We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Using Risk Assessment Templates to Prioritize Business Measures

Vote 0 Votes

The number of business measures within organizations is typically growing. Measures are often added on a reaction basis to loss events that have already occurred. Wouldn't it be valuable to be able to focus on forward looking measures? In most organizations, these preventative, proactive measures are indistinguishable when grouped with reactive measures, because the metrics do not formally tie back to any commitments or risks.

What if a risk or activity changes? Organizations have no way of knowing how and if these changes will affect their risk metrics. Risk Assessments and linking risks to activities allows organizations to start prioritizing what activities need to be monitored.  Through regular quarterly, or even annual, risk assessments, organizations can detect increased threat levels and identify new emerging risks before they materialize and bring your business metrics out of tolerance.

Business measures are important because you cannot improve what you cannot measure, however this large number of unconnected goals is problematic because

1. Measurement fatigue - staff may simply ignore many measures because of a lack of time to assess them.
2. Measure obsolescence - in a changing environment there is no effective way of knowing when measures no longer apply.
3. Lack of prioritization - picking the measures to focus on is likely to be on an ad hoc basis and upon the whim of current staff.
4. Lack of continuity - changes in the organization or the development of new lines of business may result in new measures while existing measures may be more effective.
5. Lack of coordination - often measures apply to multiple risks or commitments across functional lines.  The inability to formally tie measures to risk or commitments does not promote inter-functional coordination resulting in business silos and duplication of effort.
6. Wasted resources - The amount of resource available to accomplish business goals and to mitigate risk is finite.  Staff will often continue to manage to obsolete or unimportant measures rather than aligning with current imperatives.
7. Resistance to change - A difficulty to apply past experience to a changing business environment resulting in a tendency to "reinvent the wheel".

Much of the necessary information exists in organizations today; the missing piece is formalizing these critical connections.  Enterprise Risk Management (ERM) software has functionality to identify risks and commitments; assess them based upon likelihood, impact and assurance; evaluate whether action is needed; devise mitigation or business building activities if needed, specify and record measurements to track effectiveness, and finally formalize the connection between all of these activities. 

Connecting the measurements to the risk mitigation activities and business initiative data and then back to the underlying risk and commitments will provide the following benefits:

1. ERM Reports: Explicit prioritization of measures based upon a risk/reward index and a dashboard presentation on the heat map dashboard in LogicManager.
erm heatmap2. Operational Risk Management: Real-time trending of measures on an ongoing basis with measure consolidation used to direct management attention to problem (out of tolerance) conditions.erm metrics3. Risk Assessment Templates: Allow for rational elimination of measures that have low priority or non-existing connections to risks or business initiatives.
4. Performance Management: Facilitate new business initiative business measurements prioritized upon risk or business commitments.
5. Resource Allocation: More effective use of scarce resources.

The key is working with the functional managers to make the connections.  

The immediate benefit will be to identify measures that are not connected to any risk or initiative and to determine if they should be eliminated.  Then, once the connections are made, use the management tools in your Enterprise Risk Management software on an ongoing basis to improve utilization of business measures within your organization.

Watch a complimentary 5 minute video to learn how to link risks to business measures.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives