Granite’s annual State of Risk Management survey gathered 79 responses this year, providing insight into the current state of risk management in Finland. The results revealed interesting surprises and important observations, such as how organisations perceive legislation and compliance from a risk management perspective.
Implementing Risk Management – Tools and
Maturity
Most respondents assessed their organisation’s risk management as mature and well-integrated into operations and goals. However, the utilisation of collected data was still seen as reliant on manual processes in multiple locations or files. Risks were reported to be identified mostly once a year, but the regularity of monitoring varied evenly from monthly to annually. Respondents felt that risk management was well integrated into their organisation’s strategy and objectives, with nearly half stating that it also covered the assessment of opportunities.
More than half of respondents reported having a dedicated risk management system in use, while only about a third still relied on Excel or similar spreadsheet software. This is a positive and logical trend, as new regulations and directives demand increasingly precise documentation and reporting. A suitable system also facilitates, for instance, the monitoring of realized risks, which the responses indicate is being performed in organisations to a commendable extent.
A Surprising Finding – The Compliance “Bogeyman”
One surprising finding stood out among the most significant threats to organisations. As expected, cyber and information security risks were seen as the most significant threat, but the next most significant threat identified by respondents was legislation, regulation, and compliance. This greatly surprised us at Granite. The additional workload and uncertainty caused by increased regulation and new EU directives reflect the need for dedicated risk management tools, which provide meaningful value to organisations.
Respondents’ own assessments of their organisation’s ability to meet new requirements were surprisingly low: two-thirds rated their readiness as only moderate, with only one-third considering it good.
On the opportunities side, “environment and sustainability” emerged as one of the top three most frequently mentioned areas. Thus, sustainability appears to be the aspect of compliance that is seen as offering not only threats but also competitive advantages and opportunities. Other opportunities highlighted in the responses included technology and market demand.
Breaking Down Silos
As challenges to the development of risk management, respondents highlighted the understanding of the value of risk management and the siloing of information. Granite aims to address these challenges by continuously developing its services to meet customers’ evolving needs. Last year, we undertook a significant architectural transformation of our entire operating system. This change enables relations and data transfer between Granite’s tools, providing a better and more comprehensive overview, such as of observations and the risks assessed based on them. Read more about Granite’s relation features and platform renewal here.
In addition to the platform renewal, Granite has conducted extensive research into the potential use of artificial intelligence in risk management. Based on the survey responses, this also appears to be a desired direction for development. Currently, only about one-fifth of respondents reported using AI in risk management, but more than half expressed interest in adopting it.
In Conclusion
Compliance and legislation are thought-provoking topics for those involved in risk management, often bringing additional workload. The survey provided us with valuable insights into how we can contribute to the discussion and support organisations in facing these challenges. Granite has taken important steps in alignment with the rapid development of risk management in Finland.
Organisations are seeking more comprehensive yet agile platform solutions. Areas for development still include engaging leadership in the implementation of risk management and embedding it throughout the organisation.
Would you like to discuss with our expert the solutions Granite offers for meeting the requirements of the NIS2 Directive on cybersecurity or managing CSRD sustainability reporting? Book your appointment here!