Category Archives: Enterprise Risk Management

Immediate Vault Immediate Access

RIMS and ISACA Release Joint Report “Bridging the Digital Risk Gap”

Posted on by

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by the RIMS, the risk management society®, and ISACA®, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.

Digital enterprise strategy and execution are emerging as essential horizontal competencies to support business objectives. No longer the sole purview of technical experts, cybersecurity risks and opportunities are now a core component of a business risk portfolio.

buy lasix online www.arborvita.com/wp-content/uploads/2023/10/jpg/lasix.html no prescription pharmacy

Strong collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise.

ISACA’s Risk IT Framework acknowledges and integrates the interaction between the two professional groups by embedding IT practices within enterprise risk management, enabling an organization to secure optimal risk-adjusted return. In viewing digital risk through an enterprise lens, organizations can better realize a broader operational impact and spur improvements in decision-making, collabora­tion and accountability. In order to achieve optimal value, however, risk management should be a part of technology implementation from a project’s outset and throughout its life cycle. By understanding the technology life cycle, IT and risk management professionals can identify the best opportuni­ties for collaboration among themselves and with other important functional roles.

IT and risk management professionals both employ various tools and strategies to help manage risk. Although the methodologies used by the two groups differ, they are generally designed to achieve similar results. Generally, practitioners from both professions start with a baseline of business objectives and the establishment of context to enable the application of risk-based decision making. By integrating frameworks (such as the NIST Cybersecurity framework and the ANSI RA.1 risk assessment standard), roles and assessment methods, IT and risk management professionals can better coordinate their efforts to address threats and create value.

For example, better coordination of risk assessments allows orga­nizations to improve performance by iden­tifying a broader range of risks and potential mitigations, and ensures that operations are proceeding within acceptable risk tolerances.

buy arimidex online www.arborvita.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

It also provides a clearer, more informed picture of an enterprise’s risks, which can help an organization’s board as they make IT funding decisions, along with other business investments. Leveraging the respective assessment techniques also leads to more informed underwriting—and thus improves pricing of insurance programs, terms of coverage, products and services.

Overall, developing clear, common language and mutual understanding can serve as a strong bridge to unite the cultures, bring these two areas together and create significant value along the way.

buy sinequan online www.arborvita.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

The report is currently available to RIMS and ISACA members through their respective websites. The report can be downloaded through the RIMS Risk Knowledge library by clicking here or from ISACA at www.isaca.org/digital-risk-gap. For more information about RIMS and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org. To learn more about ISACA and its resources, visit www.isaca.org.

RIMS NeXt Gen Forum Offers Insights for Rising Risk Professionals

Posted on by

“We’re becoming numb to the news,” said risk management veteran and author Joseph Mayo. “We’ve seen a 1,200% increase in daily record loss in the last five years. Globalization has created faster-moving and infinitely more complex risks and that’s what we have to adapt to.

buy rybelsus online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

In his keynote, “Don’t Tell Me What I Know, Tell Me What I Don’t Know,” at last week’s RIMS NeXt Gen Forum 2019 for rising risk professionals, Mayo discussed environmental, social and governance (ESG) risk events and how they will continue to impact the risk management community, noting that a 1,000% increase in ESG events has occurred from 2010 to 2018 compared to each of the three prior decades. 

(Hear a preview from his RIMScast interview.)

Despite flaws in actuarial approaches and the challenges surrounding artificial intelligence such as bias and adversarial machine learning, Mayo said that the profession’s outlook is “not all doom and gloom.”

“The future of risk management is to make decisions with incomplete, inaccurate and obfuscated information,” he said. “We will have to embrace fuzzy logic because decisions need to be made quicker.

buy advair rotahaler online www.suncoastseminars.com/assets/top/advair-rotahaler.html no prescription pharmacy

We no longer have decades to develop actuarial models.”

Shortly afterward, Robin Joines of Sedgwick and Kristy Coleman of Turner Broadcasting System hosted risk management “Jeopardy!” While not quite as fast-paced nor as well-funded as the long-running game show, the hosts provided a forum for discussion and debate on explored topics from business travel etiquette and travel risk to communication and corporate politics. Discussing the images people project when they cross their arms, for example, while many agreed that it projects rigidity, one audience member cited a recent Wired video that reported it could also be considered a method of self-soothing rather than hostility or reservation.

Joines and Coleman were open-minded in their scoring and even led a quick tongue twister that kept the atmosphere light and fun. “Final Jeopardy” focused on public speaking, offering some practical speech delivery tips that would benefit any professional. For example, Joines said, “Talk from your knowledge base, and not from your note cards, and you’ll come across as confident.”

The forum closed with “You are Your Brand – How to Distinguish Yourself in Your Career,” presented by Kathleen Crowe, chair of the RIMS Rising Risk Professionals Advisory Group, and Steve Pottle, RIMS vice president.

Despite their differences in age and experience, the duo explained how their careers followed similar patterns. Neither presenter had begun on a risk management track, with Pottle starting out as a budding Canadian radio personality and Crowe initially expecting to work for an incumbent U.S. senator. Taking career risks brought them into risk management, and they shared lessons from their respective journeys that ultimately influenced them to be active leaders in their organizations and the industry at large.

One key tip of theirs was planning a personal goal that aligns with a long-term strategy of an organization, which can be an early indicator of a transition to a leadership role. From there, they said, you can build your personal brand regardless of your industry.

“Your personal brand lies somewhere in between how you see yourself and how others see you,” Pottle said. 

Click here for more NeXt Gen Forum coverage on the “Legal Checklist for AI Risk.” 

Click here for “Key Takeaways from RIMS NeXt Gen Forum 2019,” a special RIMScast episode produced live from the event.

New AMRAE Survey Explores RMIS’ Global Market Trends

Posted on by

Recently, the Association for the Management of Risk And Insurance of Enterprise (AMRAE) and EY jointly released the 11th edition of the RMIS Panorama, offering an in-depth look at the organizations and professionals who are using risk management information systems (RMIS), how well they have adapted, and guidance for those seeking their first or newest framework.

After surveying 570 risk managers and 36 vendors from more than 30 countries, Panorama’s authors note the top reported benefits from RMIS were the ability to spend more time analyzing (and not collecting) data, harmonizing practices and reducing silos. Of those who have adopted these systems, 47% are in the industry and services sector, followed by 31% in banking and insurance and 12% in the public sector.

Some other key takeaways from the report include:

  • 54% of risk managers already use an RMIS and report a 71% satisfaction rate.
  • Though a majority of risk managers said they wish to keep RMIS costs at less than €300,000, last year marked the first increase for RMIS budgets totaling more than €1 million (approximately $1.12 million). This trend was largely driven by activity in North America, and a 2% increase is projected for 2019.
  • Ease-of-use is still the main criteria for selecting an RMIS tool. The market is seeing an increasing demand for “ergonomic and advanced reporting” within the solution.    

According to the report (which can be found here in both English and French), there has been a 60% year-over-year increase in RFP solicitations for RMIS from the international risk management community since 2013. Francois Beaume, AMRAE vice president and VP of risks and insurance at Sonepar, said he expects the trend to continue and noted that the report can serve as impartial guidance to help risk professionals find the right RMIS vendor and system for their organization.

online pharmacy isofair with best prices today in the USA

The report also offers insight on best practices around the RMIS lifecycle from the original requirement design phase to the change management program following implementation.

“Our approach is based on two critical pillars – objectivity and neutrality,” Beaume explained. “As an increasing number of risk professionals seek their first or new RMIS models, they may need help selecting or even adapting them to their own methodologies.”

Panorama also explores the most requested RMIS modules, which range from risk mapping and incidents management to audit. Internal control and audit garnered high satisfaction rates among professionals, both exceeded 80% in cumulatively “meeting” or “exceeding” expectations.

Additionally, the report includes testimonials from six global risk managers on their experiences with RMIS.

online pharmacy avodart with best prices today in the USA

 For example, according to Susan Hiteshew, a RIMS board member and senior director of insurance for the Americas at Marriott International, RMIS systems provide a “one-stop shop for data aggregation, reporting and analysis” that “builds a single source of truth when making decisions.”

To fellow risk managers starting the process, Hiteshew advised, “Rather than reproducing work within the system, companies undergoing an implementation must begin with the end in mind and work backward to build and validate processes to realize the full RMIS value. This helps minimize the execution risk that can materialize and offset the system’s advertised value proposition.

online pharmacy lariam with best prices today in the USA

Francois Beaume was recently a featured guest on RIMScast to discuss the Panorama‘s findings and international market trends. Download the free podcast episode here

The Case for Strategic Risk Management

Posted on by

At last week’s RIMS 2019 in Boston, a group of risk professionals got together for the panel session “NextGen ERM: Strategic Risk Management” to discuss the advantages of strategic risk management (SRM) and the challenges to successfully integrating it into organizations.

buy reglan online medilaw.com/wp-content/uploads/2015/03/jpg/reglan.html no prescription pharmacy

The panel examined several major organizations that have taken shortcuts with training or even rushed to out-duel a competitor, failing to consider the long-term impact on strategy, reputation and market-share. Blockbuster, Kodak and Sears failed to innovate, and these once-thriving name brands are now prime examples of SRM’s benefits.

“Blackberry is one such company, but there are countless examples of organizations that have overlooked the long-term strategic impact of their actions,” said Marian Cope, owner of CopeRisk LLC.

Despite recent corporate missteps tied to failures in long-term strategic analysis, as recently discussed in Risk Management, risk professionals still face resistance to their SRM initiatives. “Demonstrating the value of SRM has to be a priority for risk professionals if they hope to gain buy-in from leadership,” said Rick Roberts, director of risk management and employee benefits at Ensign-Bickford Industries and a former RIMS president.

One of the value propositions of SRM—and an easy one for leadership to support—is the focus on taking advantage of risks that can accelerate the achievement of strategic objectives. “Artificial intelligence is an example of a disruptive technology that is impacting many industries. But, if your organization is aware of it, understands its usefulness and has developed a plan for it, it can give you a competitive edge,” said Marian Cope, owner of CopeRisk LLC.

But the case for an SRM initiative should not just be made with cautionary tales of organizations that did not use SRM. “Don’t just share failures, it’s also important to share SRM successes,” said Ellen Dunkin, senior vice president, general counsel and chief risk officer at Amalgamated Life Insurance Co. “Even Amazon and their business model that gives consumers almost instant access to their purchases has adjusted its strategy and started to open brick-and-mortar shops.”

According to the panel, the risk professional should ideally be involved in strategic planning from the get-go. “Some organizations have a chief risk officer that participates in the preparation as well as the strategic planning and decision-making discussions. Unfortunately, that’s not the norm,” Cope said.

The panel identified the next-best option for risk professionals, which is to work from the strategic objectives established by the organization. From there, they need to analyze the business model, identify, assess, and prioritize the risks that can derail or accelerate achieving the strategic objectives, facilitate the development of appropriate risk responses, and then align such objectives, risks, and risk responses with operations.

An effective SRM program will incorporate plans for a risk strategy, communications strategy, implementation, and training with the goal of integrating strategic risk management into decision-making processes. “The risk professional is going to require support from others in the organization too.

buy cymbalta online medilaw.com/wp-content/uploads/2015/03/jpg/cymbalta.html no prescription pharmacy

They’re going to need risk champions to vouch for them, as well as a final presentation that includes achievable and measurable deliverables that demonstrate the value of the process,” Roberts said.

SRM can be a stand-alone program or a component of ERM. Regardless, the panel noted that SRM is vital to the long-term success of organizations as alignment of strategy and operations results in the identification of opportunities to accelerate achievement of strategic objectives and prevents operational blunders that will trigger strategic risks (e.g., substantial reputational harm). Accordingly, SRM as a stand-alone program allows risk professionals to add more value while streamlining the process.

“SRM is the next generation of ERM and identifies external and strategic risks as opposed to the more granular view for ERM. It allows the team to bring the top 10 key risks to leadership, with a focus on the top two to three as opposed to overwhelming them with the full risk register that could include 100,” said Ellen Shew Holland, higher education practice leader for Hanover Stone Partners LLC and president of Strategic Risk Frameworks LLC.

Ultimately, the group agreed, SRM will help fully integrate risk management programs into an organization’s business model and the value should be evident in each positive step the business takes toward achieving its strategic objectives.

buy xifaxan online medilaw.com/wp-content/uploads/2015/03/jpg/xifaxan.html no prescription pharmacy