LeadershipVisionfor

2024Top

3Strategic

Priorities

forHeads

of

ERM?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.

Thispresentation,

includingallsupporting

materials,

isproprietary

toGartner,

Inc.

and/or

itsaffiliates

and

isfor

the

soleinternal

use

of

the

intended

recipients.

Because

this

presentation

maycontain

information

that

isconfidential,

proprietary

or

otherwise

legally

protected,

itmay

not

be

further

copied,distributed

or

publicly

displayed

without

the

express

written

permission

of

Gartner,

Inc.

oritsaffiliates.Leadership

Vision

for

Heads

of

EnterpriseRisk

Management(ERM)in

2024Newtechnologiesandtheriseof

AI,

privacy

concerns,regulatory

requirements,

environmentalrisks,andKeyquestions

addressed:geopolitical,

economicandsocial

changeare

shaping

howthe

bestorganizationswillmanageenterpriseriskin2024.What

arethe

majortrends

affecting

headsofERM?What

challenges

areheadsof

ERMfacingintheyear

ahead?Inthiscontext,

thetopprioritiesfor

headsof

ERMin2024should

be:?

HowcanERM

increase

confidence

inenterpriseriskassessments??

HowcanERM

enhance

itsvaluetocorporate

strategy??

HowcanERM

help

the

organizationrespondto

the

risksof

generative

AI?What

actionsshouldheadsofERM

andtheirteamstaketosucceed?Headsof

ERMcanusethisresearchtostay

aheadofmajortrends

and

lead

theirteams

toward

asuccessfulfuture.RESTRICTED

DISTRIBUTION2?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.2024PotentialEnterprise

Risk

Tr

endsFramework

FromGartner

Future

Lab’s

TPESTRE

Projectand

Associated,

PotentialRisks?

Generative

AI

disruptionsandimpactsTechnologicalPolitical?

Datamodel

degradation?

State-sponsored

malware?

Renationalization

of

international

trade?

Geopoliticalconflict?

Political

fractionalizationandgovernment

dysfunction?

Interest

rate

uncertaintyEconomic?

Persistence

of

inflationary

andlabormarket

challenges?

Pricebubbles?

Social

polarization?

Retirement

wave?

Declining

productivitySocial/CulturalTrust/Ethics?

Expectationsfor

actiononcontroversial

issues?

AI

privacyconcerns?

AI-drivenmisinformation?

Anti-trust

targeting

technology

providers?

Fragmentation

of

data

governance

regulations?

Cybersecurity

disclosureandgovernance

requirementsRegulatory/Legal?

Environmental,

social

andgovernance

(ESG)

risks?

Extreme

weathereventsEnvironmental?

Degraded

watersupplies,

soil,airandother

natural

resourcesSource:GartnerRESTRICTED

DISTRIBUTION3?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Focus

Areas

for

theHead

of

ERM

in2024ThreeChallengesRequiring

Head

ofERMLeadership123Increasing

Confidencein

Risk

AssessmentsImproving

StrategyExecutionManaging

Generative

AI

RiskOnly

27%

ofheads

ofERMsay

thatsenior,

executiveand

board

decisionmakers

consistently

take

the

actionsrecommended

in

risk

assessments.44%of

chief

strategy

officers

reportthat

their

organizations

are

behind

onmeeting

strategic

objectives.60%of

IT

leaders

say

theirorganizations

already

use

generativeAI

solutions

beyond

ChatGPT,and

28%say

their

organizations

plan

to

usethem

by2024.Key

Questions

forHeadsofERMin

2024Howcan

ERMincrease

confidence

inenterprise

risk

assessments?Howcan

ERMenhance

its

valuetocorporate

strategy?Howcan

ERMhelp

the

organizationrespond

to

the

risks

of

generative

AI?n=126,

140,

200Source:

2023

Gartner

EnterpriseRisk

Management’s

Risk

Assessment

Survey,

2022

GartnerStrategy

Adaptive

Planning

Survey,

2023

Gartner

PeerCommunity

Generative

AISurveyRESTRICTED

DISTRIBUTION4?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

IncreasedExecutive

Focus

onRiskExpectedChangeinRisk

Appetite,

2023-24Perception

That

ERCEscalation

HasIncreasedPercentage

of

Nonexecutive

Board

MembersPercentage

of

Risk

AssessmentLeader

Agreement:

“WeEscalate

Risks

tothe

ExecutiveRisk

Committee

MoreOften

Now

Than2019”15%Stay

theSame34%SlightlyIncrease42%Disagree54%or

StronglyAgree21%DecreaseDisagreeor

StronglyAgree5%SignificantlyIncrease5%25%SomewhatIncreaseNeither

Agreenor

Disagreen=281;

nonexecutive

board

of

directorsn=159;

risk

assessments

leader,

facilitator

orparticipant,excluding

don't

knowPleaseindicateyour

levelof

agreement

withthe

following

statements

on

risk

assessments

nowin2022

comparedtoin2019:

We

escalaterisks

tothe

Executive

Risk

Committee

more

often

now.Source:2022

Gartner

Risk

Assessments

inaVolatileWorld

SurveyHowisthenonexecutive

board’s

risk

appetite

(willingnesstoacceptrisk

inpursuitof

corporate

objectives)expectedtochange

for

2023-2024

todrive

your

organization’s

growth?Source:

2023

Gartner

BoardOfDirectorsSurvey

onBusinessStrategy

inanUncertainWorldNote:

Percentages

may

not

add

upto100%

due

torounding.RESTRICTED

DISTRIBUTION5?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

Confidencein

Risk

AssessmentsMissing

Critical

InputsMissing

AnalysisOnly...Only...51%of

headsof

ERMare

confident

they

captured

allkeyenterprise

risks

duringthe

riskassessmentprocess.19%of

ERMdepartments

include

risk

interdependencyintheirriskassessments.37%of

headsof

ERMare

confident

they

captured

allkeyrisk

drivers

in

theirriskassessments.26%of

ERMdepartments

report

onrootcauses

of

riskexposures.n=126;

ERM

leaders

ormanagersn=70;

ERMleaders

ormanagersQ1.

Towhat

extent

are

you

confident

that

you

captured

allof

thekeyenterprise

risks

inyour

risk

assessment?Q1.What

risk

ratingcriteriado

you

useinenterprise

risk

assessment?

Selectallthat

apply.Q2.

Howconfident

areyou

that

your

risk

assessment

captures

critical

elements/risk

driversrelated

tothe

enterpriserisks

Q2.

Which

of

the

following

selectionsareincluded

inyour

executive-level

risk

reports?

Selectallthat

apply.listed

intherisk

assessment?Source:2023

Gartner

EnterpriseRisk

Management’s

Risk

Assessment

SurveySource:

TheERMBudget

&

Efficiency

Benchmark

as

of

20

May

2023

isatwo-year

benchmarkcovering

ERMdepartmentsubmissions

from

2021

through

20

May

2023.

The

data

represented

was

collectedfrom134

ERMdepartmentsRESTRICTED

DISTRIBUTION6?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Action:

IncreaseQuality

of

Risk

AssessmentsFive

Tactics

To

Improve

theQuality

ofRisk

Assessments123Leverage

Technologyto

Improve

Synthesisof

RiskInformationFacilitate

ExchangeamongRisk

Owners

andExecutivesTarget

Anchoring

BiasandComplacencyFacilitate

exchanges

of

viewpointsamong

executivesand

risk

ownersonareas

of

apparent

disagreement.Challenge

risk

ownersto

account

forhow

their

risk

responses

have

evolvedwith

new

risk

information.UseGRCand

other

tools

to

synthesizerisk-relevant

data

and

the

outputs

ofother

teams’

analyses.45Analyze

andReport

onLinked

RiskDrivers

andInterdependenciesQuantify

Risk

Assessment

toClarify

Returns

onInvestmentsRiskManagement

ScoreAnalyzeand

report

onrootcauses

and

linked

root

causes

withinterdependency

analysis.Helpstakeholders

understand

themagnitude

of

potential,

risk-relatedlosses

and

the

valueof

risk

responseswith

quantification.Discover

opportunities

toincrease

thequality

of

risk

assessments

with

theGartner

Risk

Management

Scorediagnostic.Source:GartnerRESTRICTED

DISTRIBUTION7?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

Urgency

Around

MeetingStrategicObjectives

at

End-of-Strategy

CyclesLength

of

Corporate

StrategiesChief

Strategy

Officers’

Perception

ofProgress

onPercentage

of

RespondentsStrategic

Objectives9%Less

than2

YearsPercentage

of

Respondents25%Ahead

ofSchedule43%BehindSchedule48%5

Yearsor

Longer43%3to

4Years32%On

Trackn=75chiefstrategyofficers

orequivalentsQ.Thepercentage

of

strategyfunctions

withstrategicplans

spanning

each

time

horizon

to“What

isthetimehorizon

of

yourorganization's

strategicplan?”Source:

Gartner

Strategy

Budget

&Efficiency

BenchmarkNote:

The

StrategyBudget

&Efficiency

isatwo-year

rollingbenchmark.Datarepresented

here

was

gatheredon

18October

2022n=140

chiefstrategyofficersorequivalentsQ.Howwould

you

characterize

your

organization’s

progress

inmeeting

the

strategicobjectivesit’s

currentlypursuing?Source:

2022

Gartner

StrategyAdaptive

Planning

SurveyNote:

Percentages

may

not

add

upto100%

due

torounding.RESTRICTED

DISTRIBUTION8?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

Entering

theStrategy

ConversationBusiness

Leader

Consultation

of

ERMinStrategic

PivotsStrategic

Pivot

Performance

Gap

andERMConsultationPercentageof

Business

LeadersPercentageof

Business

Leaders

WhoReport

TheirOrganizations

Achieved

Intended

ObjectivesinStrategicPivots70%35%0%62%41%ConsultedERM43%59%Didnot

ConsultERMDidnot

consultERMConsulted

ERMn=250

leaders

ormanagers

inlinesof

business

orcorporate

functionsQ.What

action

did

you

takethat

involved

therisk

and

assurancefunctions:Iconsulted

my

organization’s

ERMteam.n=250

leaders

ormanagers

inlinesof

business

orcorporate

functionsQ.What

actionsdidyou

takethatinvolved

therisk

and

assurancefunctions:Iconsulted

my

organization’s

ERMteam.

State

youragreement

with

thefollowing

statements

about

thepivot,

inretrospect:The

pivot

fullyachieved

itsSource:2021

Gartner

ResiliencePanelSurveyintended

objectives.Source:2021

Gartner

ResiliencePanelSurveyRESTRICTED

DISTRIBUTION9?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Action:

Context-Appropriate

Strategy

Inter

ventionTactics

for

ERMIntervention

inCorporate

Strategy

Depending

onStakeholder

Expectations

for

ERMInvolvement?

Leverage

risk

liaison

network

to

source

potential

executionMore

expectation

forERMinvolvement

instrategypitfalls.Conduct

StrategicScenario

Analysis?

Discover

lowor

divergent

confidence

instrategicinitiative

success

withrisk

workshops.?

Identify

dependencies

common

to

underperforming

strategicinitiatives.Identify

Solutions

forStrategicUnderperformance?

Determining

potential

strategy

trade-offs

inthe

contextof

risk

appetite

during

strategic

pivots.?

Alter

risk

reporting

to

focus

on

risks

to

strategicinitiatives

and

projects.Align

Risk

ReportingtoStrategy

Needs?

Report

onstrategic

initiative

ownerassumptionsLess

expectation

for

ERMinvolvement

in

strategyand

concerns.Source:GartnerRESTRICTED

DISTRIBUTION10

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

IncreasedGenerative

AI(GenAI)ExposureOrganizational

Usage

ofGenAI

Beyond

OpenAI’s

ChatGPTPercentage

ofIT

LeadersAdopted

or

Planning

to

Adopt

GenAI

BeyondChatGPT

in2023Not

Adopted

and

NoPlans

to

Adopt

in202312%No,We

AreNot

Currentlyand

We

Have

No

Plans

toDoso

ThisYear12%Yes,

Extensively27%No,but

WePlanto

ThisYear48%Yes,

to

aLimited

Extentn=200

ITleaders

(CIO,VPof

IT,director

of

IT,manager

of

IT)Q.

Is

your

organization

currentlyemployinggenerative

AIsolutions

beyond

ChatGPTforany

specific

application?Source:

2023

Gartner

PeerCommunity

Generative

AISurveyRESTRICTED

DISTRIBUTION11

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

The

Complexity

of

GenAI

RiskIntendedandUnintendedConsequencesof

GenAI

UsageNew,

smaller

competitors,

enabled

by

GenAI,

enteringand

disrupting

industriesIntendedDesignated

UseMisuseMass

production

ofmisinformation

and

deepfakesAIhallucinations

leading

to

incorrect

decision

makingMass

unemployment

of

creators

ofcontent

and

codeAccidentsFrom

UseGenAIStructural

Effectson

SocietyMisaligned,Power-Seeking

AImodelsPower-seeking

AI

model

with

goals

not

aligned

with

humanityUnintendedSource:GartnerRESTRICTED

DISTRIBUTION12

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Action:

Fr

ame

GenAI

Risk-Opportunity

DecisionRisks

IntroducedbyGenAIBenefits

IntroducedbyGenAIDesignated

UseGreater

Leadership

CapabilitiesIncreases

the

insights

and

foresightleaders

can

have

across

verticalsRisks

and

disruptions

introducedfrom

the

intended

use

of

thetechnologyMarketPenetrationFinancialEfficiencyMisuseEnhanced

Employee

ProductivityTeams

can

focus

less

onroteactivities

and

more

onstrategicallyvaluableactivitiesMarketGrowthOrganizational

WorkforcePriorities

StrategyRisks

and

disruptions

introducedfrom

the

abuse

of

the

technologyResilience

andOperationalReadinessDigitalTransformationAccidentsFromUseDeeper

FunctionalRisks

and

disruptions

introducedfrom

employee

or

user

errorsUnderstandingInsights

previously

out

ofreachdue

to

analytical

or

data

hurdlesbecome

less

soSource:GartnerRESTRICTED

DISTRIBUTION13

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.RecommendedActionsIncrease

qualityofrisk

assessments:

Increase

executive

confidence

inenterprise

risk

assessments

by

provoking

more

stakeholder

participation,synthesizing

riskdata

and

analyses

fromother

functions

and

increasingthe

depth

ofanalysis.Improve

strategy

execution:

Determine

themost

organizational

context-appropriate

means

forERM

toadvise

strategic

initiative

owners

on

riskstofinalizing

completion

ofstrategic

objectives,

using

existing

expectations

forERM

involvement

incorporate

strategy

as

astarting

point.Manage

generativeAIrisks:

Framethe

fullgenerative

AIrisk-opportunitytrade-offs

forstakeholders

bymapping

generative

AIriskinterdependenciestoenterprise

risksand

comparing

risksand

opportunities

inriskreporting.RESTRICTED

DISTRIBUTION14

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Gar

tnerfor

Legal,

Risk

andCompliance

LeadersAddressing

Heads’

of

ERMMission-CriticalPrioritiesKey

Areas

ofCoverage

andExpertise:Risk

Identification

and

AssessmentEmergingRisksRisk

Technology

and

AnalyticsRisk

CoordinationERMFunctionalManagementERMFrameworks

&PoliciesThird

Party

&Supply

ChainRisksRisk

GovernanceRisk

CultureRisk

Response

StrategiesRisk

Mitigation

and

MonitoringRisk

ReportingRisk

andStrategyRisk

AppetiteContinue

the

conv