ERM Leaders Need to Reevaluate Four Organizational Risks Due to Russia’s Invasion of Ukraine, Gartner Says

Russia’s invasion of Ukraine has changed the emerging risk landscape and is forcing enterprise risk management (ERM) leaders to reassess previously established organizational risk profiles in at least four key areas, according to Gartner , Inc.

“Russia’s invasion of Ukraine has increased the velocity of many risks that we track on a quarterly basis in our Emerging Risks Survey,” said Matt Shinkman, vice president of Gartner Risk and Audit Practice. “As ERM leaders reassess their organizational risk models, they must also ensure high frequency communication with the C-Suite about critical changes that require immediate attention.”

Gartner has identified four key risk areas that ERM leaders must continually monitor and review their mitigation strategies as part of a broader aligned assurance approach as the war continues:

Talent risk – while the first order of business for organizations is to address the health and safety of employees directly affected by war, Shinkman noted that there are many second and third order effects that could impact on employee well-being at this time. Employees around the world could have family and close friends at risk in the region. Internal communications addressing employee well-being and describing counseling services will need to be carefully calibrated and distributed at a higher frequency. At the organizational level, talent risks can manifest as productivity constraints in the affected region, as well as disruption of access to the large pool of IT talent concentrated in war-affected countries.

Cybersecurity risk – the potential for increased cybersecurity attacks during this time means that the frequency of table top exercises should be increased, along with a continued review of defense protocols against ransomware and other malware attacks. Gartner research has previously identified new ransomware models that defy typical mitigation strategies as a key emerging risk impacting organizations. As a result, Shinkman said it’s more critical than ever for ERM leaders to lead the business by clearly defining their high-value assets and having a response plan in place so that sorting and decision-making doesn’t take place. are not made on the fly during an attack.

Financial risk – in the event of direct financial exposure to Russia, ERM leaders should be in close communication with third-party service providers on how best to provide and receive alternative payments that do not violate sanction policies in vigor. Beyond direct exposure to the region, the war is likely to continue to drive up commodity prices and drive inflation. Consequently, financial models for commodities will require more frequent updates, while currency and interest rate effects are likely to be more volatile this year. ERM leaders should coordinate with their counterparts in assurance functions to analyze financial risk information and prepare mitigation strategies at more frequent intervals in this environment.

Supply chain risk – ERM managers should ensure that their organizations have up-to-date supplier contingency plans in place that reflect the current environment. Supply chain risk should be reassessed and efforts should be made to identify and limit any reliance on an individual supplier. Longer term, ERM leaders should lead discussions on how their organizations will deal with the potential for key material shortages, higher expenses, and evaluate alternative logistics options for obtaining critical materials and components.

A more detailed analysis is available to Gartner clients in the full report: Responding to the Russian Invasion of Ukraine: A Guide for Audit and Risk Leaders.

Non-clients can learn more in: Resources for Executives and Their Teams Facing the Russian Invasion of Ukraine

Aubrey L. Morgan