security_risk_management.jpgA study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle that we see consistently challenge organizations with a growing ERM process can be best described as a paradox of big data. These organizations have recognized the need for a formal ERM process, have hired experienced professionals to lead the charge, and have collected data in risk assessments from across their organization. Now faced with tens or even hundreds of identified risks, the risk managers are in effect paralyzed by the abundance of options as they to aggregate risk assessments and report on findings.

Collecting as much risk intelligence as possible seems like a worthy best practice, but big data is only as useful as the tools in place to use it to its full advantage.

The solution to this problem is an objective Enterprise Risk Management framework that doesn't rely only on intuition, but instead balances the assessments against the organization's unique business structure. With this type of structure, or risk taxonomy, in place, an identified risk can be assessed by the effected party and categorically ranked. An effective taxonomy will provide organizations with the flexibility to prioritize risks not only by department, but also by geographic regions, strategic initiatives, or adherence to frameworks like COSO, COBIT, and RIMS.

This kind of flexibility allows organizations to easily analyze a large amount of enterprise risk information, but it can be difficult to achieve without a formal risk management process and may not be obvious to organization facing a multitude of risks.

If your organization is faced with a challenge in reporting on risk assessment data, we invite you to watch our Streamlining Governance Video.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!