RISK

A comprehensive risk management strategy enables an organization to identify, assess, manage and/or mitigate various risks. It provides a method by which you can prioritize specific risks and determine how to allocate resources. As we all know, there are many types of risk, internal and external, that may impact operations. This week's articles address ways to deal with these various types of risk.

The combination of risk management and business continuity provides the level of resiliency that most organizations must achieve in light of the uncertainty that exists today. (Item #1)     To mitigate risk --- the possibility that something unpleasant or unwelcome will happen --- it's important for entities to have a thorough risk management strategy in place. (Item #2)     Rules and compliance can mitigate some critical risks but not all of them; active and cost-effective risk management requires managers to think systematically about the multiple categories of risks they face so that they can institute appropriate processes for each. (Item #3)    

Whistle blowing has negative connotations in many organizations but, if encouraged by management and handled sensitively, it can be an important tool for business continuity and risk management. (Item #4)     Given the stakes, it makes sense for organizations to try and learn as much as they can about DDoS ransom demands: what do they look like, how can businesses work out if their site is at genuine risk and how can they protect their online presence? (Item #5)     The 10 keys to managing reputation risk and how a company or institution addresses them will help shape the company's reputation over time. (Item #6)    

As always, I look forward to hearing about your concerns with regard to business continuity. If there are any topics that you'd like to see covered, email me at [email protected].

Bob Mellinger, President
Attainium Corp

1. Risk Management and Business Continuity: Improving Business Resiliency

Tackling today's risks requires an integrated and holistic framework with the capability to identify, evaluate and adequately define responses to the circumstances. For more and more organizations, this means adapting an enterprise risk management (ERM) model. ERM seeks to identify all threats---including financial, strategic, personnel, market, technology, legal, compliance, geopolitical and environmental---that would adversely affect an organization.
http://www.riskmanagementmonitor.com/risk-management-and-business-continuity-improving-business-resiliency/

2. Tips for Managing Your Company's Risk

Economically speaking, we're not in Kansas anymore (if you think of Kansas as a calm, quiet state where you know what to expect). From an economic perspective, we have been picked up, swirled around hundreds of times by a violent tornado, and have now been put in a wild and unpredictable world created by the Federal Reserve. This has completely changed the world of risk management.
http://www.investopedia.com/articles/personal-finance/072315/tips-managing-your-companys-risk.asp

3. Managing Risks: A New Framework

Despite all the rhetoric and money invested in it, risk management is too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. In this article, we present a new categorization of risk that allows executives to tell which risks can be managed through a rules-based model and which require alternative approaches.
https://hbr.org/2012/06/managing-risks-a-new-framework

4. The role of whistle blowing in business continuity and risk management

Daily, in every organization, corners are being cut, mistakes are being made and risky behavior is taking place. Most of this is of little consequence but sometimes the risk-taking becomes systemic, with corporate reputation and even business survival threatening consequences. These risks and their potential impacts are often invisible to senior managers and to the organization's business continuity team. They don't appear in the risk register and don't become visible during the business impact analysis, but they can have serious consequences. So the question is how to gain visibility of such risks once they reach a systemic level or when they threaten safety and security systems?
http://www.continuitycentral.com/index.php/news/business-continuity-news/979-the-role-of-whistle-blowing-in-business-continuity-and-risk-management

5. Dealing with the risk of DDoS ransom attacks

We are all familiar with the disruptive consequences of a distributed denial of service (DDoS) attack when a website is forced offline because it has been swamped with massive levels of traffic from multiple sources. The cost in terms of lost business to companies while their website is offline can be significant. Cyber criminals are now taking the process a step further by tying ransom demands to their DDoS attacks, threatening to keep company websites permanently offline until they pay up.
http://www.continuitycentral.com/index.php/news/technology/1029-dealing-with-the-risk-of-ddos-ransom-attacks

6. Ten Keys to Managing Reputation Risk

Reputation risk is the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion. With today's electronic media, the news cycle reporting on the downward spiral of a once-proud organization that has suffered severe reputation impairment is not a pleasant one to watch. This article explores 10 essential keys for managing reputation risk.
https://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-2-10-Keys-Managing-Reputation-Risk-Protiviti.pdf