Risk Taxonomy Step 2: Connecting What Matters

Organizations need to build a robust Enterprise Risk Management (ERM) framework or risk taxonomy, which provides a holistic view of all information and relationships across the organization. Taxonomy structures and preserves the integrity of information, so as changes occur in multiple parts of the organization, managers can compare risks on an 'apples to apples' basis and connect the dots between business areas. It is the critical foundation of your ERM program and any enterprise risk management (ERM) software automation initiative.

As I described in my last blog, the first step to building a risk taxonomy is identifying your organizations core business processes to create accountability and focus on business value.

The next step in building a risk taxonomy is to enable better resource allocation by the naming and categorizing of all the key people, systems, and vendor products and services used by these business processes.

1. Organize risk assessment templates by resources vs. by use or department

To make effective Enterprise Risk Management (ERM) simple and practical, you need to take complex material, break it down, and make it accessible for anyone in your organization. To do this, information should be organized by resource rather than by use or department, and organizations need to create a holistic profile for each critical resource in your enterprise.

By resources, we mean people and vendors and the physical assets, software applications, services and data repositories used in the organization. Everyone knows something about the relationships and data around these resources, but no one knows everything. The challenge is how to get everyone to contribute their "piece".

A risk taxonomy, provides a structure for information and ownership, by breaking down complex interconnected information into resources as basic building blocks. This enables everyone to understand and contribute their piece and take ownership for change management. These standardized building blocks become a library to be shared across all business areas and reduces unnecessary duplication and overlap.

2. Performance Management: Link resources to the Business Processes that use them

The relationships between the resources and the business processes that use them should be explicit as this determines business impact. The more clear the understanding of business impact, the more effective the governance activity will be. The connection to a business process provides a direct connection to the subject matter expert for the activity that uses the resource and knows the criticality of that resource to their activity.

The result is the identification of critical business processes based on a score that includes these key supply chain and infrastructure dependencies. Control and mitigation activities can then be organized within the business processes in which they operate and are connected to the resources they depend upon to complete this circle.

A common shared infrastructure, or risk taxonomy, is necessary to support risk management information across an entire enterprise. Through this approach, organizations will see the benefits of eliminating redundant work on assessments, controls and testing while reducing risk at the same time.

The next steps in building a risk taxonomy is standardizing risk assessment template criteria for these resources and processes, consolidating data collection, and understanding cross-silo dependencies.

Look out for our next blog on these topics! Watch our 5 minute video: Streamlining Governance through ERM to learn more.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky is a recognized thought leader in risk management, CEO and Founder of LogicManager. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts and published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!