.
* Supply Chain Risk – ERM leaders should ensure that their organizations have updated supplier contingency plans in place that reflect the current environment. Supply chain risk should be freshly evaluated and efforts made to identify and limit any individual supplier dependency. Longer-term, ERM leaders should lead discussions on how their organisations will cope with the potential for key materials shortages, higher expenses, and assess alternative logistics options for obtaining materials and critical components.