Blog

Last week, Insurance News Net’s Trish Ennis examined the relationship between occupational  health, safety risk management and reputational risk.

Texas City refinery. Upper Big Branch mine. Deepwater Horizon. Tazreen Fashions factory. Rana Plaza. Each of these tragedies was caused by a chain of events that included safety and health system deficiencies. They have something else in common, too: They all caused significant damage to the reputations of the organizations involved.”

Ennis highlights an

One of the most frequently cited differences between Software-as-a-Service (SaaS) and On-Premise installations is the degree of flexibility between each type of solution. With SaaS solutions on the rise for GRC and Risk Management Software, more and more organizations are realizing that everything they thought they understood about the differences between SaaS and On-Premise is wrong. So what can we learn from their mistakes?

A Conflict of Interest

On-Premise vendors make about 50% of their revenu

Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat

CMS Wire's Norman Marks recent article, "Why Risk Management Technology Projects Fail," captures a common but limited viewpoint of Risk Management that limits its ability to succeed in any environment, whether supported by software, spreadsheets, or pen & paper.

"To be successful, a risk program has to be designed to enable managers to make intelligent, risk-informed decisions every day. The requirements have to include the perspectives of both the risk officer and of management... You need to en

Home Depot hacked. http://t.co/qZROzHKWr2. This #risk preventable with #ERMSoftware. So why are ERM Programs failing? http://t.co/gcbLO6wCjz

-- Steven Minsky (@SteveMinsky) September 2, 2014

The goal of an ERM program is to put your organization in the best position to manage uncertainty, and to provide transparency into areas of vulnerability so businesses can make better decisions. Risk Management Software supports that process by providing insights and analytics that aren't obvious to the front

Despite reports that more than 65% of organizations have adopted Enterprise Risk Management, executives remain unimpressed and skeptical of the value their ERM programs are providing versus what is needed.

A new report by APQC finds that fewer than 1 in 5 executives say their companies are effectively managing emerging risk, and the report's authors worry that "Companies may be 'checking the boxes' that say they have processes to monitor strategic risks."[1]

Additionally, two in three companies sa

Once SharePoint has taken root in a company, there’s a tendency to try to use it for everything. The mega-popular platform can accomplish many use cases, from social networking to document management. It’s no wonder then that Risk Managers have been asked to build their programs on SharePoint - and live and die with the consequences. If your organization is considering SharePoint for ERM or other governance activity, or you’re considering moving your program off SharePoint all together, consider

Jeffery Reynolds’ article in ABA Banking Journal, “ERM: Getting it, and getting it right”, equates the definition of Enterprise Risk Management with happiness.

"Before you start with ERM, you have to define it. If it were only that easy to nail down the definition of ERM—but it is not…Defining ERM is like defining happiness. Happiness is not the same for me as it is for you. Nor is it the same for me today as it was 20 years ago. And what drives happiness today will likely not be what defines hap

Many business cases for Enterprise Risk Management programs begin with what senior management can expect in terms of return on investment (ROI). While ROI may not be the best indicator of ERM success (it’s tough to quantify the monetary value of risks you’ve mitigated), there are simple and direct steps you can take to demonstrate the efficiency your program will gain through the implementation of an ERM system.

On average, risk managers spend 62% of their time on tactical, rather than strategic,

While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.

Cost & Innovation

SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for sma

In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted o

As organizations turn to Enterprise Risk Management (ERM) software to automate and enhance aspects of their ERM Programs, it’s time to take a critical look at the ERM and GRC marketplace to determine where gaps exist between the current offerings and the needs of risk managers.

Many GRC software tools on the market today offer a separate ERM module at an additional cost. If the goal of enterprise risk management is to take traditionally silo’d information and communicate it with a single framewor

The National Association of Insurance Commissioners adoption of the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requires insurance organizations to take a broader approach to risk management. As US insurers begin to mobilize their efforts to comply with the regulation by the 2015 deadline, it’s important for insurers to take a step back, leverage their existing risk management operations, and develop their RMORSA efforts with a mind to the future.

The groundwork for RM

The role of the enterprise risk manager has finally become clear: close the gap between strategic level risks and the operational risks faced at the activity level. Despite being a relatively new corporate discipline, expectations for ERM value are already very high. A recent poll shows us why corporations are desperate for ERM managers to be successful.

The poll, conducted by Harris Interactive of 23,000 corporate full-time employees within key industries and in key functional areas¹ highlights

Increasingly, organizations across all industries are charged with managing risk in a complicated compliance environment. Over at the Credit Union Times, Danny Baker, Vice President of Product Management, Risk & Compliance at Fiserv Inc., thinks he’s found a solution in the Cloud. In his recent article, “To the Cloud for Risk Management, Performance Analysis,” he argues that Credit Unions should turn to “Web-based or cloud portal” platforms that deliver enterprise risk management solutions.

Clou

Most agree that working from the top down, meaning to first identify corporate objectives, then focus on the details of how to achieve them is what most managers wish they could be doing more of. However, the reality is most managers are so busy with day-to-day activities that little time is left over to work on the big picture. Everyone agrees the role of ERM is for risk management to be involved in the “key business decisions,” however, some misinterpret this as interviewing only the senior ex

Businesses began with Enterprise Risk Management (ERM) from the dawn of civilization. The first businesses were small and therefore one person knew all their customers, suppliers and processes. They knew all the risks within their business how they were connected to affect their business goals, which made it easy to manage both the upside and downside “impact of uncertainty on objectives”.

However, as the size of organizations grew in the industrial age, everyone became a specialist and groups of

Federal and state regulatory compliance requirements have grown exponentially and touch all operational areas. Compliance has become very complex and expensive with extensive new regulations, multiple overlapping information sources, and operational impacts that are difficult to identify and track. Financial Institutions typically manage compliance workflows manually, which is difficult in multiple branch or interstate operations, and across multiple lines of business. As a result, compliance an

What the Great Wall of China can teach us about Vendor Risk Management

A vendor risk management approach is all about creating centralized standards that transcend business silos, which is very different from the approach taken in traditional vendor management software. Vendor management needs tools with a risk-based approach to overcome their difficulty of objectively putting the vendor compliance pieces together across legal, purchasing , security reviews, and accounts payable silos for contrac

Looking back over my most popular blogs, there was a lot of interest in 5 Steps for Better Risk Assessments and How to Consolidate Compliance Risk Assessments. Due to this interest I have created a complimentary 30 minute webinar on streamlining enterprise risk assessments complete with detailed "how to" examples and visuals that are not possible in a blog format.

Click here to watch this On Demand Webinar or read the full invitation below:

On-Demand Complimentary Webinar Invitation:

Organizations