Risk Appetite and Risk Tolerance – Which Definitions Do You Use?

In follow up to our recent article on handling risks that exceed the company’s appetite, we would like to share this perspective from our friend Hans Læssøe on this complex and controversial topic. Hans’ article below describes how the world’s leading risk management standards, COSO and ISO 31000, have differing definitions on risk appetite and…
Read More

5 Tips to Making Board Risk Reports Meaningful Tools for Decision-Making

The year is flying by as we’re well into the second quarter already. Q1 board risk reports should be done, assuming your company prepares one quarterly, and you are likely getting ready to prepare a midyear update. As I discuss in The Ultimate Primer for Effective Risk Reporting, board risk reports serve a dual purpose……
Read More

Finding the Right Talent for Understanding Uncertainty

I don’t particularly like discussing the coronavirus pandemic; it seems like the topic is pretty worn out, but for organizations of all types and sizes, the pandemic and governments’ response to it over the last year blew the lid of uncertainty wide open. Now it’s not that 2020 ushered in the age of uncertainty –…
Read More

3 Steps to Handling Risks that Exceed your Company’s Appetite

As I and others repeat often, it is impossible to manage every risk. Doing so is counterproductive and leads to even more problems than it solves, including preventing your organization from achieving its goals and objectives. Here is the truth: life is about choices and resources (time, financial, etc.) are scarce. Risks are no different.…
Read More

11 Tips to Effectively Conducting a Virtual Risk Assessment Workshop

The onset of the COVID-19 pandemic just over a year ago sent companies scrambling to shift their operations to remote work as much as possible. Although working from home has been a growing trend for many years, the pandemic undoubtedly accelerated it dramatically. Response has been positive with significant numbers of both employers (83%) and…
Read More
signpost analysis

Signpost Analysis – An Easy Way to Anticipate Long-Term Risks

With information and other demands for our attention bombarding us each day, it can be hard to think about the long-term. As a growing number of examples show, ignoring long-term risks to strategic objectives can be devastating, especially considering the world of Volatility, Uncertainty, Complexity, and Ambiguity (VUCA) we find ourselves in. While discussing the…
Read More

ERM for Small and Midsize Business: It’s Just NOT the Same

We’ve all heard it from politicians and the press, but it’s true – small and midsize business (SMB) constitutes the lion’s share of the economy. They account for 64% of new jobs created in the U.S. and over 90% of the “business population” according to this report. Gartner defines small businesses as those firms with…
Read More
recommendations

3 Questions to Consider if Management Rejects Recommendations Due to Cost

Occasionally, I examine local or national events with a risk lens to see what went right and wrong, such as this example of poor vendor risk management in my local community. Doing so can help us better understand areas we may need to improve in our own organizations to avoid similar consequences. Quick Synopsis of…
Read More
ERM standards

Making Sense of ERM Standards in a Volatile and Dynamic Environment

When we are new to something, our natural tendency is to seek out well-established, reputable sources for guidance. As a yummy example, once upon a time, I decided I wanted to make my own homemade chocolate chip cookies. My first step was to refer to the recipe on the back of the bag of Nestle-brand…
Read More

Performance-Focused Risk Management: Tying It All Together

Today’s article is a reprint of the last of four guest editorials originally published in The Demotech Difference, a journal targeting small- to midsize property and casualty insurance companies. The first three articles in the series delved into the foundations of building a performance-focused risk management process, specifically the importance of culture, identifying the company’s…
Read More

Meet Carol

​As an enterprise risk management consultant, my goal – and a real passion! – is ensuring companies have the tools they need to identify and properly manage threats and opportunities to business objectives ... Read More

Get our latest blogs directly in your inbox!

Menu