risk literacy

Four Ways to Strengthen Risk Literacy in Your Organization

Math is not my strong suit. I feel more at ease at the keyboard, weaving words together. That’s not to say I’m terrible at math. In fact, I passed a rigorous calculus course in high school, and I actually enjoyed business statistics. But those days are in the distant past, and I rarely have occasion…
Read More
external ERM resource

What to Look for in an External ERM Resource or Consultant

Extending on our theme from last week on the people side of ERM, I want to outline some things I think organizations should look for in an external ERM resource (a.k.a. “consultant”). Although I outline the skills and personal qualities of an effective ERM professional in a prior post, there are special considerations when looking…
Read More

Relationships: A Common but Fatal Mistake of Risk Management

The majority of articles on my blog focus on the process side of enterprise risk management. I’ve discussed at great length subjects like setting up an ERM program, risk identification, risk assessment, and more. However, the process and technical skills is only part of what goes into a successful, value-enhancing ERM program. If you’re like…
Read More
implementing ERM

The Hazards of Implementing ERM without a Plan

I cannot tell you how many times someone has asked me questions about random parts of an ERM program. The discussions range from basic concepts all the way to advanced topics. What is prompting the jumping between topics? It is typically these two things: Someone looked up ERM and saw some aspects, which looked really…
Read More
risk acceptance

One Tool for Informed and Responsible Risk Acceptance

As part of your daily life, you drive a car, walk down the street, ride in elevators, go swimming, have children. Correct? You live your life. Well, you are accepting risk in all of those things. In fact, having a home or renting an apartment also entails risk…fire, wind damage, snow or ice, tornado, earthquake,…
Read More
risk review

3 Ways to Avoid the Check-the-Box Trap in Risk Review

In both my experience and according to a white paper from PwC, a common ERM challenge is how an annual risk review becomes a check-the-box activity. It shouldn’t be this way… Regardless of the reasons, everyone from executives all the way down to entry-level managers and employees have enough “bureaucratic” burdens as it is. An…
Read More

Key Players for Successful Risk Identification

In order to have a risk management effort that ultimately “creates, protects, and enhances shareholder value,” you must first have a successful risk identification process. I’ve said it many times, and have heard it repeated elsewhere, that risk identification serves as the foundation for the entire risk management process…without it, the entire process is just…
Read More

GDPR Compliance Exposes Huge Interdependencies within Organizations

Now that some of the heat has died down on this topic, I thought it would be a good time to discuss observations about GDPR from an ERM perspective. Last month, the General Data Privacy Regulation from the EU was a hot topic. You undoubtedly received emails from your subscriptions and apps explaining that new…
Read More
Menu