The concept of risk management—what it is and consists of—is something that is often misunderstood or misinterpreted. A big challenge many companies face is evolving the management of their risk and dealing with it properly as it changes. While risk itself is a recurring instance for most companies, the problem is not just dealing with different risks, but having a universal definition of what they are and also specifically having a risk identification plan.
Much like fire and early man, the Excel-based RCM-to-Assurance Professional relationship has seemingly been in existence since the dawn of time (or at least the dawn of Excel). Thankfully there is a better way to manage this critical element of your assurance process. And you can do it without having to sacrifice what made the Excel-based approach so appealing in the first place—structured data, demonstration of key relationships, management of key attributes.
One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.
If risk management is on your radar, take a look through the articles and insights below. They might just challenge your thinking…in a good way.
More than likely, you have a process for managing vendor relationships. You may even have a sophisticated process with a centralized vendor repository, risk assessments, due diligence, contract review, careful onboarding and ongoing monitoring. But how many of your employees know the process? And more importantly, how many of them understand how they fit in?
Identifying and managing risk within your own organization is challenging enough. When you add a diverse array of third-party relationships, the picture becomes exponentially more complex. Learn how Intarcia has taken control of vendor risk management with automation, structure and real-time reporting.
By Dave Hulsen, Co-Founder of RFP365 – Gardening is one thing, but what about our growing businesses and the third-parties we engage to help us flourish? As I thought about the numerous vendors we rely on, I started to think about what “pesky” vendors might be choking out our true partners (i.e. the ones that are truly critical to our success). If any of our vendors are increasing the amount of risk we manage to unacceptable levels, we need to identify them.
Managing risk within the confines of your own business is hard enough. When you tack on risk associated with vendor relationships, the complexity only grows. As business leaders, we have to carefully manage vendor relationships to protect our customers, employees and stakeholders, but the process can be daunting.
With each release, I make time to analyze the key features and perform updates across our full suite of Internal Audit, Risk Management and Compliance solutions. As I do this, I’ll be sharing my thoughts, ideas and insights here on the blog, if only to help spark ideas for our clients on how they, too, can use Onspring to the fullest.
One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.
When you develop software, there are many stages of the design phase that are highly critical to the final product. Too often, companies are in a rush to push feature releases or changes to their products that are “box checkers.” They’re trying to compare themselves to a competitor in a favorable light, without actually thinking about the problem in depth, or not considering things such as long-term performance and usability.
How does a financial services company launch an Enterprise Risk Management (ERM) program with a department of just a few? The Onspring team had the opportunity to work with an organization to help build their ERM program from the ground up. Now, with multiple years of data to review, the company has discovered tangible benefits, wide sweeping perception improvements and actionable data to facilitate change in the right direction.