We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

How ERM Integration Creates Efficiencies

Vote 0 Votes
linking topics_people.jpg

Lack of transparency makes risk, performance and compliance information hard to discover, collect and maintain. Within every organization, governance areas are conducting activities, each based on different assumptions with different standards, all of which contain a risk component.

While these are typically not thought of as risk activities, when the responsibilities of each governance area are compared to a risk based process - identifying & assessing, mitigating, and monitoring - you find that the activities within vendor management, business continuity, financial reporting compliance, etc. are actually exercises in risk management.

An example of risk intelligence that collected in these silos are the Business Impact Assessments (BIAs) and Vendor Assessments conducted by the Business Continuity and Vendor Management departments within your organization.

These activities often necessitate overlap, especially when BCP/DR is tasked with identifying the key vendors that must be utilized in a disaster recovery scenario. Both groups might take on the exercise in identifying vendor relationships to core business processes, with a vastly different set of assumptions, without ever leveraging the expertise of the other business area.

When risk activities (like Business Impact Assessments and vendor due diligence) are carried out on the same standards and assumptions and thought of as a common framework, they can be compared and utilized cross-functionally. Business Continuity Managers and Vendor Management will have a common language to use when identifying critical vendors to the disaster recovery process.  Since these activities are already taking place anyway, no new work is added, the standardization in language has allowed both groups to be more efficient and utilize the expertise and insight of the other business silo.

Few organizations operate in this manner because functions track their data in their own spreadsheets with standards they've developed for their specific business silo. Knowing which vendors are considered critical by business continuity makes vendor managers better at their job, and likewise in the opposite direction. It also decreases time spent on tactical activities, freeing these groups up to focus on the strategic elements of their profession that make them most effective.

To learn more on how to develop an ERM framework, check out the complimentary ebook titled '5 Key Principles for an Actionable ERM Framework.'

Enhanced by Zemanta

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the author of the RIMS Risk Maturity Model for Enterprise Risk Management and CEO of LogicManager, the recognized leader of enterprise risk management solutions. LogicManager provides an integrated, intuitive software-as-a-service platform that helps companies make better decisions through risk intelligence for more effective corporate governance, risk and compliance management.

Recently Commented On

Monthly Archives