Blog

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor ma

Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise solutions provid

Enterprise Risk Management (ERM) Software, unfortunately, is a poorly defined (and often poorly executed) concept, but by structuring your vendor selection around the core concepts of Enterprise Risk Management, Risk Managers can mitigate the inherent risks that accompany a software implementation.

Common Pitfalls of ERM Programs

The common maturity process of an ERM programs looks something like this: define our purpose with an ERM charter, define our process, and then seek automation to support

The Baker/baker complex, as illustrated in Joshua Foer’s Moonwalking with Einstein, states that if you ask one person to remember a baker and another to remember a man named Baker; the person asked to remember the proper noun will struggle far more than the person asked to recall the bread maker.

Same word, two very different outcomes because one provides your memory with context, while the other floats independently, devoid of the connections and methodology that improve our recall.

At LogicManag

The RIMS Risk Management Society (LogicManager’s co-author for the RIMS Risk Maturity Model) promotes the adoption of Risk Committees for organizations looking to formalize their enterprise risk management processes.

With more organizations adopting risk committees or similar governance groups, the question remains: What should risk managers present to their risk committee; or conversely, what should risk committees ask that their managers present to them?

Forrester Research, in their report on me

Last week, Insurance News Net’s Trish Ennis examined the relationship between occupational  health, safety risk management and reputational risk.

Texas City refinery. Upper Big Branch mine. Deepwater Horizon. Tazreen Fashions factory. Rana Plaza. Each of these tragedies was caused by a chain of events that included safety and health system deficiencies. They have something else in common, too: They all caused significant damage to the reputations of the organizations involved.”

Ennis highlights an

One of the most frequently cited differences between Software-as-a-Service (SaaS) and On-Premise installations is the degree of flexibility between each type of solution. With SaaS solutions on the rise for GRC and Risk Management Software, more and more organizations are realizing that everything they thought they understood about the differences between SaaS and On-Premise is wrong. So what can we learn from their mistakes?

A Conflict of Interest

On-Premise vendors make about 50% of their revenu

Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat

CMS Wire's Norman Marks recent article, "Why Risk Management Technology Projects Fail," captures a common but limited viewpoint of Risk Management that limits its ability to succeed in any environment, whether supported by software, spreadsheets, or pen & paper.

"To be successful, a risk program has to be designed to enable managers to make intelligent, risk-informed decisions every day. The requirements have to include the perspectives of both the risk officer and of management... You need to en

Home Depot hacked. http://t.co/qZROzHKWr2. This #risk preventable with #ERMSoftware. So why are ERM Programs failing? http://t.co/gcbLO6wCjz

-- Steven Minsky (@SteveMinsky) September 2, 2014

The goal of an ERM program is to put your organization in the best position to manage uncertainty, and to provide transparency into areas of vulnerability so businesses can make better decisions. Risk Management Software supports that process by providing insights and analytics that aren't obvious to the front

Despite reports that more than 65% of organizations have adopted Enterprise Risk Management, executives remain unimpressed and skeptical of the value their ERM programs are providing versus what is needed.

A new report by APQC finds that fewer than 1 in 5 executives say their companies are effectively managing emerging risk, and the report's authors worry that "Companies may be 'checking the boxes' that say they have processes to monitor strategic risks."[1]

Additionally, two in three companies sa

Once SharePoint has taken root in a company, there’s a tendency to try to use it for everything. The mega-popular platform can accomplish many use cases, from social networking to document management. It’s no wonder then that Risk Managers have been asked to build their programs on SharePoint - and live and die with the consequences. If your organization is considering SharePoint for ERM or other governance activity, or you’re considering moving your program off SharePoint all together, consider

Jeffery Reynolds’ article in ABA Banking Journal, “ERM: Getting it, and getting it right”, equates the definition of Enterprise Risk Management with happiness.

"Before you start with ERM, you have to define it. If it were only that easy to nail down the definition of ERM—but it is not…Defining ERM is like defining happiness. Happiness is not the same for me as it is for you. Nor is it the same for me today as it was 20 years ago. And what drives happiness today will likely not be what defines hap

Many business cases for Enterprise Risk Management programs begin with what senior management can expect in terms of return on investment (ROI). While ROI may not be the best indicator of ERM success (it’s tough to quantify the monetary value of risks you’ve mitigated), there are simple and direct steps you can take to demonstrate the efficiency your program will gain through the implementation of an ERM system.

On average, risk managers spend 62% of their time on tactical, rather than strategic,

While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.

Cost & Innovation

SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for sma

In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted o

As organizations turn to Enterprise Risk Management (ERM) software to automate and enhance aspects of their ERM Programs, it’s time to take a critical look at the ERM and GRC marketplace to determine where gaps exist between the current offerings and the needs of risk managers.

Many GRC software tools on the market today offer a separate ERM module at an additional cost. If the goal of enterprise risk management is to take traditionally silo’d information and communicate it with a single framewor

The National Association of Insurance Commissioners adoption of the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requires insurance organizations to take a broader approach to risk management. As US insurers begin to mobilize their efforts to comply with the regulation by the 2015 deadline, it’s important for insurers to take a step back, leverage their existing risk management operations, and develop their RMORSA efforts with a mind to the future.

The groundwork for RM

The role of the enterprise risk manager has finally become clear: close the gap between strategic level risks and the operational risks faced at the activity level. Despite being a relatively new corporate discipline, expectations for ERM value are already very high. A recent poll shows us why corporations are desperate for ERM managers to be successful.

The poll, conducted by Harris Interactive of 23,000 corporate full-time employees within key industries and in key functional areas¹ highlights

Increasingly, organizations across all industries are charged with managing risk in a complicated compliance environment. Over at the Credit Union Times, Danny Baker, Vice President of Product Management, Risk & Compliance at Fiserv Inc., thinks he’s found a solution in the Cloud. In his recent article, “To the Cloud for Risk Management, Performance Analysis,” he argues that Credit Unions should turn to “Web-based or cloud portal” platforms that deliver enterprise risk management solutions.

Clou