Comments for Risk Management from OpenPages http://www.openpages.com/blog Insights on the latest risk and compliance news and issues Mon, 22 Feb 2010 17:00:27 -0500 http://wordpress.org/?v=2.8.4 hourly 1 Comment on 2010 GRC Wish List: #7 Increased Risk Management Budget by John Kelly http://www.openpages.com/blog/index.php/2010-grc-wish-list-8-increased-risk-management-budget/comment-page-1#comment-1130 John Kelly Mon, 22 Feb 2010 17:00:27 +0000 http://www.openpages.com/blog/?p=656#comment-1130 That's right Chris, we're seeing more and more that organizations view the coordination of disparate risk management efforts as a competitive differentiator. That’s right Chris, we’re seeing more and more that organizations view the coordination of disparate risk management efforts as a competitive differentiator.

]]> Comment on 2010 GRC Wish List: #7 Increased Risk Management Budget by Chris http://www.openpages.com/blog/index.php/2010-grc-wish-list-8-increased-risk-management-budget/comment-page-1#comment-1115 Chris Thu, 18 Feb 2010 14:35:23 +0000 http://www.openpages.com/blog/?p=656#comment-1115 http://blog.maas360.com/archives/businessintelligence/execution-of-daily-it-workflows-could-suffer-during-economic-recovery/trackback/ The good news is that proactive planning... gained from complete visibility will help drive the recovery though faster, more efficient GRC and IT Operations. Simplifying Operations and moving faster will be a key differentiator of successful companies during/post recovery in my opinion. http://blog.maas360.com/archives/businessintelligence/execution-of-daily-it-workflows-could-suffer-during-economic-recovery/trackback/

The good news is that proactive planning… gained from complete visibility will help drive the recovery though faster, more efficient GRC and IT Operations. Simplifying Operations and moving faster will be a key differentiator of successful companies during/post recovery in my opinion.

]]> Comment on Live Blogging at GARP: Risk and Performance Management by Gordon Burnes http://www.openpages.com/blog/index.php/live-blogging-at-garp-risk-and-performance-management/comment-page-1#comment-1085 Gordon Burnes Thu, 11 Feb 2010 14:28:09 +0000 http://www.openpages.com/blog/?p=755#comment-1085 Agreed! Some participants at GARP mentioned risk management's "seat at the table" or being part of the strategic planning and budgeting process. Increasingly, risk management is part of the operating planning process, and what Stein was saying is that risk management needs to not just criticize planning assumptions but also offer a way to mitigate the risks, e.g. when entering a new market, what will you do when your main competitor follows? Agreed! Some participants at GARP mentioned risk management’s “seat at the table” or being part of the strategic planning and budgeting process. Increasingly, risk management is part of the operating planning process, and what Stein was saying is that risk management needs to not just criticize planning assumptions but also offer a way to mitigate the risks, e.g. when entering a new market, what will you do when your main competitor follows?

]]> Comment on Live Blogging at GARP: Risk and Performance Management by Martin Coyne http://www.openpages.com/blog/index.php/live-blogging-at-garp-risk-and-performance-management/comment-page-1#comment-1082 Martin Coyne Wed, 10 Feb 2010 23:17:02 +0000 http://www.openpages.com/blog/?p=755#comment-1082 It's interesting that the panel focused mainly on risk and reward without a mention of the planning assumptions that form the basis of the annual operating plan. In my experience, more unanticipated risk is undertaken by companies due to overly optimistic planning assumptions. Many times it is assumed that all strategic and tactical initiatives undertaken by the company will be implemented flawlessly. This rarely happens! Concurrently, many operating plans assume no reaction by competitors. Again, this rarely happens! It's always best to validate, with facts, the key assumptions used for planning purposes. The quality of planning assumptions are usually early indicators of the magnitude of risk in the final plan. It’s interesting that the panel focused mainly on risk and reward without a mention of the planning assumptions that form the basis of the annual operating plan. In my experience, more unanticipated risk is undertaken by companies due to overly optimistic planning assumptions. Many times it is assumed that all strategic and tactical initiatives undertaken by the company will be implemented flawlessly. This rarely happens! Concurrently, many operating plans assume no reaction by competitors. Again, this rarely happens! It’s always best to validate, with facts, the key assumptions used for planning purposes. The quality of planning assumptions are usually early indicators of the magnitude of risk in the final plan.

]]> Comment on Talking at Cross Purposes About Risk by Martin Coyne http://www.openpages.com/blog/index.php/talking-at-cross-purposes-about-risk/comment-page-1#comment-1042 Martin Coyne Tue, 02 Feb 2010 13:24:03 +0000 http://www.openpages.com/blog/?p=690#comment-1042 Mr. Steinberg is very accurate in his assessment of the the terminology issues around risk management. I recently worked on this issue with my board and management team and quickly discovered that each director and senior management team member had their own definition of risk and how it was currently being managed. There is considerable merit in taking the time to reach a consensus definition of risk before a true risk assessment can be undertaken. This is an important issue for every board of directors and avoiding these discussions will not alleviate the problem. Mr. Steinberg is very accurate in his assessment of the the terminology issues around risk management. I recently worked on this issue with my board and management team and quickly discovered that each director and senior management team member had their own definition of risk and how it was currently being managed. There is considerable merit in taking the time to reach a consensus definition of risk before a true risk assessment can be undertaken. This is an important issue for every board of directors and avoiding these discussions will not alleviate the problem.

]]> Comment on ISACA Launches Risk IT Framework by Raphael http://www.openpages.com/blog/index.php/isaca-launches-risk-it-framework/comment-page-1#comment-953 Raphael Mon, 21 Dec 2009 21:43:52 +0000 http://www.openpages.com/blog/?p=525#comment-953 However the problem is not necessarily the lacking of standards or frameworks. Specifically in IT Risk Management we do already have a wealth of guidelines such as ISO 27005, ISO 31000, Management of Risks M_o_R, or even AS/NZS 4360:2004. The problem is therefore not the lacking of framework but moreover of a tool that helps companies to systematically trace and manage their risks. However the problem is not necessarily the lacking of standards or frameworks. Specifically in IT Risk Management we do already have a wealth of guidelines such as ISO 27005, ISO 31000, Management of Risks M_o_R, or even AS/NZS 4360:2004. The problem is therefore not the lacking of framework but moreover of a tool that helps companies to systematically trace and manage their risks.

]]> Comment on A Recipe for ERM Investment and Improvement by Trevor Levine (Riskczar) http://www.openpages.com/blog/index.php/a-recipe-for-erm-investment-and-improvement/comment-page-1#comment-675 Trevor Levine (Riskczar) Mon, 16 Nov 2009 17:21:35 +0000 http://www.openpages.com/blog/?p=448#comment-675 I love this approach. ERM practitioners need to be multi-skilled too. Far too many CFOs think that any accounting professionals can do ERM because they read the COSO ERM framework and have a CA or CPA. Maybe they can do risk assessments but that is not ERM. Without someone with competencies in assessing culture, process improvement, change management and communication, etc., then all you will have at the end is a risk assessment that sits on a shelf. Trevor Levine I love this approach. ERM practitioners need to be multi-skilled too. Far too many CFOs think that any accounting professionals can do ERM because they read the COSO ERM framework and have a CA or CPA. Maybe they can do risk assessments but that is not ERM. Without someone with competencies in assessing culture, process improvement, change management and communication, etc., then all you will have at the end is a risk assessment that sits on a shelf.

Trevor Levine

]]> Comment on A Recipe for ERM Investment and Improvement by John A. Wheeler writes about ways to improve your ERM « Riskczar Corporation http://www.openpages.com/blog/index.php/a-recipe-for-erm-investment-and-improvement/comment-page-1#comment-674 John A. Wheeler writes about ways to improve your ERM « Riskczar Corporation Mon, 16 Nov 2009 17:16:54 +0000 http://www.openpages.com/blog/?p=448#comment-674 [...] A Recipe for ERM Investment and Improvement [...] [...] A Recipe for ERM Investment and Improvement [...]

]]>