Risk Roundup - September 2016

September 19, 2016

Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. We hope you enjoy the recap for September 2016.

The 3 Essential Capabilities Needed for Operational Risk Management

Operational risks are defined by their ability to lead to adverse events. Operational Risk Management centers on Environmental, Health and Safety (EHS) risks that can cause accidents or incidents. This post discusses why and how operational risks need to be managed effectively, the three essential ORM process capabilities, and considerations for implementation. Read more

Reputation: How to Protect, Preserve and Enhance a Precious Asset

Reputation is priceless, and helps to sustain relationships and drive success. For organizations in today’s highly connected and complex business world, reputation should be managed with care. There are many risks that can threaten a company’s reputation, but firms that ask the right questions—and implement the proper governance, reporting and sensing practices—can mitigate them. Read more

In this in-depth interview series, David Robbins, Senior Partner and Managing Director of ERM’s Information Solutions operations for the Americas, highlights the challenges that asset-intensive companies face in managing compliance, and how oil and gas companies can keep pace with the coming changes in the industry.

Comparing the ISO 31000 and the proposed COSO ERM

Excluding banking and insurance, the most widely used frameworks by risk management practitioners are based either on ISO or COSO. This article provides a side-by-side comparison of the ISO 31000:2009 and COSO ERM frameworks. Read more

Ineffective Risk Management

In the context of project management, there are a number of reasons why risk management can become ineffective. This video explains a few of them. Watch video

Get Ahead of Your Risks: How to Use Key Risk Indicators

Project managers can get ahead of their risks by thinking differently. Rather than focusing on past performance only, they should consider how they can anticipate future threats and opportunities. Key risk indicators (KRIs) are needed. While KPIs and KRIs are used mostly in operational and enterprise risk management, these measures can also help project managers. Read more

​The Extraordinary Risk of Business Continuity Interruption

Organizations need to develop and maintain disaster recovery or business continuity plans. Internal audit can support business continuity by helping the C-suite understand risks, as well as the options created by effective business continuity management (BCM). Good BCM enables organizations to overcome work stoppages as quickly as possible while maintaining recovery capabilities, restoring resources, managing supplies, and aligning with emergency management processes. Read more

Time for the Board to Take a Deep Dive Into Risk Management and Risks

In this post, Norman Marks argues that many boards (or a committee of the board) should take periodic deep dives into: 1) How the management team identifies, understands, assesses and addresses risks to enterprise objectives, and 2) How that same management team addresses specific sources of risk. Read more

Risk Appetite: Why ‘Tone From the Top’ Is Vital

Many boards fail to understand the difference between their company’s risk appetite and risk tolerance. Boards must clearly articulate their company’s risk appetite in order for risk managers to do their jobs, according to one of Australia’s risk management veterans. Read more

Retail Sector Risk: Building Effective Enterprise Compliance

Strengthening compliance across a retail organization—from the farthest reaches of local stores and supply chain partners to the corporate offices and, ultimately, the board—calls for a new approach to enterprise compliance for many retailers. This article discusses the benefits of an enterprise compliance program for retail organizations. Read more

Visit Enablon Insights a month from now to learn more about what caught our attention in Risk and GRC!

A Governance, Risk and Compliance (GRC) platform can help you enable holistic risk management in your organization to adequately prepare for threats and crises. Download The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016 report and learn more about the 14 most significant GRC vendors.

The Forrester Wave Governance Risk Compliance Platforms