Manage Tomorrow's Surprises Today

Steven Minsky

Assessing Risk: How Big Risk Data can Paralyze ERM

user-pic
Vote 0 Votes

security risk managementA study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle that we see consistently challenge organizations with a growing ERM process can be best described as a paradox of big data. These organizations have recognized the need for a formal ERM process, have hired experienced professionals to lead the charge, and have collected data in risk assessments from across their organization. Now faced with tens or even hundreds of identified risks, the risk managers are in effect paralyzed by the abundance of options as they to aggregate risk assessments and report on findings.

Collecting as much risk intelligence as possible seems like a worthy best practice, but big data is only as useful as the tools in place to use it to its full advantage.

The solution to this problem is an objective Enterprise Risk Management framework that doesn't rely only on intuition, but instead balances the assessments against the organization's unique business structure. With this type of structure, or risk taxonomy, in place, an identified risk can be assessed by the effected party and categorically ranked. An effective taxonomy will provide organizations with the flexibility to prioritize risks not only by department, but also by geographic regions, strategic initiatives, or adherence to frameworks like COSO, COBIT, and RIMS.

This kind of flexibility allows organizations to easily analyze a large amount of enterprise risk information, but it can be difficult to achieve without a formal risk management process and may not be obvious to organization facing a multitude of risks.

If your organization is faced with a challenge in reporting on risk assessment data, we invite you to watch our Streamlining Governance Video.

1 Comment

| Leave a comment

Congratulations on a beautiful and useful information

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the CEO and Founder of LogicManager. the recognized leader of enterprise risk management solutions and is also the developer of the RIMS Risk Maturity Model for Enterprise Risk Management™. LogicManager provides a common, intuitive software-as-a-service platform of scientifically validated enterprise risk management decision and diagnostic tools for more effective corporate governance, risk and compliance.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT