Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. We hope you enjoy the recap for November 2016.
In this short post, Norman Marks shares the answer given by Fiona Davidge, head of the British Standards Institute and a 15-year risk manager, to the following question: “What are the biggest obstacles for integrating risk management in all organizational activities for managers in the UK?” Read more
According to a survey, only 13% of respondents said that enterprise risk management (ERM) makes a significant contribution to the setting and execution of strategies. ERM has created a lot of excitement, but very few successful examples. There are a number of reasons why ERM has so few successful implementations. Read more
Yesterday’s compliance program no longer works. Compliance activities managed in silos often lead to the inevitable failure of an organization’s GRC program. Boards desire a deeper understanding of how the organization is addressing compliance risk, whether its activities are effective, and how they are enhancing shareholder value. Read more
The compliance function faces a big challenge today: encouraging executives to work together to revamp siloed, haphazard risk management systems and turn them into an integrated process that provides greater transparency, reliability and value. It is critical that the compliance function play a key role in risk management strategy. Read more
Every business encounters risk, but organizations have often been all-too happy to fall back on an ad-hoc approach to dealing with it. Guesswork and hunches won’t get you very far when it comes to managing risk. You need to take a robust, formal approach. Read more
For too long, there has been an unspoken assumption in traditional risk management that organizations and people function on rational lines. In reality, all organizations consist of real people who exhibit the range of normal human feelings, emotions and behaviors. Real people constantly react to real life in ways that, while predictable, are not strictly rational. Expecting people to behave like machines leaves you open to unnecessary risk. Read more
There are worse things than having no internal audit. This is particularly true if an internal audit function is weak or ineffective because, in such instances, it is easy for management, boards, and third parties to be lulled into a false sense of assurance. The stakeholders for such internal audit functions might easily conclude all is well because internal audit has not raised any red flags. In some instances, nothing could be further from the truth. Read more
Strategists and Risk Managers don’t communicate well with one another. Strategists are obsessed with grabbing opportunities while risk managers are fixated on minimizing risks. What is needed is a common language for communicating between strategists and risk managers about risk, so that they hear each other. Read more
Identifying and managing strategic risks can be a difficult task. Many companies have traditionally separated their risk and strategy functions and think of risk as more of a compliance responsibility rather than a dynamic tool for value creation, business performance management and growth. However, companies that align strategy and risk can be better served to allow for a process of “strategic resiliency”. Read more
Risk modeling has been prevalent for years in certain industries in which taking calculated risk is integral to the business. More recently, organizations have begun to adopt a wide array of risk models and simulations to start addressing strategic, operational, compliance, geopolitical and other types of risk. Wider availability of data and sophisticated analysis capabilities is making modeling more practical. At the same time, the need to cope with an increasingly risky environment is making it more valued. Read more
Visit Enablon Insights a month from now to learn more about what caught our attention in Risk and GRC!
A Governance, Risk and Compliance (GRC) platform can help you enable holistic risk management in your organization to adequately prepare for threats and crises. Download The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016 report and learn more about the 14 most significant GRC vendors.