Risk Roundup - December 2018

December 17, 2018

Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for December 2018.

ERM Implementation: What Risk Professionals Consider the #1 Challenge To Be

The author of this article asked fellow risk professionals “what is your single biggest challenge when it comes to ERM implementation?” The top answer was not about how to assess risks, or integrate risk management with strategy. The top answer was tone at the top. Read more

Repeatable Risk Events Don’t Have a ‘Likelihood’

Risk events that can repeat don’t have a likelihood. They will happen, the only question is when. Events that can repeat have a frequency, not a likelihood. If you confuse frequency with likelihood, you’re confusing risk with cost. Read more

What is the Ultimate Goal of Risk Management?

Alex Sidorenko talks about the ultimate objective of any risk manager in a non-financial company. He explains that a risk manager must help employees and executives integrate risk analysis into their day-to-day activities and decision-making. Watch video


More than 30 brands are part of AccorHotels, including well-known names like Fairmont, Sofitel, Novotel, ibis and others. The Group’s 4,500 hotels are located in about 100 countries, and AccorHotels relies on a global team of more than 250,000 staff. AccorHotels standardized internal audit and internal control across 2,500 hotels through a single tool.

Traditional vs. ERM – Going Beyond Managing Risks One at a Time

This article explains how traditional risk management looks at risks one-by-one. This process occurs at the department level and rarely includes coordination with other parts of the company. Instead of looking at risks one-by-one, ERM combines the various departments’ risk management activities together to look at the big picture of risks the organization faces. Read more

[Report] Risk in Focus 2019 – Hot Topics for Internal Auditors

The goal of this report is to provide a touchpoint for the internal audit profession that helps Chief Audit Executives to understand how their peers view today’s risk landscape. Now in its third year, the 2018 edition is the result of a collaborative effort between seven European institutes of internal auditors in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland. Download report

Extended Enterprise Risk: The Board’s Role in Managing Exposure Beyond the Organization

As value and risk from the extended enterprise grow, the front line of defense should be reset beyond organizational boundaries to the broader network that delivers value to customers. Boards should hold management responsible for building an effective extended enterprise risk management (EERM) organization and establish, when needed, formal mechanisms to exercise oversight. Read more

Extended Enterprise Risk Management (EERM)

An Early Look at Internal Audit Priorities for 2019

In 2019, the risk landscape will likely focus on cybersecurity, data governance and privacy, third-party risk, and the evolving hazards associated with technology’s impact on organizational ethics, culture, and integrity. You should ensure that you have considered all of the risks facing your organization as part of your 2019 internal audit plans. Read more

Four Steps to Align ESG and Enterprise Risk Management (ERM)

Incorporating sustainability into ERM can strengthen a company’s understanding of its full suite of risks, improve its sustainability management, and enhance overall business performance. Also, incorporating an ERM lens into materiality assessments can help to translate results into language relevant to the business. Read more

Using the Cloud to Transform Risk Management

Before cloud services were available, it was complex and costly to automate risk management processes, making many initiatives impractical. Today, cloud services give organizations a platform to tap into other digital technologies such as artificial intelligence, automate certain tasks, and redeploy risk management teams to higher-value assignments. Read more

Webinar GRC Operational Excellence