Tag Archives: ERM

RIMS Report: Making Sense of AI

Posted on by

The risk of not adopting some form of artificial intelligence (AI) can be much greater than the potential risks of implementation according to the new RIMS Professional Report: Making Sense of Artificial Intelligence and Its Impact on Risk Management.

Authored by RIMS Strategic and Enterprise Council member and director, Microsoft Enterprise Risk Management Tom Easthope, the report explores forms of AI available to organizations, common implementations scenarios for risk professionals to consider, as well as opportunities for those professionals to advance their careers in light of the emergence of AI technologies.

“While the discussions about the long-term impacts of artificial intelligence on society are important to understand and track, the more pressing issue is to understand the impacts on your industry, your organization and, ultimately, your career,” Easthope said.

buy antabuse online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

“Risk professionals should find ways to participate in strategic discussions around AI and educate themselves on the world of possibilities it offers them and their organizations.”

The report explores AI’s foundational concepts, such as data and algorithms. It also discusses forms of AI, such as artificial general intelligence, (often referred to as “thinking machines” along the lines of C-3PO from the “Star Wars” films) and artificial narrow intelligence (ANI) which focuses on tasks that have major business impacts, including image recognition, credit card fraud detection and speech recognition. Citing research that AI-derived business value will be worth $3.9 trillion in the next three years, ANI presents risks and opportunities for risk professionals and their companies.

And while the report suggests that changes introduced by AI innovation and automation will impact jobs and tasks in the risk, compliance and insurance industry, it also presents methods to keep professionals less expendable, if they’re willing to embrace the technology.

buy rybelsus online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

“But while change is inevitable, it does not mean that your risk career must end,” the report said. “Essentially, if you understand the organization’s strategy and how it can enhance its operations with ANI or the context around data, then you have something to offer.”

RIMS Strategic and Enterprise Risk Management Council (SERMC) is organized to provide leadership on strategic and enterprise risk management research, practices, topics and issues, in alignment with RIMS’ vision, affiliations and partnerships. SERMC comprises RIMS members, academics, strategists, consultants and other practitioners who are experienced with strategic and enterprise risk management and related issues.

buy robaxin online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

The report is currently available exclusively to RIMS members. To download the report, visit RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. For more information about the Society and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Seven Qualities of an Impactful Risk Register

Posted on by

You might have resolved to tidy up some processes and press the “reset” button on your risk register in the new year. Whether you’ve started a new position, want to improve your company’s operations or just overhaul your existing register, the basic foundations are out there.

Demonstrating their altruistic nature, many RIMS members have been offering their insight to those seeking suggestions – even going so far as to send their Excel sheet registers. Here are some criteria for your X and Y axes, culled from the OPIS network and existing resources on Risk Knowledge. While they are by no means a finite list, they can act as building blocks for your new template or register.

buy keflex online desiredsmiles.com/wp-content/uploads/2023/10/keflex.html no prescription pharmacy

  1. Exposure. Define the imminent or possible risk event.
    buy lipitor online desiredsmiles.com/wp-content/uploads/2023/10/lipitor.html no prescription pharmacy

    Examples could be a data breach or earthquake.

  2. Risk Category. Itemize by who or what was affected by the exposure. Employees, property, locations, and systems are some examples.
    buy trazodone online desiredsmiles.com/wp-content/uploads/2023/10/trazodone.html no prescription pharmacy

    If the exposure was public-facing, be sure to include your customers and shareholders.

  3. Cause of Loss. In addition to simply entering the risk origin, also detail whether it was on the radar or completely unforeseen. You might choose to add subcategory (or row) if necessary to document the specifics.
  4. Consequences (Primary and secondary). While many exposures impact the bottom line, it might also include damages to systems, infrastructure, and absences. There are other consequences that are tougher to quantify, such as reputation and employee morale. Subcategories for secondary (and tertiary, and possibly beyond) might be necessary.
  5. Target Risk Level. Driven by each company’s risk appetite level, the target risk level should be the mitigated level. “For example, risk appetite for strategic can be 4 (out of 5), operations 3 and safety 2,” wrote one member on an OPIS thread. “Therefore, any risk should be mitigated to the acceptable risk appetite level within each risk category – hence, a safety risk of 4 needs to be mitigated to a 2 level.”
  6. Expected Losses and Gains. Establish value to the projected outcome. There is certainly a downside risk to natural disasters, particularly where injuries, casualties, and property damage are concerned. But not all risks will be negative; selecting a new cybersecurity system, for example, may have costs but also estimated savings.
  7. Assignee. Just because you are the risk manager does not mean you are responsible for solving all the problems or having all the answers to each risk. A data breach would typically be assigned to the IT leader. However, depending on the size and structure of your organization, you might be the de facto authority on certain exposures, such as emergency preparedness and natural disasters. In those cases, enter your own name and get ready to act.

As stated earlier, these qualities are just starting points as you build your register – you should customize it to your organization and personal preferences.

When reflecting upon the makings of the risk register, one member said that the most critical issue was not the format, but rather “the dialogue that surrounds the register,” adding that “the discovery and discussions were what made that part of the ERM activity useful. Of course, having a nice means of communicating it makes it easier to focus the dialogue.”

RIMS also offers suggestions for ERM programs. Visit the OPIS network to get feedback from members and Risk Knowledge for resources such as the ERM Starter Risk Log Template.

RIMS Report: Establishing and Communicating ERM

Posted on by

Recent trends indicate that management is being consulted more than ever by executives and boards who are looking for information that can aid in decision making. This has moved the value of enterprise risk management (ERM) to the forefront, to give the board an overall view of the risks the company faces.

A report just released by RIMS, Risk Communication to the C-Suite and Board of Directors: Visualizing Enterprise Risk Management Information, explores ERM and offers risk managers strategies to use to determine what they report to decision-makers.

According to the report:

“Without robust information about risk, directors cannot offer effective oversight. Therefore, management should carefully evaluate the format and purpose of board risk communication with consideration to risk governance responsibilities, risk appetite, and the intersection between risk and strategy. This process also ensures that the risk information is of value to the management team as well and not simply ‘paperwork.’”

In order to be proactive, boards have expressed the need for specific information, the authors noted, but with “understanding of risks” and “oversight of risk management” cited as the most important areas for board improvement, “risk managers need to be strategic in the way they disseminate information. What you pass along should be presented carefully so that an executive can easily understand and prepare to translate for stakeholders.”

The professional report highlights information from the National Association of Corporate Directors (NACD), the most recent COSO ERM Framework, and the Corporate Executive Board (now Gartner). Backed by that data, the authors discuss where ERM stands today and, by offering various engagement models and maps, provide suggestions and options for determining:

  • Which executives should receive the information.
  • How to craft the message.
  • Delivery methods.
  • Additional sources of key risk management information.

“In developing a system for delivering key risk information to the board, it must be stated that ERM is not a prescribed science,” the authors wrote. “No two organizations will have the same approach or process for determining what defines key risk information or how it should be delivered.”

The report is co-authored by Julie Cain, senior strategic advisor, information and technology risk management at the Educational Testing Service; Christine Novotny, ARM, RIMS-CRMP, manager risk and insurance for PeaceHealth; and David J. Young, lecturer at the Risk Management and Insurance Program, University of Colorado Denver Business School. The group also presented on this topic at RIMS 2018 Annual Conference & Exhibition in San Antonio.

Risk Communication to the C-Suite and Board of Directors: Visualizing Enterprise Risk Management Information is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.

Enterprise Risk Management’s Wakeup Call: 10 Years After is also available on Risk Knowledge. Complementary to Risk Communication to the C-Suite, it discusses the importance of integrating ERM into companies’ frameworks as they prepare for the possibility of another financial crisis or a new threat. Read more about the report here.

Risk Manager of the Year: Q&A with Rebecca Cady

Posted on by

Rebecca Cady, vice president and chief risk officer of Children’s National Medical Center (CNMC) in Washington, D.C. was named the RIMS 2018 Risk Manager of the Year today. CNMC is the largest freestanding pediatric academic medical center and health system in the greater D.C. area., with annual revenues of nearly $1.2 billion.

She was praised by her peers for her success in elevating CNMC’s culture of safety, addressing risk on an enterprise basis and lowering the system’s total cost of risk. Under her leadership, programs continually seek to benefit the system’s 6,000-plus employees, and ultimately, the services they provide to children and their families. Cady spoke with Risk Management Monitor about her journey to the profession and the combination of challenges she faces as a health care risk manager.

Risk Management Monitor: Your professional career began as a labor and delivery nurse. How did you make your way into risk management?

Rebecca Cady: I was a staff nurse at a small, rural hospital in Kingsville, Texas. During a shift, several co-workers were gathered at the nurse’s station, discussing a lawsuit that many senior nurses were anxious about having to take part in.

They didn’t understand what was going on. I remember thinking: ‘What if lawyers knew what it was like to be a health care provider or practice medicine and nursing?’ It would help them do a better job of guiding the nurses and doctors through the legal process. I thought, ‘I could go to law school.’ And I did. It turned out to be a great idea because it has made for a fulfilling and interesting career.

RMM: After becoming a lawyer—and eventually partner—at a law firm, what drew you to CNMC?

RC: I saw this as an opportunity to get in the practice of avoiding litigation in the first place. I was attracted to the idea of working more closely with providers and in a hospital environment where I felt I could have a greater impact on the organization and manage its risk.

RMM: What is one of CNMC’s top challenges?

RC: Recruitment is up there. Pediatric neurosurgeons are not working at Starbucks while they’re looking for a job.

online pharmacy ciprodex with best prices today in the USA

In some of the specialties, there are very few qualified people. Being able to recruit and hire the best and the brightest, which we think our kids deserve, is hard because we’re competing with pediatric hospitals that are part of other systems.

RMM: In 2014, you updated the reporting systems to include reporting from mobile phones. What inspired that change?

RC: Being able to report an incident and have it instantly make its way up the chains of command was more of a way to cut past the tediousness of logging a report on paper, or even on a computer. I’m not a techie but I recognize that technology has the ability to make us more efficient and effective. We really do believe that more reports are better, because knowing about the low-level events that don’t reach patients or cause immediate problems can still be useful. You can then identify latent issues that need correcting and prevent something serious. Plus, it was embraced by our employees.

RMM: You are widely regarded by peers and co-workers as a relationship-builder and a strong communicator. What is your management style?

RC: My office is in the hospital and I make it a point to be visible. I go to meetings wherever possible and am present wherever possible, I administer our calls and speak at staff meetings as well and to the new residents and nurses as they come on board. The whole risk team is also out and about among the organization constantly, because having relationships builds trust and makes your job easier.

We’re not the department of ‘No.’ We’re the department of ‘Yes, If…’ Helping folks solve their problems – even if they seem small to you – is huge for them. And once they stop seeing you as the policeman, they see you as a business partner.

online pharmacy fluoxetine with best prices today in the USA

Then they’ll start to call you earlier in the game when they are strategizing. That applies no matter what industry you’re in.

online pharmacy flomax with best prices today in the USA