Four “Be Brave” Resolutions for GRC and ERM Programs in 2024

“Be Brave” Resolution #1 – Critique and Hone Your Risk Rating Scales All risk rating scales are not created equal. The new year is a good time to consider critiquing yours…and honing them, as advisable. Here are some thoughts for severity and likelihood rating scales: 1) Mere adjectival identifiers (e.g. high, rate etc.) are worthless,[…]

Why Settle For Less? Twenty (20) Elements in a World-Class ERM or GRC Program

A World-Class Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) program offers numerous benefits to organizations of all sizes and across various industries. Here are 20 key elements needed for the creation of an efficient, effective, and successful program: 1. Mission Statement Purposeful connection of strategy and tactics 2. Framework – Part A[…]

De-Mystifying (and Explaining the Connection Between) Risk-Related Acronyms and Phrases

One acronym after another. An ice cream headache, for sure, trying to understand the similarities, differences and connectivity between all these terms. You need to do it, however. Simplify, simplify, simplify. Break it down and truly comprehend everything. Get ready for the proverbial elevator speech, if the need for one materializes. Toward that goal, here[…]

Governance, Risk and Compliance (GRC) – Pursuing the “Ideal” Frame of Reference

When it comes to any discussion involving the acronym GRC (Governance, Risk and Compliance), understanding the speaker’s frame of reference is paramount. From a vendor’s perspective, GRC refers to an automated suite of capabilities designed to address a broad range of challenges associated with critical disciplines managed by the client (e.g. compliance, risk management, audit,[…]

Ten (10) Key Elements in a Robust Risk Management Framework (RMF)

A Risk Management Framework (RMF) melds together the strategic, foundational and tactical elements of risk to describe the role of Enterprise Risk Management (ERM) in helping a company maintain its franchise value and meet both its strategic business objectives and corporate stakeholder obligations. Here are ten (10) key elements every RMF should have. Part A[…]

Five (5) Pillars of Impactful Enterprise Risk Management (ERM) Reporting

The beauty of enterprise risk management (ERM) is that every one of the discipline’s constituent parts is interrelated. Connected at the hip. Nothing in ERM appears “out of the blue”, therefore. Last month, for instance, we told you that a robust and meaningful ERM program might consider adopting a concise ERM mission statement, one that[…]

The Compelling Case for an ERM Mission Statement

Risk is best defined as the “effect of uncertainty on the achievement of objectives.” The successful management of risk, therefore, is integrally connected to the achievement of the company’s strategic objectives. Enterprise Risk Management (ERM) is an essential discipline that all companies need to install, embed, and inculcate into the organization, in order to: Set[…]

Annual Tune-Up Time For Your Risk Management Program

Like cars, whose investment and value we protect and preserve with regular annual maintenance at the least, your GRC and risk management processes and tools require careful regular service to preserve and extend their value and utility. Business environments are fluid.  Change is a reliable variable from one year to another. Your business may have[…]

A Tale of Two Cases: ERM Resolutions

In our last article, we discussed the value and contribution of the risk register, and how it played into the offering of a pre-populated, fully-integrated enterprise risk management (ERM) solution. We noted that three attributes of a GRC platform (Process, Product, and Content) are essential to delivering the critical services, tools, and capabilities that companies[…]

Cyber Security and Risk Management—Who’s Responsible

There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]

Top

DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.

X