Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. We hope you enjoy the one for March 2016.
The Campbell Institute talks about the importance of considering the varying degrees of intensity for potential consequences of incidents, in this Safety+Health article. It begins with a shift in focus to risk and severity. As a result, the performance metrics used to measure safety performance should be risk-based. Read more
This video from Phoenix Health and Safety, shared by SHP Online, explains the definition of risk, and details how to carry out a risk assessment, i.e. evaluating who might be harmed, the risks and controls, as well as recording and reviewing findings.
Successful organizations identify, evaluate and manage operational risks. This article by Harry Hall explains how to develop an operational risk management plan, and identifies four categories of operational risk: 1) Business Process Risk, 2) People Risk, 3) System Risk, and 4) External Event Risk. Read more
Third-party risks and embedding a culture of compliance are Chief Compliance Officers’ greatest challenges, according to the results of In Focus: 2015 Compliance Trends Survey. The survey is based on the responses of 364 senior-level executives working in ethics, compliance, audit, risk management or corporate governance, at companies with median annual revenue between $1 billion and $5 billion. Read more
Spreadsheets, and their associates documents and emails, are the most prevalent GRC tool used by organizations, according to this GRC Pundit blog post. But the use of spreadsheets comes at a significant cost if not controlled, monitored, and used properly. This is why spreadsheets by themselves fail in GRC. Read more
Cannistraro, a mechanical construction firm in Boston, asked field and office employees to identify safety hazards in their immediate work environment in order to promote safety awareness. After reviewing hundreds of responses, the top five hazards listed the most frequently were collected. The results of the findings are shown in the infographic.
According to this OCEG blog post, Legal is now involved in helping business operators evaluate and address risk. This makes business operations more agile, resilient and responsive to change. Legal can help risk and compliance teams to establish oversight of internal operations and external changes that affect the ability to manage uncertainty and stay within established boundaries. Read more
Water has a place on the risk agenda for many companies, either as a direct operational issue or in the supply chain. This Environmental Leader article gives three primary actions companies should take to best manage their water risk, as well as the different types of water-related risks. Read more
This post on the SHP Online blog aims to reduce confusion around terminology by explaining the differences between “risk profiling” and “risk assessment”. Conceptually there are overlaps, but in practice risk profiling is more at a macro overview level and risk assessment more at a detailed level. Read more
Risk does not have to be negative. Risks can also create opportunities for improvement that can make a company more efficient, or provide a competitive edge. This post on Enablon Insights includes five examples that show how risks can create opportunities for improvement.
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC.