Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. We hope you enjoy the one for February 2016.
Verdantix says that the language of risk management has been shaped by a focus on financial risk. The use of “operational risk management” by financial institutions creates confusion for the EHS community. According to Verdantix, firms should develop a framework for better operations risk management by consolidating risk data at the granular level in EHS software applications. Read more
This post on the ASSE blog explains how a law of physics can apply to safety. Newton’s Third Law (“For every action, there is an equal and opposite reaction”) can be applied to safety through risk assessments, by identifying in order: 1) Job tasks, 2) Hazards associated with job tasks, 3) Levels of risk, and 4) Mitigation actions. Read more
Norman Marks maintains that Internal Audit’s role is not to identify risks. That is management’s responsibility. Instead, Internal Audit should: 1) Audit and assess management’s ability to identify, assess, and manage significant risks, 2) Audit and assess the adequacy of controls, and 3) Ensure the Board understands where the controls are not adequate and that failure raises the level of risk. Read more
This blog post from GRC 20/20 explains that every organization does GRC, but it does not mean that every organization does GRC well. It describes the 17 primary segments of GRC domains and their sub-segments, as well as the reasons why GRC projects fail. Read more
This INSEAD Knowledge blog post says that risk managers must shed their reputation as “naysayers” waving compliance-driven paperwork. The role of risk manager is one of the most cross-functional in the organisation, and risk managers should be involved in shaping KPIs for the entire organisation, not just their own. Read more
Now in its 11th edition, The Global Risks Report 2016 from the World Economic Forum draws attention to ways that global risks could evolve and interact in the next decade. The Report calls for action to build resilience – the “resilience imperative” – and identifies practical examples of how it could be done. Read report
Here’s a video giving more background information on the report:
The mining sector faces significant climate change risks, Triple Pundit says. Physical risks to mining operations include changes to rainfall, higher sea levels, and lower freshwater lake or river levels. Physical risks may impact asset values, reduce efficiency, increase the risks of non-compliance, force changes in operating practices, and reduce or increase demand for certain products or services. Read more
More than 320 financial executives across Canada participated in an online survey for the study The State of Enterprise Risk Management in Canada. Two-thirds of respondents say they’re only “somewhat confident” in their organization’s ability to manage risk. Read more
According to this Deloitte Insights article, C-suite executives are realizing that, by focusing on strategic risks, they are better equipped to identify what could undermine their future business, adapt to new challenges and take advantage of emerging opportunities. Strategic risk is described as the “next frontier of risk management”. Read more
The Forrester Wave Report includes a detailed evaluation of the 14 most significant vendors in the GRC marketplace. This post on Enablon Insights describes five ways to use the report to make the most of the research, as part of a GRC software evaluation process.
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC.