Risk Roundup - March 2017

March 20, 2017
By Jean-Grégoire Manoukian

Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for March 2017.

ISO Aiming to Make 31000 Risk Standard Easier & Clearer

ISO 31000:2009 on risk management principles and guidelines (adopted in the U.S. as ANSI/ASSE Z690.2) is being revised to make the standard easier to apply and clearer in its guidance. The standard’s terminology has been streamlined, with some terms moved to ISO Guide 73, Risk management – Vocabulary, a companion document to ISO 31000. ISO also says the guidance on building a risk management framework, which applies to all users, has been expanded to include country- and industry-specific concepts or examples. Read more

Bowtie Methodology

Bowtie methodology is a risk assessment method that safety and health professionals use to analyze causal relationships involved in complex workplace risks. Learn more from this video by the ASSE’s Risk Assessment Institute. Watch video


The Value of Risk Interviews as Part of ERM Strategy

Enterprise risk management demands an entity-wide strategy – one that comes from the top and encompasses the entire organization. For executives, it can be difficult to have a full view of the risk landscape, especially in larger organizations. To better understand the risks a company faces, experts recommend risk interviews that, when done correctly, improve the ERM process one answer at a time. Read more

Comparing ISO 31000 (2009) with the draft ISO 31000 (2017) – Part 1

Recently the draft version of the first revision of the ISO 31000 standard has become available for purchase and review. A first drastic change is immediately visible in the introduction of the standard, as it really catches the eye. This article comments on the changes in the introduction part of the standard. Read more

6 Pitfalls When Implementing Enterprise Risk Management

This webinar covers six common pitfalls faced when establishing enterprise risk management. It also conveys the commitment necessary for proper implementation in order to achieve organizational objectives over time. Watch the webinar or the slides.


This post on Enablon Insights briefly explains the three lines of defense model and how risk management software can strengthen the model, based on the contents of a PwC report and our experience with clients using the Enablon platform for GRC or risk management.

Execution Risk: Stepping Over 12 Common Hurdles

Whether you are an incoming CFO charged with improving performance or a sitting one trying to transform your organization, execution risk looms large. Consider, for example, the risks involved in expanding globally or in changing your business model or even in getting projects that are off the rails back on track. In Deloitte’s quarterly CFO Signals™ report, execution risk is routinely named a top internal risk. Read more

10 Things Successful Project Managers Never Tolerate: Ineffective Risk Management

One of the 10 things that successful project managers should not tolerate is ineffective risk management. Some project managers wait until things are out of control before they exercise risk management. Watch video


What Does the Industry Think of Operational Excellence?

Operational excellence is a global concept whose time has come despite a fairly rocky ride since it first made its debut in hazardous industries several years ago. A recent survey of oil, gas and petrochemical industry professionals shows a growing consensus around operational excellence, what it means and the benefits it can bring to organizations in hazardous industries. Read more

Developing a Policy Management Strategy

Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise. Policies and training programs that are managed as dissociated documents, data, systems, and processes leave the organization with fragments of truth that fail to see the big picture of policy and training across the enterprise, and how it supports the organization’s governance, risk management and compliance responsibilities. Read more

Visit Enablon Insights a month from now to learn more about what caught our attention in Risk and GRC!

A Governance, Risk and Compliance (GRC) platform can help you enable holistic risk management in your organization to adequately prepare for threats and crises. Download The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016 report and learn more about the 14 most significant GRC vendors.

The Forrester Wave Governance Risk Compliance Platforms