We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

How ERM adds Context to Governance, Risk, and Compliance (GRC)

Vote 0 Votes

The Baker/baker complex, as illustrated in Joshua Foer's Moonwalking with Einstein, states that if you ask one person to remember a baker and another to remember a man named Baker; the person asked to remember the proper noun will struggle far more than the person asked to recall the bread maker.

Same word, two very different outcomes because one provides your memory with context, while the other floats independently, devoid of the connections and methodology that improve our recall.

At LogicManager, we're often asked how Enterprise Risk Management relates to the broader category of Governance, Risk & Compliance software. Why isn't ERM just a component of the GRC, rather than the solution itself? The answer is that governance programs can benefit from the context that an Enterprise Risk Management methodology provides.

The GRC Software Challenge...

The challenge that most GRC professionals face is in how to communicate cross functional information between silos. When departments like vendor managementbusiness continuity, or IT governance are operating independently; they are devoid of context and standardization, which impairs decision making. Is it more important to secure additional suppliers, or to sure up IT infrastructure? How does a failed business continuity test effect the priorities of the other two functions? These types of questions go unanswered because the business doesn't have a means of comparing or contextualizing silo specific information.

Enterprise Risk Management is a methodology that provides that context.

... and ERM's Solution

ERM works because risk is the underlying link between GRC functions. If we recognize that each silo's function - regardless of whether its labeled risk, compliance, or governance - is actually working to mitigate a subset of the organization's enterprise risk, we suddenly begin to see commonalities and realize efficiency that results in bottom line value.

The job of an ERM or GRC software is to provide the tools to execute these types of activities at the tactical level, while ensuring the methodology is in place to aggregate this information and compare it across silos.

To read how an risk based approach can assist another governance area, visit our blog on the relationship between Risk & Compliance, or request a demonstration of LogicManager's all-in-one ERM Platform.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives