Risk registers get a bad rap…undeservedly. The key reason, in my estimation, is the general fuzziness around rating scales. Rating scales are often too nebulous, not precise enough. Think about it. You’re deputizing subject-matter-expert (SME) risk owners to rate and thereby prioritize risks, but you are furnishing them with unsharpened tools. This may be your[…]
You’ve flown home from a phenomenally successful ERM Summit in Boston (November 18-19, 2024). You are basking in the aftermath of receiving so many incredible ideas from a host of great speakers. Great intentions abound. One week turns into one month. One month becomes a quarter. You’re stuck. Nothing gets done on ERM. To get[…]
This past November 1, I started posting an ERM “thought to consider” every day. Sincere thanks to those who have read and contemplated any of those posts. I’ve been helped by many people in my 40 year ERM journey and want to do my small part in “passing it on”. In the November 27th ERM[…]
“Be Brave” Resolution #1 – Critique and Hone Your Risk Rating Scales All risk rating scales are not created equal. The new year is a good time to consider critiquing yours…and honing them, as advisable. Here are some thoughts for severity and likelihood rating scales: 1) Mere adjectival identifiers (e.g. high, rate etc.) are worthless,[…]
A World-Class Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) program offers numerous benefits to organizations of all sizes and across various industries. Here are 20 key elements needed for the creation of an efficient, effective, and successful program: 1. Mission Statement Purposeful connection of strategy and tactics 2. Framework – Part A[…]
One acronym after another. An ice cream headache, for sure, trying to understand the similarities, differences and connectivity between all these terms. You need to do it, however. Simplify, simplify, simplify. Break it down and truly comprehend everything. Get ready for the proverbial elevator speech, if the need for one materializes. Toward that goal, here[…]
When it comes to any discussion involving the acronym GRC (Governance, Risk and Compliance), understanding the speaker’s frame of reference is paramount. From a vendor’s perspective, GRC refers to an automated suite of capabilities designed to address a broad range of challenges associated with critical disciplines managed by the client (e.g. compliance, risk management, audit,[…]
A Risk Management Framework (RMF) melds together the strategic, foundational and tactical elements of risk to describe the role of Enterprise Risk Management (ERM) in helping a company maintain its franchise value and meet both its strategic business objectives and corporate stakeholder obligations. Here are ten (10) key elements every RMF should have. Part A[…]
The beauty of enterprise risk management (ERM) is that every one of the discipline’s constituent parts is interrelated. Connected at the hip. Nothing in ERM appears “out of the blue”, therefore. Last month, for instance, we told you that a robust and meaningful ERM program might consider adopting a concise ERM mission statement, one that[…]
Risk is best defined as the “effect of uncertainty on the achievement of objectives.” The successful management of risk, therefore, is integrally connected to the achievement of the company’s strategic objectives. Enterprise Risk Management (ERM) is an essential discipline that all companies need to install, embed, and inculcate into the organization, in order to: Set[…]
