| It is no coincidence that very few organizations | | | | - Can we take action to avoid or mitigate it? |
| currently manage their risks well. | | | | - How much would the countermeasures cost? |
| Typically, the enterprise-level risks that create the | | | | - ... |
| significant impacts for organizations are like icebergs | | | | Some of your individual risk silos may collect data like |
| are to large ships, very visible for a considerable time | | | | this but the communication is in different formats |
| before they hit, with the majority of the risk not | | | | and, frequently, in different meetings. Just to add |
| visible above the surface. | | | | further confusion sometimes a different side of the |
| Whereas modern, large ships have generally | | | | same risk gets reported from different silos. |
| developed substantial protective countermeasures to | | | | There is an easy and profitable solution to get your |
| avoid icebergs, modern, large organizations seem to | | | | risk experts talking to each other. If all risks have |
| gravitate towards substantial enterprise-level risks | | | | to gather similar data and can be made available in a |
| with a frequency that suggests that nobody is on | | | | single common framework – suddenly, the risks |
| lookout. | | | | of significance are free to rise to the top and the |
| In reality, the lookout tower of a typical organization | | | | relative investment priorities become apparent. |
| is probably so full of lookouts that the problem is not | | | | Enterprise Risk Management collaboration and |
| so much detecting risk, as trying to decipher from | | | | reporting tools can provide this single framework, and |
| the different lookouts what the overall value and | | | | pave the way in adding value, yet rarely do |
| meaning of each risk situation really is. | | | | organizations opt to step away from the |
| If you think about your own organization, what | | | | spreadsheet approach. |
| types of risk get tracked? | | | | Why? |
| - Operational | | | | If you think about what most organizations do after |
| - Strategic | | | | a major risk hits – they spend a lot of money on |
| - Regulatory | | | | countermeasures to the risk, rather than on |
| - Capital | | | | improving their risk management capabilities. As a |
| - Audit | | | | consequence, the original risk is resolved but the next |
| - Safety | | | | major risk can mature quite nicely. |
| - Insurance | | | | Although some people would argue that this is a |
| - ... | | | | truism (If you could manage your risk, you would be |
| Because each one of these tends to rely on | | | | better off!) – The fact is that even major |
| different expertise, they are often managed in | | | | organizations often require statistical evidence to |
| isolated silos. | | | | support the need to invest in risk management. |
| If your organization manages risk in silos, imagine this | | | | A collaborative enterprise risk management approach |
| scenario; on the ship, one lookout is talking about a | | | | supports the collection and sharing of data about |
| nice seal he saw sitting on a large iceberg, another is | | | | risk. This can be used to navigate risks, support |
| talking about the chance of food poisoning in the | | | | better portfolio investments and also deliver the |
| crew canteen, a third is discussing a storm that may | | | | (tangible) demonstration of the savings created. |
| be encountered in the next few days, whilst another | | | | The only challenge is that they won’t let you |
| has noticed a pressure gauge has moved. | | | | have an effective Enterprise Risk Management tool |
| Without a common framework or measurement to | | | | until you prove its value! |
| interpret the lookout information, the news of the | | | | A capable Enterprise Risk Manager (ERM) application |
| iceberg is confused with a heart-lifting story about a | | | | (such as our own Adaptive GRC |
| seal and the focus turns towards the relative danger | | | | ERM solution), can help to quickly demonstrate the |
| of the onboard chef having selected blowfish as the | | | | profit and advantages that are created through an |
| main course in the canteen. | | | | enterprise-wide risk management technique. |
| Part of the extended problem is that your various | | | | No longer are potential key risks permitted to remain |
| risk managers are seldom (if ever) required to | | | | nebulous and under- defined. Risks become tangible |
| communicate around a common framework. This is | | | | and improved data records demonstrate the financial |
| often further compounded by the absence of a list | | | | value of the risk management approach. So, if you |
| of the data you want to collect about the risk. | | | | want to have a more effective organization, you |
| Items like: | | | | need an effective enterprise risk management tool |
| - What do we know about the risk? | | | | to help achieve opportunity and reward, by being |
| - What will it cost if it hits? | | | | better able to tackle downside and danger. |