We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Building a Risk Taxonomy Step 2: Connecting What Matters

Vote 0 Votes
Organizations need to build a robust Enterprise Risk Management (ERM) framework or risk taxonomy, which provides a holistic view of all information and relationships across the organization. Taxonomy structures and preserves the integrity of information, so as changes occur in multiple parts of the organization, managers can compare risks on an 'apples to apples' basis and connect the dots between business areas. It is the critical foundation of your ERM program and any enterprise risk management (ERM) software automation initiative.  

As I described in my last blog, the first step to building a risk taxonomy is identifying your organizations core business processes to create accountability and focus on business value. 

The next step in building a risk taxonomy is to enable better resource allocation by the naming and categorizing of all the key people, systems, and vendor products and services used by these business processes. 

  1. Organize risk assessment templates by resources vs. by use or department 

 To make effective Enterprise Risk Management (ERM) simple and practical, you need to take complex material, break it down, and make it accessible for anyone in your organization. To do this, information should be organized by resource rather than by use or department, and organizations need to create a holistic profile for each critical resource in your enterprise. 

 By resources, we mean people and vendors and the physical assets, software applications, services and data repositories used in the organization. Everyone knows something about the relationships and data around these resources, but no one knows everything. The challenge is how to get everyone to contribute their "piece".

 A risk taxonomy, provides a structure for information and ownership, by breaking down complex interconnected information into resources as basic building blocks. This enables everyone to understand and contribute their piece and take ownership for change management. These standardized building blocks become a library to be shared across all business areas and reduces unnecessary duplication and overlap.

  2. Performance Management: Link resources to the Business Processes that use them 
The relationships between the resources and the business processes that use them should be explicit as this determines business impact. The more clear the understanding of business impact, the more effective the governance activity will be. The connection to a business process provides a direct connection to the subject matter expert for the activity that uses the resource and knows the criticality of that resource to their activity. 

 The result is the identification of critical business processes based on a score that includes these key supply chain and infrastructure dependencies. Control and mitigation activities can then be organized within the business processes in which they operate and are connected to the resources they depend upon to complete this circle. 

 A common shared infrastructure, or risk taxonomy, is necessary to support risk management information across an entire enterprise. Through this approach, organizations will see the benefits of eliminating redundant work on assessments, controls and testing while reducing risk at the same time. 

 The next steps in building a risk taxonomy is standardizing risk assessment template criteria for these resources and processes, consolidating data collection, and understanding cross-silo dependencies. 

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the author of the RIMS Risk Maturity Model for Enterprise Risk Management and CEO of LogicManager, the recognized leader of enterprise risk management solutions. LogicManager provides an integrated, intuitive software-as-a-service platform that helps companies make better decisions through risk intelligence for more effective corporate governance, risk and compliance management.

Recently Commented On

Monthly Archives