Tag Archives: enterprise risk management

Immediate Vault Immediate Access

4 Steps to Help Organizations Embrace Risk from Emerging Technology

Posted on by

As companies continue to navigate the changing work environment brought on by the pandemic, it has become clear that business leaders will need to get comfortable revising and adapting their strategies to deal with disruption brought on from new technologies and new regulation. As risk management professionals, these rapid changes have made our job more important than ever to our organizations.

online pharmacy sildalis with best prices today in the USA

Yet the majority of our organizations—particularly in C-suites—remain far from giving risk management experts the seat at the table they need to effectively safeguard against enterprise threats, digital or otherwise.

Data from PwC’s Global Risk Survey 2022 shows that executives are starting to recognize these risks: 79% of executives report that they view the breakneck speed of digital transformation as a significant risk management challenge. Moreover, this renewed focus is translating into increased funding, as 65% of organizations are increasing their spending on risk management technology and 56% said they planned to invest in risk culture and behavioral risk in 2022.

online pharmacy mobic with best prices today in the USA

Unfortunately, the survey also found that too many organizations are treating the risk function as an add-on or incorporating risk leaders into strategic conversations too late. Only 39% of business leaders reported adding risk professionals to decision-making processes early, which should be an essential step for executives seeking to minimize risk from the outset. On a broader scale, executives seemed to lack confidence in risk managers, with only 47% of respondents saying they feel “very confident” in their risk function’s ability to build a more risk-aware culture, a key element of any successful risk-focused company.

Particularly as companies invest in emerging technologies, business leaders need to listen more to their risk and compliance functions and integrate them into conversations about how those technologies will be implemented. Artificial intelligence is a great example: when companies rush to implement systems to accelerate efficiency and analyze trends, they risk creating disproportionate bias and violating personal privacy through data sourcing. Risk professionals need to be at the table from beginning to end to make sure that an evolving regulatory environment and other pitfalls are fully accounted for in the organization’s implementation process.

While investment in risk management technology is helpful, it is insufficient without making structural changes to the organization to prioritize the risk function company-wide. Particularly as companies consider adopting emerging technologies, the following steps should be considered not just by risk management professionals, but across the C-suite:

  1. Identify, categorize, and prioritize technology risks across the company. This should be done on a regular basis by a dedicated risk management team, married with the best tools available, with findings routinely reported back to senior leaders. Companies are on the right track here: 65% plan to increase their technology spend this year across data analytics and process automation to support detection and monitoring of risks. This initial step will lay the framework for the establishment of cyber threat intelligence, systems monitoring, and incident response protocols.
  2. Adapt IT governance to the emerging technologies being adopted. Risk professionals should work with IT teams and company leadership to create governance structures that integrate seamlessly with corporate strategy, allowing for alignment of day-to-day operations, effective decision-making, a framework for best practices, and promotion of investments that enhance business objectives.
  3. Update leadership often on the emerging tech regulatory landscape. Whether across data privacy rules, cyber reporting requirements, or other complex technology challenges, a robust compliance program should keep leaders across the company updated as new technologies are implemented. Otherwise, companies risk run-ins with legal authorities and the erosion of trust from their clients and customers.
    online pharmacy cymbalta with best prices today in the USA

  4. Set expectations with leadership that not all risks are one and the same. Understanding the context around each piece of technology will become imperative to understanding its specific risks and the appropriate response strategy, including the maturity and complexity of the business processes to determine true risk to the company. Inherent in this case-by-case evaluation is an understanding of the company’s risk appetite and criteria for acceptable level of risk.

When adopted purposefully, emerging technologies can make companies more efficient, more profitable, and better stewards for their employees, clients and communities. Risk is often unavoidable for early adopters of emerging technologies, but it can be mitigated if C-suites equip their risk functions with a holistic strategy and a voice in key business decisions. As C-suites and organizations seek to adapt to a changing world, their success will hinge on the extent to which risk management is incorporated into their strategies.

RIMS ERM Conference 2021: IRS Receives Global Enterprise Risk Management Award of Distinction

Posted on by

On Friday, RIMS President Ellen Dunkin presented the Internal Revenue Service (IRS) with the 2021 Global Enterprise Risk Management Award of Distinction at the Society’s ERM Conference in New York City. The honor recognized the IRS’s outstanding achievements that allow it to anticipate emerging risks and establish the appropriate culture, processes and structures to strengthen strategic decision-making. 

Navigating the impacts of an extended government shutdown, sweeping tax reforms, operational disruption due to the COVID-19 pandemic and providing essential financial relief to thousands of businesses and individuals across the United States, the IRS ERM program helped the agency to remain resilient and effectively manage a multitude of dynamic challenges.

“Through the ERM program’s focus on embedding risk management capabilities into the existing structures and operations, the agency has become more risk aware,” said Jeffrey Tribiano, the IRS’s deputy commissioner for operations support. “There is also greater collaboration across the enterprise to address significant risks that require efforts from multiple business units. By effectively highlighting the enterprise-wide effects of risks, and by capturing risks on the enterprise risk profile, ERM has helped garner agency-wide attention and support for measures to help address the risks. Since IRS established its ERM program in 2014, it has played a critical role in helping the agency to better understand and respond to risk, thus making the organization more resilient and better able to serve the American people.” 

This year, RIMS honored three other organizations for their exceptional accomplishments developing, implementing and maturing ERM within their organizations. Honorees included:

  • 2021 RIMS Global ERM Award of Distinction Honorable Mention: Dallas Fort Worth International Airport
  • 2021 RIMS ERM Award of Distinction–U.S. Honoree: Eversource Energy
  • 2021 RIMS ERM Award of Distinction–International Honoree: EuroChem

“Enterprise risk management continues to deliver exceptional value to organizations, allowing them to successfully address emerging risks while also identifying and leveraging opportunities that might not have otherwise been apparent,” Dunkin said. “Risk professionals get better—and deliver better results—by learning from each other. We are so grateful to the IRS and all of honorees for sharing their ERM journeys with the RIMS community and doing their part to advance this rewarding profession.” 

Judging criteria for the Global ERM Award of Distinction include measurable, tangible and sustainable results; unique program strengths; ERM innovation that links risk with strategy or performance; and the program’s ability to build sustaining risk management capabilities. The panel comprises members of RIMS Strategic and Enterprise Risk Management Council.

RIMS ERM Conference 2021 was held November 11-12 in New York City and virtually. The program themed “ERM in an ESG World” focused on the growing risks stemming from environmental, social and governance challenges.

RIMS ERM Conference Preview: Q&A with Keynote Dr. Andrea Bonime-Blanc

Posted on by

This year’s RIMS ERM Conference will be held virtually on November 4 and 5, 2020, promising two days packed with informative sessions featuring global risk leaders. The conference kicks off November 4th with a live keynote delivered by Dr. Andrea Bonime-Blanc, founder of GEC Risk Advisory and the author of Gloom to Boom: How Leaders Transform Risk Into Resilience and Value. She will also answer questions from the audience during a live session on November 5th.

Andrea Bonime-Blanc

Dr. Bonime-Blanc recently appeared on RIMScast to discuss her upcoming keynote; the role technology has played in environmental, social and governance risks (ESG); and what risk practitioners must do to succeed today. Check out some highlights below, and download RIMScast episodes 100 and 101 for a deeper dive with Dr. Bonime-Blanc into topics such as diversity, strategic risk management and ways ERM practitioners can generate and retain value. If you’d like to watch her keynote and join RIMS for the rest of the ERM Conference 2020, registration is now open for all attendees.

How did you first begin using and implementing ERM in your career?

Dr. Andrea Bonime-Blanc: I was the general counsel of a startup within a much larger utility company, and we were the global division that was going all over the world in the mid- to late-1990s and early 2000s looking for electric power generation distribution opportunities. I became the risk manager because…[someone] needed to put the risk hat on. We ended up creating programs, policies, procedures to really perform risk management. Building power plants in the middle of the jungle of Colombia or negotiating a joint venture with a Chinese government corporation running a coal mine in northern China presents a number of risks.

When did you notice how vital it was to “wear the risk hat”? 

AB-B: I’ll give you the example of an environmental, health and safety risk: When I was at PSEG, we went into a lot of different countries, including at least six or seven major Latin American countries that were privatizing their electric assets. There were competitions to acquire those assets in the first place, which created a whole bunch of risks from a standpoint of fraud and government corruption. I supervised the legal teams, and also led audit and finance teams. We had utility folks who understood the environmental, health and safety aspects of the assets we were looking at. There were cross-functional and cross-disciplinary teams that would work with the legal department and the general counsel’s office to figure out the risks involved with acquiring those potential assets. It showed how ERM done properly provides that way of collating and collecting really important, strategic information that is necessary at the highest levels of an organization.

How can diversity—of people and perspective—influence ERM in an organization?

AB-B: ERM is a collaborative process. It requires many different minds. A good ERM program will draw upon the knowledge of other key people and functions within an organization. If it’s a standalone program, it won’t work. Drawing on the knowledge and expertise and experience of your colleagues in different parts of the organization is crucial. Likewise, ESG plus T is all about understanding your non-financial issues as well as the risks that will have a financial impact.

You noted the addition of “T,” which stands for “technology”—why is technology so integral to ERM now, and how does it tie into your keynote?

AB-B: The technology piece has become so overwhelming, so suffusing, so minute-by-minute for us in the world that we live in—whether it’s negative like cyberattacks, or positive things, and there are so many other issues in between. We’re just starting to scratch the surface of both the negative and the positive in these technology issues.

Risk professionals have a role to play in creating the information that reaches the management and the board, and building a risk savvy culture. This includes building ERM that is integrated with the strategy of understanding the ESG+T issues that are part of your business, and how you integrate with crisis management and business continuity, for example. These are all pieces of the resilience model that I will share at the end of the keynote. It is something that risk professionals really need to understand, because it not only liberates you from your silo—if you’re in a silo—but it also demonstrates your value to the rest of the organization.

How to Leverage Risk Management to Influence Positive Business Outcomes

Posted on by

Business strategy and risk management occupy separate spaces in most organizations. Business strategy sits at an enterprise or executive level, but risk management usually functions at a tactical and operational level. A chasm often exists between the two groups, removing important risk-based context from pivotal business decisions.

To bridge the chasm, risk management professionals must demonstrate to business leaders the value of the information they possess for one primary reason: the long-term growth and good of the business. Risk management today, bolstered by advances in technology, contains vital data that can inform executive decision-making to support business strategy, reduce risks and ensure long-term growth. To that end, risk management professionals need to take four steps.

1: Understand Enterprise-level Objectives, Outcomes, and Metrics.

buy xtandi online orthomich.com/img/blog/jpg/xtandi.html no prescription pharmacy

Objectives might include increasing revenue, launching a new product or providing customer support in a timelier fashion. These objectives are strategic in nature and can be broken down into specific business outcomes such as increasing production by a certain percentage or publishing a set number of technology upgrades or enhancements each year. The business outcomes, in their own turn, are tracked and measured using business metrics.
buy lexapro online orthomich.com/img/blog/jpg/lexapro.html no prescription pharmacy

2: Correlate Business Objectives with Risk Management Activities. Risk management professionals can assess how enterprise-level concerns correlate to what risk management is doing on a day-to-day basis. This requires a distinct shift in perspective, since activities such as conducting risk assessments, establishing controls to mitigate the impact of risks and assessing residual risk—while incredibly important for risk managers—do not directly tie into the enterprise’s business objectives and strategies.

3: Establish Leading Key Indicators that Tie to Business Outcomes. Risk management personnel need to establish a leading key risk indicator (KRI) that has a direct relationship with the desired business outcome. Typically, key indicators tend to be lagging in nature, such as tracking the number of cyberattacks that happened over the past quarter. This is useful information, but it is not effective in influencing business metrics or business outcomes. A leading indicator, in contrast, is one which provides advance notice of a situation before a risk event is experienced so that action can be taken to avoid or mitigate the impact of the event.

4: Present Metrics that Support Decision-Making.
Risk management professionals must also present these metrics in such a way that it supports decision-making by the target audience. In particular, risk metrics and key indicator need to be presented in their business context and in a manner that drives action.

buy rotacaps online orthomich.com/img/blog/jpg/rotacaps.html no prescription pharmacy

When a risk metric or key indicator shows that action must be taken to avoid loss or achieve gain, it becomes valuable to business leaders and decision makers.

Driving value related to business strategy requires both time and commitment on the part of risk management professionals. Once that value is proven, target audiences will begin to rely on and request KPIs and KRIs to support decision-making. They will understand the relationships between risk metrics and business outcomes. With this deeper understanding, risk management will no longer be viewed solely as an operational risk mitigation function. It will also be seen as a strategic function that contributes vital intelligence necessary for the long-term growth of the enterprise.