Simply explained, risk management entails a company identifying the risks the company is exposed to, measuring how exposed the company is to that risk, then deciding how it will address that risk and taking actions to protect the company or work towards the benefits.
How Companies Mismanage Risk - Harvard Business Review
- Relying on Historical Data
- Focusing on Narrow Measures
- Overlooking Knowable Risks and Concealed Risks
- Failing to Communicate
- Not Managing in Real Time
Why is Risk Management a struggle with standard technology?
Risk Management is important to staff, management and the Boardroom, but the lack of management information and an understanding of their critical assets still eludes senior management and boards.
Why is monitoring Risk Management a struggle with standard technology?
- Data and information relevant to risk management is scattered across too many places to allow key insights
- Staff have limited resources to manage and monitor so many risks
- Organisations require an effective BCM system but are limited to complicated, extensive and costly GRC solutions, or Simple spreadsheets which are outdated and dangerous due to little or no control over changes, versioning, reporting, error checking
Who is involved?
|Individuals with oversight responsibilities in risk management||Authorising officials, CIOs, IT Directors, IT Managers|
|EXCO, risk executives||Individuals with development responsibilities|
|Individuals responsible for conducting business critical functions||System designers, developers, integrator|
|Business owners, information owners, authorising officials||Individuals with monitoring responsibilities|
|Individuals with operational responsibilities||Auditors, inspectors, assessors, analysts|
|Mission/business owner||Board of Directors|
|Individuals with information system, security, risk management, and oversight responsibilities||Commercial companies producing goods and services|
Risk Management System
Risk Management system must be effective yet uncomplicated.
- Risk Identification
- Identify risks that may disrupt the organisation resources
- Identifying risks requires a broad approach. To make your business continuity plan most successful, it is important to plan risk assessments at scheduled intervals or when important changes or new projects are initiated.
- Analyse and evaluate the risks which may disrupt continuity of Resources.
- List the vulnerabilities of each risk.
- Systematically analyse the Probability and Impact of each threat
- Identify and approve risk treatment (Accept, Avoid, Mitigate or Transfer)
We at BCMfort have taken the complex topic of Risk Management and turned it into a manageable cycle that can be used by any company, request a demo to see how we can help
Although the field of risk management emerged in the mid-1970s, many companies have not taken advantage of this critical tool. A risk is defined as the effect of uncertainty, and many people see risk as inherently bad; however, risk can also lead to opportunities and taking action can lead to potential benefits. If a company wants to identify opportunities, and plan to mitigate against harm and losses, then they need to identify the risks that are present in their company. The main mitigation techniques are avoidance, reduction, sharing or acceptance.
Even with the criticality of risk management to identify and address risks only 1/3 to 1/2 of Fortune 500 companies planned to implement a risk management initiative in 2004. Many see risk management as a costly and complicated endeavour with limited benefit for the cost in time and resources.
More recently in 2009, the International Organization for Standardization has introduced a standard to control Risk Management, ISO 31000, to try to bring a more standardised approach to how companies perform Risk Management activities.
Analyse and manage risks and impacts through audits, threat and vulnerabilities identification, risk qualification, assessing business impacts and proposition of risk treatment measures