Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. We hope you enjoy the one for December 2015.
This GreenBiz article explains the relationship between resilience and risk-taking and how to foster resilience when faced with risks. The article also talks about risk tolerance and how it impacts the company culture and the process of building resilience.
This article in Design News says that assessments are often performed too late in the product development cycle and only one type of risk analysis tool is used. The article shows how a combination of risk analysis tools can be used together to improve overall risk assessment throughout the phases of product development.
Facility Executive makes the point that changing business requirements have made facilities management compliance a challenge for many companies. The article talks about new research that reveals the potential risks needed to be addressed by facility management.
A new survey of 155 C-level executives at companies with revenue of at least $1 billion shows that the pace of innovation, increased regulations, damage to reputation and talent gaps are the leading risks to companies’ business strategy. In addition, many are not using risk-sensing tools. Risk sensing involves the use of human insights and advanced analytics capabilities to identify, analyze and monitor emerging risks. The infographic by Deloitte summarizes the survey findings.
OCEG ran a poll on Business Continuity Management (BCM) and this blog post provides some of the results. For example, more than 75% of respondents indicated that their organization has a formal program for BCM, but the poll also shows that BCM might not be taken seriously.
This video by StormWind provides a high-level overview of how to gather information on stakeholder tolerance levels for risk, in order to effectively begin planning for risk in the context of project management.
Companies have worked with suppliers, outsourcers, agents, etc. for years. But the frequency and scale of third-party use and the regulatory focus on how organizations are managing third parties to address risks have changed. Kristian Park of Deloitte discusses the escalation in third-party risk and the ways organizations should mitigate it.
Michael Volkov from the Volkov Law Group discuss reputational risks that may be applicable to a company’s supply chain. Volkov’s blog post also includes some tips and advice on how to mitigate supply chain risks, such as focussing on primary vendors and suppliers.
This blog post from OCEG stresses that the Legal department of a company plays a critical GRC role, from regulatory interpretation and policy design, to involvement in third-party due diligence and compliance investigations, to advising both internal audit and risk management based on legal findings.
Many people fail to distinguish between a hazard and a risk. They are not the same thing, and people use both terms interchaebabiliby without understanding the differences. This post on Enablon Insights explains the differences between the two, and how they fit in risk management.
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC.