Risk Roundup – December 2017
Recent revisions to compliance standards and regulations have introduced changes to the way we manage risk. Risk is no longer what it used to mean. In addition, risk tools are now different, and risk management has taken a different path. Risk is no longer just about managing loss, it has become an optimization strategy to increase the certainty of achieving objectives. Read more
Risk scores are used to support risk-based decisions and are usually derived from a semi-quantitative analysis of the underlying risk factors to produce a single value (low, medium, high). This value is used to rank options or trigger additional actions, and thus can help to support decision-making. However, if not implemented correctly, risk scores can introduce vulnerabilities that expose companies to unnecessary and avoidable risk. Read more
Decision-making is at the heart of risk management. Every decision creates or modifies risk. Decisions are where risks are taken. Decisions determine how risks are addressed, therefore we should be concerned about the quality of decision-making. This article explains what all of this means for board members, executives, risk professionals and internal auditors. Read more
GRC (Governance, Risk management, Compliance) is an interdisciplinary endeavor that requires a diverse set of skills in your organization or on your team. Learn more about the critical six capabilities identified by OCEG, and why they are important to your success. Read more
Manufacturers have implemented various safety measures that have shown considerable success in reducing occupational injuries and illnesses. However, when considered in terms of manufacturing operations, the sole focus on personal safety is not enough to mitigate operational risks. This post from the Aberdeen Expert Series on Enablon Insights identifies six steps to enable a comprehensive, standardized operational risk management program. Read more
Uncertainty pervades our existence and is virtually impossible to rule out from anything that we do. Uncertainty also triggers risks, therefore risk management is a part of our everyday experience. From the time we wake up, throughout hundreds of little decisions made each day until the time we turn off the lights at night, we consciously (and sometimes even unconsciously) manage many risks. Read more
Anyone tempted to believe that environmental law and regulation in the U.S. have become relics of the past, and that disregarding such laws and rules is a risk worth taking in the current political climate, does so at his or her own peril. Risk managers in all business sectors will want to take heed. Read more
Steven Covey introduced the concept of Quadrant II activities – working on things that are important but not urgent. Planning is a powerful Quadrant II activity that can save time and energy. Think about the future so you can make better decisions in the present. This article explains how to develop effectively risk management plans for new projects. Read more
Even with the best intentions, it’s easy to see how Artificial intelligence (AI) could go wrong. AI is only as good as the data it is analyzing and the criteria it is evaluating against, all wrapped up in a bundle of potentially millions of lines of code. Internal audit can provide value to organizations by applying its skills toward understanding the organization’s objectives with AI and ensuring that risks are being addressed. Read more
Although board members have long had oversight responsibility for risk, that responsibility now covers a variety of emerging technology risks. One area of technology risk that has not received much attention so far is algorithmic risk. The growing use, and misuse, of increasingly complex and sophisticated algorithms across a greater number of functions and industries can adversely affect a company in many ways, ranging from brand and reputation damage to financial and regulatory concerns. Read more
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!
Best-in-Class companies implement an integrated risk management framework to assess risks, define controls, manage audits, identify issues, and implement remediation plans. Download Aberdeen’s “Operational Risk Management: Building a Framework to Identify, Assess and Remediate” report to learn more.