Who is in charge of managing risk in your organization? Or perhaps we should ask who's responsible... who's going to get the blame if things go wrong? The best approach to risk management is to develop an integrated program to which all parts of the organization - not just the C-suite, not only the risk management committee - contribute. The best results occur when everyone, from the Board of Directors on down, steps up and helps ensure that nothing falls through the cracks. Perhaps this week's articles can help you begin to put such a process in place.
While the concept of risk assessment may seem daunting, especially to an organization without a formal ERM program in place, a recent report points out that the process has many positives.
Proper risk management will reduce not only the likelihood of an event occurring, but also the magnitude of its impact.
The next level of risk management requires the organization to embrace a culture of disaster preparedness.
Most big hits to shareholder value result from strategic and operating risks.
Risk planning is critical, but it won't safeguard your project or your data or your customer from everything.
You need to have the entire board responsible for risk management instead of just delegating this to an audit or a risk committee.
As always, I look forward to hearing about your concerns with regard to business continuity. If there are any topics that you'd like to see covered, email me at
Bob Mellinger, President
1. Risk Management: Increasingly Important and Vastly Underused
As the economy becomes more complex, organizations find themselves confronting an increasing array of risks that can significantly--and negatively--affect their businesses. There is a need for the development of risk management leadership--particularly in light of the many types of risk an organization might face. Sixty percent of organizations acknowledge that they face an increasing number of risk issues, yet less than 35 percent have a formal enterprise risk management (ERM) program in place.
2. Risk Management: The What, Why and How
Risk Management Systems are designed to do more than just identify the risk. The system must also quantify the risk and predict the impact on the project. The outcome is therefore a risk that is either acceptable or unacceptable. The acceptance or non-acceptance of a risk is usually dependent on the project manager's tolerance level for risk.
3. Crisis Management & Contingency Planning: The Next Level of Risk Management
Whether the issues involve insurance or non-insurance risk management, most experts agree that the first stages of planning should focus on reasonably foreseeable loss scenarios. Fortunately there are many resources that can help associations identify those loss scenarios both in terms of frequency and severity. The next level of risk management is more challenging, more time consuming and more complex but no less important.
4. How to Live with Risks
There's a problem with managing risk retrospectively: It's a variation on what military historians call "fighting the last war." As memories of the recession fade, leaders worry that risk management policies are impeding growth and profits without much gain. "Firms are questioning whether the models they put in place after the financial crisis are working--and more fundamentally questioning the role of risk management in their organizations," says Matt Shinkman of CEB.
5. The challenge of project risk management
Risk management. Security. It's a myth. We can analyze risk for a year for a two-month project and we still couldn't cover everything. We could build the best security possible...and if someone wants in there is always someone out there who is good enough and skilled enough and bad enough to do it. There is no such thing as a sure thing.
6. Why Getting Directors on Board with Risk Management Matters
When the idea of corporate risk management only related to financial risks, it was simple to see where on the org chart responsibility for it should fall. In today's business world, it's much more complicated, and regulators have been pushing boards to do more oversight. Fundamentally, what we're looking at is whether board oversight of risk management actually makes any difference at all.
Quote of the Week:
"There was an important job to be done and Everybody was sure that Somebody would do it. Anybody could have done it, but Nobody did. Somebody got angry, because it was Everybody's job, but Nobody realized that Everybody wouldn't do it. In the end, Everybody blamed Somebody when Nobody did what Anybody could have done."