How to Get Started with Dynamic Risk Governance in 2022

Key highlights:

The Three Lines of Defence model no longer works for risk governance in 2022.

Gartner suggests adopting its alternative Dynamic Risk Governance Framework to mitigate new, rapidly changing risks

Shared data within all functions of an organisation is integral to DRG

As organisations recover from the blows of the pandemic, they are undergoing tremendous change and embracing digital technology like never before. While going digital is a smart move in the right direction, it brings in a wave of new, interconnected, and serious risks that demand a new, updated risk management framework.

According to Gartner, most organisations still rely on the Three Lines (3L) of Defence model for risk governance, which is outdated and doesn’t protect against the new, rapidly-changing risk that digitisation poses. This might be making them more susceptible to a host of cyber vulnerabilities and other data-driven risks. 

The problem with the 3L model, according to Gartner, is that it splits up risk management responsibilities depending on the determining role of a function rather than the necessary activities. For many years, organisations using this model have tried to tweak it with aligned assurance to meet the emerging needs; however, they have struggled to get the most out of it. 

You might also be interested to read: Risk Management In Crisis Situations

The alternative model

Gartner suggests replacing the Three Lines of Defence model for risk governance with its Dynamic Risk Governance (DRG) framework, which removes functional boundaries and assigns risk management responsibilities based on the anticipated risks and activities required to combat those risks rather than by role. This model is statistically proven to propel high-quality risk management behaviours, enabling managers to make more risk-informed decisions.

The new DRG model comprises:

  • Risk-tailored governance: Developing effective governance models for each anticipated risk and customising them according to the organisation’s overall strategy using risk appetite and volatility.
  • Activity-based risk governance: Assigning risk management activities to resources best suited to perform them.
  • Digital risk governance: Adopting digital solutions to digitise risk management rather than keeping them for later.

The role of shared data for dynamic risk governance

According to Gartner, embracing digital technology and implementing a DRG framework is central to achieving timely, collaborative, and successful risk management in 2022. But going digital for risk management begins with shared data and insights across all the departments and divisions. It’s a virtuous cycle. Sharing sets the wheels in motion for digitisation; digitisation is crucial for immediate actions. DRG consequently creates better working relationships for mitigating risks as soon as they pose a threat.

Many companies that have taken steps to optimise and speed up their risk management focused on collaboration between several departments and a free flow of data and insights across the organisation. They:

  • used centralised data to develop risk analytics for distribution throughout their organisations,
  • brought in data from different departments and external sources to create shared, updated dashboards,
  • and automated manual, repetitive processes to focus more on collaboration.

So, it’s clear that access to data and analytics across all the functions in an organisation is key to optimising risk management and going digital in 2022.

As organisations emerge from the aftermath of the pandemic, they need robust strategies to mitigate the risks posed by digitisation. Gartner’s Dynamix Risk Governance can help them keep cyber risk and data privacy issues at bay and thrive in this ever-changing business environment. 


  • Why Dynamic Risk Governance Starts With Shared Data | Malcolm Murray and Laura Reul | May 06, 2022
  • Dynamic Risk Governance and Management – the new mandate for risk? | Acuity Risk Management

You might also be interested to read: Talent Risk Management – The Game Changer

Comments are closed.