negative events

risk controls

An Easier Way to Understand the Effectiveness of Risk Controls

KRIs, KPIs, ORSA, ISO, COSO…risk controls, risk owners, risk appetite. The acronyms, the alphabet soup, oh my! To anyone with little to no experience, risk management jargon can be dizzying and confusing, especially to executives who are often deluged with risk registers, reports, and processes that are overwhelming and not helpful for managing the organization…
Read More

Coronavirus Response Not Always About Minimizing Harm

Unless you have been living under a rock for the last couple of months, you have undoubtedly heard about COVID-19, a new type of coronavirus. In a daily report from the World Health Organization for March 9th, there are close to 110,000 reported cases worldwide. Sadly, the virus has claimed the lives of just over…
Read More

Be Warned: Impacts from Cyber Attacks Not Fully Insurable

In speaking with clients or other organizations, I’m often astounded by the response I receive when I ask about cyber-attacks. Too often, the risk professional or executive I’m speaking with says something like this – “Oh, we have insurance coverage for that…” This is cringe-worthy, like fingernails on a chalkboard cringe-worthy to me. Black Board…
Read More

Reputation: A Standalone Risk?

You can’t place a high enough value on reputation in today’s world. And executives understand this, especially after high-profile scandals shook companies like United Airlines, Wells Fargo, and others to the core. A recent report shows that corporate reputation is now responsible for 38% of market capitalization for the Financial Times Stock Exchange (FTSE) 100…
Read More
risk volume complexity

Organizations Across-the-Board Report Increasing Risk Volume and Complexity

In my first post analyzing NC State’s latest State of Risk Oversight report, we discussed how more organizations are designating a Chief Risk Officer. In this post, I want to take some time to discuss another significant observation from this year’s survey – the volume and complexity of risk. The ERM Initiative in partnership with…
Read More

Practicing ERM without a Formal ERM Program

Many of the ERM resources you encounter on my blog and elsewhere focus on elements of a formal program like developing a framework, establishing risk appetite, and more. We imply, at least indirectly, that your organization must have this formal structure in place before practicing ERM. However, this isn’t always the case… Double-take – why…
Read More
Menu