Gartner Says Organizations Must Develop a “Risk Reflex” to Handle Today’s Fast-Moving, Interconnected and Unpredictable Risk Environment

To thrive in today’s rapidly evolving risk environment, risk, audit and compliance leaders must develop "reflexive risk ownership” - a future state where business leaders instinctively and automatically recognize, respond to, and manage risks, according to Gartner, Inc., a business and technology insights company.

During the opening keynote at the Gartner Enterprise Risk, Audit & Compliance Conference today, Gartner experts said organizations now face risks that emerge quickly, are highly interdependent, and are increasingly difficult to classify, making this shift in risk management more critical than ever.

“Risk management is now one of CEOs’ most critical priorities; its importance has increased by over 50% since last year,” said Chris Audet, Chief of Research in the Gartner Assurance Practice. “This has created a unique moment for assurance leaders.”

To develop an organization’s risk reflex will require a mix of coaching risk owners and leveraging advancements in enterprise technology, particularly AI.

“Eighty-eight percent of risk owners are highly motivated to meet expectations around managing risks,” said Tegan Gebert, Vice President in the Gartner Assurance Practice. “Yet only 35% feel confident they know how to do so. They need assurance leaders to show them how.”

Much like a sports coach is responsible for creating the systems, stimuli, and structures that foster great athletes, assurance leaders must coach their risk owners to develop a risk reflex. To coach an organization towards having a risk reflex will involve deliberate, marginal steps towards a larger goal.

“Assurance leaders need to be the coaches their risk owners need: leveraging tools, insights and influence to get them to practice, to improve, and to persist,” said Gebert. “An organizational risk reflex will be enabled by a series of actions that are learned or practiced until they happen so automatically that they appear reflexive. Assurance leaders must create the larger system that both encourages and reinforces the right risk ownership behaviors.”

To transform risk management into something as natural as a learned reflex, Gartner experts recommend assurance leaders focus their efforts on three building blocks.

1. Engineer: The first foundation is on engineering systems that make the right risk behaviors both easy to perform and difficult to ignore.
   
   “Small, deliberate changes in environment and process can drive large improvements in outcomes. Assurance leaders are already simplifying guidance, streamlining documentation, and integrating risk considerations into everyday workflows,” said Audet. “However, making things easier is not enough—systems must also be engineered so that compliance is prominent, expected, and socially reinforced. This means making risk actions hard to miss, hard to justify avoiding, and hard to hide.”
   
   For example, Gartner experts foresee an environment where vendors offer contract management systems that double as a third-party risk management platform. This would enable a risk owner to renew a contract or choose from a pre-approved list of suppliers, without long due diligence checks. Compliance would be hard to avoid, and it would improve risk management.
   
   
2. Provoke: The second foundation is to intentional provocation; creating stimuli that prompt risk owners to think deeply and act decisively.
   
   “Assurance leaders must design interactions—risk assessments, workshops, and feedback sessions, for example—that challenge conventional thinking, encourage candid discussions, and share novel, actionable insights,” said Gebert.
   
   Examples include asking more thought-provoking questions in risk surveys, or planning audits to be focused on what is novel or insightful – auditing the underlying project environment, for example, rather than just project governance.
   
   
3. Recognize: The third foundation reinforces the right risk behaviors by putting in processes to make them visible and rewarding.
   
   “Positive reinforcement—through visible, public acknowledgment—helps create and strengthen the neural pathways that turn good risk behaviors into habits. Recognition should focus on effort, transparency, and continuous improvement, not just perfect outcomes,” said Audet. “Assurance leaders are uniquely positioned to define and elevate such behaviors.”
   
   Examples include celebrating proactive risk management, sharing successes across teams, and using dashboards and recognition platforms to highlight exemplary behaviors.

This press release was adapted from the Opening Keynote “The Risk Reflex: Make Business Risk Ownership Automatic” at the Gartner Enterprise Risk, Audit & Compliance Conference taking place today in Grapevine, Texas.