Risk taxonomy is the framework of naming, organization and managing the relationships to manage your risk information. Your ERM program and any Enterprise Risk Management (ERM) software you use depends upon it.

Most organizations have an organizational chart of how their people are connected. To be effective in risk management, organizations must also have an organizational chart of how their business processes are connected to create accountability and focus on business value.

The first step is to name, categorize and connect your business processes and sub-processes.

• WHY: Establishing business process level accountability for risk: The foundation for enterprise risk management is identifying an organization’s business processes and recognizing the owners as accountable for risk vulnerabilities, compliance and performance goals.

Because all business activities are within business processes, all risks and mitigation activities also fall within processes. Therefore, defining processes is the first step in leveraging efficiencies and creating transparency for risk management, compliance and business performance improvement.

• WHAT: Focusing on business value with Performance Management: A business process is a set of coordinated tasks and activities that lead to accomplishing a specific organizational goal. Business processes include customer facing areas, those providing support functions as an internally shared service, or areas performed by an outsourced partner.

End-to-end processes consist of multiple levels of sub-processes. The level of granularity, meaning the extent to which processes are broken down into smaller processes, evolves over-time. You may choose to get granular in areas of greater priority to the company and fill out the others over time.

• WHERE: Consolidating existing risk assessment templates: Business Processes names, structure and their owners are typically already known within an organization and maintained by various functional areas such as finance, internal audit, HR, business continuity, process improvement, quality management, or other departments. There should be only one way to call and organize business processes enterprise wide, otherwise known as a taxonomy or naming convention. The ERM team has the responsibility to locate these lists and agree on a common single naming convention for the enterprise.

Business Process Owner: the individual(s) responsible for process design and performance. The process owner is accountable for sustaining the gain and identifying risk and future improvement opportunities on the process.

Risk Owner: the individual who is accountable for the validation, assessment and action plan to care for particular risks within the process.

The Process Owner is typically the risk owner. When is this not the case? When the business process is outsourced. Activities can easily be outsourced, but the ownership for the risks within such activities can never be outsourced and must remain managed within the organization.

The next step in building a risk taxonomy is managing resource allocation, the naming and categorizing of all the key people, systems, and vendor products and services used by these business processes.

Look out for my next blog on these topics! In the meantime, watch this 20 minute on-demand webinar, "How to Integrate Risk Governance Areas," to learn more.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!