+91 (0) 80-4049-6666

The Three Dimensions of Risk

2020 has been a watershed year in more ways than one. Risk is all around us—be it the extreme weather events or the pandemic we are experiencing—posing enormous challenges to businesses, but more so, to the survival of the human species.

As the world steps up its efforts to stay resilient, businesses are increasingly being held to higher standards of environmental—and social—accountability. Doing well isn’t enough of an objective anymore. Companies are also expected to do good—whether that means eliminating the use of fossil fuels, or preventing the spread of fake news on their platforms, or building greater ethics and explainability into AI applications.

Now, more than ever, boards and leadership teams need a robust governance, risk, and compliance (GRC) program to navigate the road ahead. Decision-makers need real-time risk intelligence to anticipate and tackle those “unknown unknowns”, while also capitalizing on growth opportunities.

Essentially, GRC offers a way for organizations to build more resilient, risk-aware, and better governed enterprises that truly Perform with Integrity™. Because it is ultimately these kinds of organizations that will thrive in a post-COVID-19 world and beyond.

The Three Dimensions of Risk

Today, there are more business risks than ever. These risks include globalization, cyber breaches, health crises like COVID-19 and climate change. That’s why environmental, social and corporate governance (ESG) concerns are increasingly a priority at the top of every organization. These concerns require a greater emphasis on governance risk management and compliance (GRC) software that can assist CEOs and board members in quickly identifying and mitigating risk. Indeed, GRC is the key to building resilience, seizing new growth opportunities and successfully navigating the future.

This eBook will outline the three dimensions of risk and how organizations can successfully navigate the expanding risk universe with an agile and innovative mindset.

Dimension One: The Four Waves of GRC


Financial Risks


Cyber Risks


Human Health Risks


Planetary Risks


Here are the four most serious risks that every organization faces today:

Wave 1: Financial Risks

The Great Recession of 2008 was the biggest economic meltdown since the Great Depression. It was a shocking—and eye-opening—risk event for many organizations. We all quickly learned that, even though the world is an amazing, interconnected place, a high level of interconnectedness can also create more extreme financial risk. The Great Recession had a domino effect. When one part of the financial system toppled, it quickly pushed over other pieces. That’s why seemingly impervious financial giants like Bear Stearns and Lehman Brothers were instantly obliterated. Protecting against these kinds of global, macroeconomic risks is now essential for every organization.

Wave 2: Cyber Risks

The cyber wave surged in 2015 with the meteoric rise of mobile phones and social media platforms, with billions of people around the world connected like never before. We are all enjoying the benefits of this digital era, yes, but it has an ominous underbelly: cyber risk and threats to data privacy. Cyber-attacks are now a serious danger to businesses, with hackers relentlessly focused on gaining access to personal and corporate information. Data is the new oil—it is what powers the digital economy. And it is the responsibility of every organization to ensure the right data privacy and security standards are in place.

Wave 3: Human Health Risks

Today, in 2020, the lives and livelihood of people around the world are being battered by the Covid-19 pandemic. It’s one of the most challenging events in modern times. And it’s made worse by the fact that the world is largely interconnected, which has allowed the virus to quickly spread far and wide. Of course, an interconnected world brings many benefits but, as the virus shows, it also brings tremendous health and economic risks—which all organizations must be prepared for moving forward.

Wave 4: Planetary Risks

The next wave bearing down on us could be the most serious of all: planetary risks due to climate change. Our world is increasingly besieged by hurricanes, floods, wildfires and many other natural disasters as a result of a warming planet. These events are also taking an economic toll on businesses around the world. That’s why, for example, a leading company like Amazon has committed to being carbon neutral by 2040 and to operating 100,000 electric delivery vans going forward. We have to make sure that our planet survives for generations to come, otherwise we are lost as a civilization.

Dimension Two: Serving Key Stakeholders

In a world of increasingly volatile and interconnected risks, it is critical to empower key stakeholders, such as employees, partners and customers—as well as the technology we all use—to harness frontline intelligence and make real-time, risk-aware decisions that unlock new growth opportunities.

Employees: Employees are the first key stakeholder and they must be intimately involved with their organization’s GRC initiatives. Pharmaceutical giant Novartis, for example, has crowdsourced its new code of ethics based on shared ideas and insights from more than 2,500 global employees. Novartis calls it the “unbossing” of their code of ethics because the effort is not driven top-down but rather bottom-up.

Partners: Third-party partners, such as vendors, suppliers and customers, are the next key stakeholder group. These partners must be a part of any GRC strategy. Organizations need to enable a comprehensive process to identify, assess, mitigate and monitor third-party risks, as well improve third-party risk visibility with quick, frequent risk assessments.

AI and machine learning: The next emerging GRC stakeholders are not humans but AI and bots. Many companies now have thousands of bots and virtual agents to help run their operations. These agents can’t be ignored. Indeed, the next big risk event could be caused by technological malfunction, whether due to malicious design or accident. AI cannot be left alone as an ungoverned activity.

Dimension Three: Federation and Flexibility

An agile organization is built on the foundations of federation and flexibility.

The first part of an agile organization is federation. Federation means having an architecture that is decentralized. Being centralized doesn’t work these days. Leadership must be distributed across the entire organization, with business units and regional groups empowered to make critical decisions.

The second part of an agile organization is flexibility. Flexibility means the ability to evolve as necessary and rapidly reconfigure your business. As Darwin discovered long ago, it’s not the strongest species that survive and thrive but those that are most adaptable.

The best organizations today are not monolithic. They are not majestic, slow-moving cruise ships. Rather, they are a fleet of speedboats, all moving in the same direction and guided by common goals and metrics.

three dimension

Tone from the Top

There is a common conception that CEOs and board members know everything there is to know about their companies. This is not true. It is often the case that the higher you go, the less you know.

That’s why business leaders need a comprehensive risk-management platform that can give them a unified view of risk that encompasses all four waves of GRC and every stakeholder—as well as emerging technologies like AI.

CEOs and boards need to set the right tone from the top. They must start by embracing GRC and assessing and reassessing their readiness quotient, with emphasis on adapting to changing business requirements. An effective and agile framework can help the board look at the total impact of their company’s ESG strategy and operations.

When GRC is viewed as a competitive advantage rather than a checklist item, that’s when companies can not only stay in alignment with sustainability processes but can also inspire trust and build positive relationship with customers, investors and stakeholders, which is an essential part of organizational growth.

The Power of M7

MetricStream’s M7 Integrated Risk Platform -intelligent by design, empowers organizations to make real-time, risk-aware decisions that boost business performance, strengthen resilience, and enhance brand reputation. MetricStream’s simple purpose-built platform is proven with over a million global users. The platform is designed to serve integrated GRC use cases across industries and is infused with deep domain expertise, rich context, integrated data and explainable AI. With M7, organizations can:


The Road Ahead

With the proper Integrated Risk Platform in place, risk and performance become the opposite sides of the same coin. Risk management is no longer viewed as a brake on the business. Rather, it becomes an accelerator so that you can smoothly navigate any turns and obstacles at maximum velocity while remaining firmly on the road to success.

Related Stories

Case Study

Global Air Services Provider Empowers Frontline to Flag Risks With a Uniform Approach Across Geographies

Analyst Report

MetricStream Recognized as a Category Leader in All 8 solution Quadrants

Case Study

Top Entertainment Company Digitally Transforms Internal Audit, Risk, and Compliance Management to Thrive on Risk With MetricStream

Ready to get started?

Speak to our experts