We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Are Risk Assessments a Waste of Resources?

Vote 0 Votes

Risk Assessment TemplateWhere are there more homicides? Detroit or Michigan?

Most people would say Detroit, even though every murder in Detroit also takes place in Michigan. Our initial impressions, even those we have the utmost confidence in, can quickly and easily lead us astray. Avoiding such misconceptions is the value that risk assessments provide ERM programs.

Many risk managers we hear from rightfully criticize risk assessments designed around impact and likelihood to be too subjective, high level, and "fluffy" to provide meaningful analysis. These are accurate criticisms if high level risk assessments are the first and last step of your ERM process, but true Enterprise Risk Management encompasses a great deal more, such as the monitoring of incidents & key performance metrics, development of controls and contingency plans, as well as the integration of governance functions like vendor management and business continuity.

Those that recognize the need for ERM to encompass more than risk assessments are likely to ask: If risk assessments are only a small piece to the puzzle, why then is it even necessary to conduct them?

That is where perception vs reality come in. Higher level risk assessments, when conducted with a standardized assessment criteria and evaluation template, are designed to align organizational priorities and point you to the risks and controls that require more detailed analysis and monitoring.

The problem is organization's resources are limited, and conducting deep analysis of all enterprise risk is both resource intensive and ineffective. But as we've shown, using intuition to determine the most critical business areas and functions is also a risky assumption.

Risk assessments provide a method for risk owners to elevate their concerns so that they can be handled appropriately and escalated in accordance with their relative risk. Even the process of relating risks to strategic objectives can unveil hidden dependencies and leading indicators that would have otherwise slipped through the cracks.

Their role in formalizing priorities is why Risk Assessments are one of the most critical first steps in establishing an ERM process.

For the Risk Management programs that have moved beyond risk assessments, we encourage the more holistic, detailed analysis that accompanies all mature ERM programs. Be wary, however, of the trap that bypassing these assessments can have.

Risk assessments are not a waste of resources, they're a more effective way of allocating them.

Just beginning to formalize your risk assessment process? Download our free Risk Assessment Template or eBook on 5 Steps for Better Risk Assessments.

Enhanced by Zemanta

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives