Manage Tomorrow's Surprises Today

Steven Minsky

Managing Uncertainty: Escalating Unknown Knowns (Part 2 of 2)

user-pic
Vote 0 Votes

ERM Software in Action

path to risk managementAs discussed in part 1 of this blog series, many businesses do not formally recognize their critical risk networks. Without proper acknowledgment, fundamental risks remain essentially invisible. That being said, it's vital to create conditions that enable a useful risk management network to be formed and used across the enterprise. So, how does this "right" network of problem solvers form?

Relatively routine problems can be solved by rapidly created, temporary teams that are comprised of people from throughout an organization--not just from the specific area where the problem first occurred. This is necessary because seemingly straightforward problems can have widespread roots which require extensive institutional knowledge.

Expecting one individual to discern all information is daunting and lacks plausibility. Thankfully, due to ERM software systems, when given a sufficiently diverse portfolio of participants, companies can quickly identify the most complicated causal challenges.


Let's take an example.

Several business processes rely on a single key asset, either physical or software. The asset's vendor is managed by various departments: procurement, finance, vendor management, compliance, business continuity, and others.

If a news article announces an acquisition of that vendor, or worse, a security flaw found in their application, the connections between the vendor, product, and the business areas that rely on that product are rarely known by all of those different departments. As a result, the full impact of this announcement on separate users in different business silos is unknown. Ultimately, the aggregated impact is incomprehensible.

With ERM software, a built-in risk taxonomy automatically relates impacted silos, and prioritizes such an impact between silos. Furthermore, ERM software identifies each stakeholder in the process, alerts them of the change, and reports the combined threat's impact to the appropriate level of the organization that makes decisions, allocates resources, and approves mitigation activities. Overall, ERM software tracks and reports each piece both individually and collectively until completion.

Risk management understands that informal business networks are valuable (albeit in unpredictable ways), and that they can be fostered to identify weaknesses within institutionalized procedures that trigger cyber breaches and other risk events.


Watch this Chief Risk Officer take action and share his results. Then, download our free eBook on integrating risk information across business areas with a risk-based risk management program.


Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the author of the RIMS Risk Maturity Model for Enterprise Risk Management and CEO of LogicManager, the recognized leader of enterprise risk management solutions. LogicManager provides an integrated, intuitive software-as-a-service platform that helps companies make better decisions through risk intelligence for more effective corporate governance, risk and compliance management.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT