Blog

Hospitals are considered places in society where patients can feel safe and looked after. This is why mitigating unnecessary risk is a high priority in healthcare organizations. Rules and regulations around risk in healthcare are constantly being updated and reviewed to ensure staff and patient safety.

As standard, there should be steps that healthcare risk managers should comply in ensuring that the surroundings around all areas are in sufficient condition. Here are some best practices that all

The coronavirus outbreak is unlike anything we have ever experienced and is spreading at a rapid rate. Whilst nations scramble to regain control, business leaders are having to assess their ability to manage the threat it will have on their business assets, employees, supply chains, facilities and even their brand and image.

This situation is an urgent one, but it also highlights the importance of being prepared should an emergency or critical event occur, whilst also focusing on how people can b

Mobile app development has changed a lot in the past couple of years. The usage of complicated programming languages and automated features which are falling into the big world of Machine and Deep Learning have definitely impacted the way many people are approaching the topic. The usage of PWA(Progressive Web Applications) and other forms of simplified architectures within mobile app development has been the first step in using server-oriented applications, a matter that, in a cloud-oriented dev

In the world of healthcare, risk can be considered one of the biggest dangers to patients. It’s a core element that is considered in the industry to ensure patients remain safe. Unfortunately, it’s impossible to completely remove risk from any site. However, any effort to ensure that it’s reduced can be extremely positive in making sure there’s less chance of it happening. 

In healthcare, the list goes on about ways that patients and staff can keep safe in their working environments. The safety o

The blows keep on coming for Wells Fargo. Within a year of their cross-selling scandal, two more scandals have risen to the top of news headlines.

In part one of this series, I set out to make good on a prediction I presented to business journalist L.A. Winokur. I predicted that after the dust settled for the original cross-selling scandal, Wells Fargo would remain vulnerable in other areas of its operations, lest they address the gaps in their risk management program.

In the time it took me to ex

In a recent interview I had with business journalist L.A. Winokur regarding the Wells Fargo cross-selling scandal, I made a prediction: “Once the dust of this scandal settles, perhaps in two or three years, Wells Fargo will remain vulnerable in other areas of its operations to risk management failures.”

Low and behold, the only part I didn’t get right was the timeline. In less than a year of paying $185 million in penalties, the largest fine ever levied by the CFPB, the bank finds itself in headl

Risk Management's 3 Basic Steps

In order to be effective, risk management must involve three phases:

1. Risk identification & assessment
2. Mitigation design & implementation
3. Active monitoring of mitigation activities

If an organization misses any of these steps or does not directly link them to one another, it is not fully managing risk. Here’s what can happen if a step isn’t fully executed:

1. Improper risk identification often results from identifying a risk’s symptom instead of its root cause. When this ha

When it comes to Enterprise Risk Management, there is a lot of jargon floating around, mostly because it’s a unique, rapidly growing industry. Not all of that jargon is necessarily industry-wide; organizations will sometimes use different terms for the same concept.

One example is the phrase risk-informed activities. We haven’t used this exact phrase in the past, but it certainly lines up with our central tenets; risk should be assessed across the enterprise and be a part of everyone’s job descri

The concept of cyberattacks, while still disturbing, is no longer as new and unfamiliar as it was five years ago. However, we are still seeing money invested in inefficient and ineffective risk mitigation responses. All the major corporations that have suffered breaches had sophisticated control solutions in place. Even so, their risk exposure was significant in known but uncovered areas, all thanks to poor risk management.

Companies are buying and implementing point solutions despite not underst

A common challenge for early-stage ERM programs is making the step from risk identification and prioritization to the formalization of a control (or mitigation) environment. Keep in mind, it is only possible to know if a Mitigation Activity is effective and efficient if the objective of this activity is known. The objective o f the activity must also be risk and performance focused. Organizations often lose track of why a particular mitigation activity was implemented to begin with, and fail to

In today’s organizations, risk managers are tasked with the responsibility of effectively monitoring risk.  They need to know what to monitor and how to determine if mitigation activities are effectively preventing risks from materializing. Traditionally, organizations evaluate risk monitoring activities through controls testing, but this provides little more than a false sense of security for organizations.

A major weakness in just using Testing to monitor risk mitigation activities, is that tes

A risk taxonomy, the brains of an enterprise risk management software platform, creates a common language to make working across operational silos possible. It also creates the basis for a risk management discipline, so rather than reacting to seemingly "one off situations" the entire organization can standardize and prioritize how assessment, mitigation and monitoring are applied in a common comparable way to build risk management competency across the enterprise.

See our other blogs Identify C

Organizations need to build a robust Enterprise Risk Management (ERM) framework or risk taxonomy, which provides a holistic view of all information and relationships across the organization. Taxonomy structures and preserves the integrity of information, so as changes occur in multiple parts of the organization, managers can compare risks on an 'apples to apples' basis and connect the dots between business areas. It is the critical foundation of your ERM program and any enterprise risk managemen

We are often asked for insight on business measures or KPIs for ERM programs to track overall progress and effectiveness. 

The key question for risk managers is: how do I measure the value ERM is delivering to my organization? 

The following are examples of measures that will quantify and measure the value your ERM program is providing:

1. Number of systemic risks identified