Blog

The way that we calculate capital requirements is one of those embedded assumptions that has existed for so long that we fail to think about whether it really makes any sense or not.  And if you do stop and take a step back, you will realize that it actually does not necessarily make much sense. 

We calculate capital requirements looking backwards, when the thing that we will need capital for is in the future.  That backwards capital requirement is only broadly close to being correct for firms th

Lack of transparency makes risk, performance and compliance information hard to discover, collect and maintain. Within every organization, governance areas are conducting activities, each based on different assumptions with different standards, all of which contain a risk component.

While these are typically not thought of as risk activities, when the responsibilities of each governance area are compared to a risk based process – identifying & assessing, mitigating, and monitoring – you find that

Governance functions are designed to manage risks that organizations face in operational and back office silos - financial misstatements, fraud, vendor management, disaster recovery, and other activities are all designed to address a subset of an organization’s risk profile. The concept of Enterprise Risk Management is not to create another function that exists in parallel to these areas, but rather creates a standardized methodology and language to objectively prioritize across functions and le

Compliance professionals have it tough. While risk managers work in shades of grey (or often, red, yellow, and green), compliance officers are often asked to answer the more direct question: Do we meet this regulatory mandate?

While the task may differ, compliance professionals without enterprise risk management in their toolbox are at a significant disadvantage. Regulations are changing constantly, responsibility for compliance ranges from high level executives to analysts on the front line, and

While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.

Cost & Innovation

SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for sma

In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted o

[Editor’s Note: Organizations have become myopic with GRC solutions, and they can no longer see the forest through the trees. In my prior blogs, I pointed out that over confidence in technology point solutions has been happening since the Great Wall of China, where corporations have not been investing enough in broader ERM programs that can detect non-technical failures like employee collusion, or vendor performance or loop-hole issues. The Board needs to know their true risk monitoring position

As organizations turn to Enterprise Risk Management (ERM) software to automate and enhance aspects of their ERM Programs, it’s time to take a critical look at the ERM and GRC marketplace to determine where gaps exist between the current offerings and the needs of risk managers.

Many GRC software tools on the market today offer a separate ERM module at an additional cost. If the goal of enterprise risk management is to take traditionally silo’d information and communicate it with a single framewor

Having standardized risk assessments and well documented mitigation and monitoring activities will equip your organization with a lot of risk intelligence. The question becomes, how do you report all of this information to your board and communicate it to your commissioner in a way that demonstrates the value of your ERM program? First, risk managers must be able to demonstrate how risks across the organization roll-up to impact the Board’s strategic objectives; and second, ERM functions must tr

With the Affordable Care Act (ACA) continuing its implementation this week with the start of the open enrollment period, there has never been a more critical time for Healthcare Institutions to have a firm handle on their risk environment and the implications of those risks.

Since its enactment in 2010, the ACA has fundamentally shifted how many hospitals must conduct day-to-day operations. For example, hospitals must now shift their patient records systems to electronic medical records, which in

With the Affordable Care Act (ACA) continuing its implementation this week with the start of the open enrollment period, there has never been a more critical time for Healthcare Institutions to have a firm handle on their risk environment and the implications of those risks.

Since its enactment in 2010, the ACA has fundamentally shifted how many hospitals must conduct day-to-day operations. For example, hospitals must now shift their patient records systems to electronic medical records, which in

The National Association of Insurance Commissioners adoption of the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requires insurance organizations to take a broader approach to risk management. As US insurers begin to mobilize their efforts to comply with the regulation by the 2015 deadline, it’s important for insurers to take a step back, leverage their existing risk management operations, and develop their RMORSA efforts with a mind to the future.

The groundwork for RM

The role of the enterprise risk manager has finally become clear: close the gap between strategic level risks and the operational risks faced at the activity level. Despite being a relatively new corporate discipline, expectations for ERM value are already very high. A recent poll shows us why corporations are desperate for ERM managers to be successful.

The poll, conducted by Harris Interactive of 23,000 corporate full-time employees within key industries and in key functional areas¹ highlights

A study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle tha

Fifteen of the world’s top risk managers met recently at the 2013 RIMS Risk Summit. When the topic of reputational risk arose, the group struggled to develop a concrete value proposition, but unanimously agreed that no ERM assessment that failed to tackle reputation risk would be deemed complete by leadership.

Their recognition calls attention to one of the biggest hurdles confronted by risk managers in all industries when faced with high level risks deemed critical by the board or executive lead

Increasingly, organizations across all industries are charged with managing risk in a complicated compliance environment. Over at the Credit Union Times, Danny Baker, Vice President of Product Management, Risk & Compliance at Fiserv Inc., thinks he’s found a solution in the Cloud. In his recent article, “To the Cloud for Risk Management, Performance Analysis,” he argues that Credit Unions should turn to “Web-based or cloud portal” platforms that deliver enterprise risk management solutions.

Clou

Most agree that working from the top down, meaning to first identify corporate objectives, then focus on the details of how to achieve them is what most managers wish they could be doing more of. However, the reality is most managers are so busy with day-to-day activities that little time is left over to work on the big picture. Everyone agrees the role of ERM is for risk management to be involved in the “key business decisions,” however, some misinterpret this as interviewing only the senior ex

Enterprise Risk Management means alternate things to different people but the general angle risk analysts seem to take; is to create a risk assessment program or tick list sheet, then torture staff in their company to assess what they often don't fully understand.  This is fine but that is not Enterprise Risk Management in my opinion.  ERM is beyond simple risk assessments or check lists and it should consider a much wider charter of risk exposure quantification in the company.

In the presentatio

Businesses began with Enterprise Risk Management (ERM) from the dawn of civilization. The first businesses were small and therefore one person knew all their customers, suppliers and processes. They knew all the risks within their business how they were connected to affect their business goals, which made it easy to manage both the upside and downside “impact of uncertainty on objectives”.

However, as the size of organizations grew in the industrial age, everyone became a specialist and groups of