We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Assessing Risk: How Big Risk Data can Paralyze ERM

Vote 0 Votes

security risk managementA study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle that we see consistently challenge organizations with a growing ERM process can be best described as a paradox of big data. These organizations have recognized the need for a formal ERM process, have hired experienced professionals to lead the charge, and have collected data in risk assessments from across their organization. Now faced with tens or even hundreds of identified risks, the risk managers are in effect paralyzed by the abundance of options as they to aggregate risk assessments and report on findings.

Collecting as much risk intelligence as possible seems like a worthy best practice, but big data is only as useful as the tools in place to use it to its full advantage.

The solution to this problem is an objective Enterprise Risk Management framework that doesn't rely only on intuition, but instead balances the assessments against the organization's unique business structure. With this type of structure, or risk taxonomy, in place, an identified risk can be assessed by the effected party and categorically ranked. An effective taxonomy will provide organizations with the flexibility to prioritize risks not only by department, but also by geographic regions, strategic initiatives, or adherence to frameworks like COSO, COBIT, and RIMS.

This kind of flexibility allows organizations to easily analyze a large amount of enterprise risk information, but it can be difficult to achieve without a formal risk management process and may not be obvious to organization facing a multitude of risks.

If your organization is faced with a challenge in reporting on risk assessment data, we invite you to watch our Streamlining Governance Video.

1 Comment

| Leave a comment

Congratulations on a beautiful and useful information

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives