Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 2)
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 1)
While the management needs to ensure that the necessary resources are allocated to the integration of risk management into decision making and core processes, considerations of the internal and external context should apply, and in particular: People responsible for managing risk should: Have sufficient industry, business, and technical knowledge and experience Have strong facilitation, risk… Continue reading RISK MATURITY: Are necessary resources allocated to managing risk?
The ultimate goal of risk management 2 is to integrate risk analysis into decision-making processes and the overall management of the organization. Mature organizations ensure that appropriate risk assessment and decision-making techniques/tools are used, for example: The effect of uncertainty on cash flows, budgets, business plans and production forecasts may be analyzed by running Monte-Carlo… Continue reading RISK MATURITY: Choosing the most appropriate risk assessment technique
Most mature organizations have already documented their appetites for different risks to objectives. Segregation of duties, financing and deal limits, procurement criteria, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetites. Sometimes risk appetite is driven by legal or regulatory requirements, industry practices, sometimes by… Continue reading RISK MATURITY: How to document risk appetite
A critical component of risk management integration is including responsibility and accountability (authority, resources and competence) for managing risks into all business activities. Top management should ensure that the responsibilities and authorities for relevant roles with respect to risk management are assigned and communicated at all levels of the organization. It is quite common to… Continue reading RISK MATURITY: How to integrate risk management into roles and responsibilities
Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk management. Risk management framework documents became so common, that nowadays they don’t require much effort to develop and there are plenty… Continue reading RISK MATURITY: How to build a risk management framework
Join us for the second instalment of our three-part series regarding ISO 31000 vs. COSO ERM – The Great Debate. More than 700 people registered for the last debate and hundreds more watched the replay. 17 MAY 2018, 5PM EUROPE REGISTER: https://go.oceg.org/iso-31000-vs-coso-erm-the-great-debate-part-ii-taking-the-right-level-of-the-right-risks-for-success In the Great Debate, the panellists all agreed that decision-making is the heart of… Continue reading ISO 31000 vs. COSO ERM – The Great Debate Part II: Taking the Right Level of the Right Risks for Success
Quite simply, because it is so high level and it has plenty of good messages. High level That’s right. The best thing that ever happened to ISO31000 is the fact that is so ridiculously high-level and doesn’t provide any specific details on the implementation. This is important for 2 reasons: risk management implementation is an art,… Continue reading Why do I love ISO31000:2018?
Yesterday was a great day. I had great fun debating ERM with a good friend, Chris Mandel, SVP Strategic Solutions, Sedgwick and Director, Sedgwick Institute. We started talking about ERM and what it means for business but quickly switched to many other fascinating topics, including integration of risk management, decision making, cognitive biases, quantification, showing risk management… Continue reading The great debate – Alex Sidorenko vs Chris Mandel – is ERM real?