According to Gartner, Inc., a research and advisory firm specialising in business and technology insights, risk, audit, and compliance leaders should work toward developing what the company calls “reflexive risk ownership.”
This approach describes a future state in which business leaders consistently and automatically identify, address, and manage risks.
Speaking at the opening keynote of the Gartner Enterprise Risk, Audit & Compliance Conference, the firm’s analysts noted that organisations are now encountering risks that appear rapidly, interact with one another in complex ways, and are increasingly difficult to categorise.
Gartner emphasised that these conditions make a shift in risk management practices especially important.
“Risk management is now one of CEOs’ most critical priorities; its importance has increased by over 50% since last year,” added Chris Audet, Chief of Research in the Gartner Assurance Practice. “This has created a unique moment for assurance leaders.”
“Eighty-eight percent of risk owners are highly motivated to meet expectations around managing risks,” said Tegan Gebert, Vice President in the Gartner Assurance Practice. “Yet only 35% feel confident they know how to do so. They need assurance leaders to show them how.”
The point was highlighted by Chris Audet, Chief of Research, and Tegan Gebert, Vice President in Gartner’s Assurance practice, during the opening keynote of the Gartner Enterprise Risk, Audit & Compliance Conference in Grapevine, Texas.
Gartner analysts explained that, similar to how a sports coach develops systems and structures to bring out the best in athletes, assurance leaders must guide risk owners in developing a stronger reflex for managing risk. This process, they noted, involves making intentional, incremental improvements that build toward a broader organisational capability.
“Assurance leaders need to be the coaches their risk owners need: leveraging tools, insights and influence to get them to practice, to improve, and to persist,” added Gebert.
“An organisational risk reflex will be enabled by a series of actions that are learned or practiced until they happen so automatically that they appear reflexive. Assurance leaders must create the larger system that both encourages and reinforces the right risk ownership behaviours.”
Gartner experts suggest that assurance leaders should concentrate on three key foundations to make risk management operate as naturally as a learned reflex.
The first foundation involves designing systems that make appropriate risk behaviours easy to follow and difficult to overlook.
“Small, deliberate changes in environment and process can drive large improvements in outcomes. Assurance leaders are already simplifying guidance, streamlining documentation, and integrating risk considerations into everyday workflows,” said Audet.
“However, making things easier is not enough—systems must also be engineered so that compliance is prominent, expected, and socially reinforced. This means making risk actions hard to miss, hard to justify avoiding, and hard to hide.”
One example Gartner provided is the potential for contract management tools to also function as third-party risk management platforms. Such systems would allow risk owners to renew contracts or select from pre-approved suppliers without extensive due diligence, making compliance both natural and unavoidable.
The second foundation emphasises deliberate provocation—creating situations that prompt risk owners to think more critically and respond effectively.
“Assurance leaders must design interactions—risk assessments, workshops, and feedback sessions, for example—that challenge conventional thinking, encourage candid discussions, and share novel, actionable insights,” noted Gebert.
Practical approaches include asking more challenging questions in risk surveys or conducting audits that look at the broader project environment rather than only focusing on governance structures.
The third foundation centres on reinforcing desirable behaviours by making them visible and rewarding.
“Positive reinforcement—through visible, public acknowledgment—helps create and strengthen the neural pathways that turn good risk behaviours into habits. Recognition should focus on effort, transparency, and continuous improvement, not just perfect outcomes,” said Audet. “Assurance leaders are uniquely positioned to define and elevate such behaviours.”
Examples include celebrating proactive risk management, sharing team successes, and using dashboards or recognition platforms to highlight strong practices.
The post Gartner outlines “reflexive risk ownership” as the future of organisational risk management appeared first on ReinsuranceNe.ws.
