We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

5 Steps for Better Risk Assessments

Vote 0 Votes

Risk managers are charged with ensuring transparency, alignment, and forward looking views throughout the organization.  The way this is achieved is through risk assessments.  

Successful enterprise risk assessments can be a powerful tool for board and management level strategic decision making by connecting business activities to goals and identifying the risks that threaten to derail these strategic objectives.  An unsuccessful risk assessment is little more than a form over substance activity that lacks context and actionable results.  

So, how do you implement a successful enterprise risk assessment?  

The key is being able to compare information across functions and levels while keeping one comprehensive risk picture.

1. Standardize your Risk Assessment Templates - Activities like vendor management, business continuity, compliance, IT, financial reporting, operations, internal audit, and others are all informal risk assessments.  When these assessments are carried out on the same standards and assumptions, defined in a taxonomy, they can be compared and utilized cross-functionally.

2. Common Root Cause Risk Identification Approach - Risk managers should provide a common root cause risk library to process owners so that when multiple areas chose the same risk, systemic risks as well as upstream and downstream dependencies can easily be identified and mitigated.  This method also identifies areas that would benefit from centralized controls so the extra work of maintaining separate activity level controls is eliminated.

3. Performance Management: Alignment of Activities, Goals and Risk - Risk managers need to tie root cause risks to strategic goals and trace these same risks through the process areas that they affect in order to determine which activities will roll-up to impact organizational objectives.  Once these connections are made clear, risk managers are able to prioritize the effectiveness of controls, so that resources and focus are allocated to the issues that will yield the greatest benefit to the organization. 

4. ERM Reporting: Group Information for Multiple Stakeholders - Because assessments are conducted on the same standards and assumptions and risks are identified at a root cause level from a common library, process owners can do one risk assessment, and the information can be sliced, diced, and aggregated to serve multiple purposes.  It will provide a functional insight for the process owner, tie into governance areas like vendor management, and serve a strategic purpose by rolling-up into board level objectives.

5. Risk Appetite: Timing and Trends - Risk assessments must be conducted on a regular basis and when approaching business changes, new initiatives, or high risk issues.  Being able to view the trends over time gives the organization's static risk profile context and a reference point so that necessary actions can be taken when you start seeing small changes in your risk profile before things get out of tolerance. 

To see these best practices in action to uncover changes in risk to prioritize controls, tests and business metrics, watch this 5 minute video.


| Leave a comment

This is really helpful - thank you for sharing the video - very insightful and straight to the point.

Great tips for risk management. More people need to take note of this. The sooner, the better.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the author of the RIMS Risk Maturity Model for Enterprise Risk Management and CEO of LogicManager, the recognized leader of enterprise risk management solutions. LogicManager provides an integrated, intuitive software-as-a-service platform that helps companies make better decisions through risk intelligence for more effective corporate governance, risk and compliance management.

Recently Commented On

Monthly Archives