Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for September 2018.
This interactive graph lets you select one of more than 30 industries, and receive an expert view for each industry, including the biggest issue, the biggest surprise risk ranking and the biggest issue in 3 years. The graph also identifies the top 10 risks and the top 5 projected risks for each industry. Explore industry risk data
Through consultation with audit committee chairs, executives, chief audit executives and business leaders, Deloitte developed a blueprint that aims to clarify the expectations of Internal Audit and required enablers to meet these, codifying the most important elements. Deloitte calls it Internal Audit 3.0, the next generation of Internal Audit. Download report
For many organizations, risk management tends to have a more operational than strategic focus. And risks tend to be addressed only after they occur. By focusing solely on mitigating risks and preventing the recurrence of a risk, organizations face a slow-down in the decision-making process. In contrast, organizations that align strategy and risk are likely to be able to exercise “strategic resiliency,” which is the ability to anticipate, know and act on risks. Read more
Organizations must strike a balance by defining and implementing a strong risk culture: 86% of business leaders say that culture has a major impact on success. Culture is one of the most difficult aspects of an organization to change, as it is so deeply rooted in day-to-day activities and can be hard to identify. However, risk teams can begin by considering the steps outlined in this article. Read more
Reputational risk runs through many layers: product quality, customer service, supply chain, operational infrastructure, and executive behaviour. Harm to a company’s or brand’s reputation can have significant impact on the bottom line. Bad online reviews, a data breach, an ethics scandal, or a reputation for poor customer service can drive away customers. This article offers tips on how companies can prepare for, and help mitigate, reputational damage. Read more
Data is everywhere. The hard part is knowing how to use it to achieve a well-defined purpose or objective. Data presents serious opportunities. Many internal audit departments see the opportunity, but have struggled to generate significant value that outweighs the additional costs of implementing a data analytics program. Read more
Goldcorp is one of the leading gold producers in the world. The company constantly seeks to be safer, more sustainable, and more responsible in the way its operations are conducted. Goldcorp uses Enablon to manage risk, EHS and sustainability all on the same software platform. For Goldcorp, the most tangible result of using a single, integrated platform is the consolidation of EHS and risk data that helps the company achieve a number of benefits.
A common ERM challenge is how an annual risk review becomes a check-the-box activity. An ERM program that falls into this trap runs the real risk of stagnating and eventually becoming irrelevant, which of course is the worst case scenario. What you want is an ERM program that engages stakeholders and helps them make risk-informed decisions. This article presents three strategies you can use to ensure your organization’s risk review is engaging and ultimately valuable for participants. Read more
We can increase our risk literacy through practice and education. Since the primary goal of ERM is to help the organization make risk-informed decisions, use the four approaches outlined in this article as often as possible to strengthen the risk literacy of your organization. Read more
Use tabletop exercises to stress-test your business continuity management and make sure critical personnel are familiar with the BCM recovery plans. Tabletop exercises serve as an effective and inexpensive way to test the effectiveness of business continuity and disaster recovery plans. They can be applied across a broad set of scenarios and are not confined to testing IT resiliency and security. Read more
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!
View the recording of our webinar with COFACE to learn more about their GRC journey with Enablon, and how to centralize risk, control and assurance activities: