<iframe src="//www.googletagmanager.com/ns.html?id=GTM-52FKDF" height="0" width="0" style="display:none;visibility:hidden">

Risk Management Insights

I want to join the BLOG

13/10/2016 / Risk Culture, Risk Analytics, Business Intelligence, Risk Intelligence

The Power of Risk Data - Risk Intelligence


Many organisations that have implemented risk management systems – be they for compliance management, incident management, health and safety management, financial risk management – have failed to realise the value of the data that they collect each day, week, month, quarter and year. The reason for this is that they have not appreciated the value of that data when viewed collectively, only focusing on the data in the context in which it was collected.

While focusing on ensuring that the right data is collected correctly is an essential element in the risk management process, the real value of a good risk management system is the ability to quickly and easily consolidate, translate and display the risk data in a meaningful way so that appropriate analysis can be undertaken and business decisions made, transforming it to risk intelligence.

The real benefit of your risk management system should stem from its ability to release the power of the risk data captured and stored in the system: taking risk data and transforming it into business intelligence.
Read More

27/09/2016 / enterprise risk management, Risk Culture, risk maturity, Risk Manager

Successfully Implementing an Enterprise Risk Management System

5 factors of success

I was thinking about the characteristics of companies that make the decision to acquire and then successfully implement an Enterprise Risk Management software solution. Why? Well, we are in the business of providing software solutions to companies so we are always interested in understanding, why certain companies get more out of ERM solutions than others.  However, upon reflection, I think it is also important for companies on the ERM journey to reflect on these factors of success in their own decision-making process. So what are some of the factors of success?

1. Company Size – Does Size Matter?

Often company size is considered as a driver for moving to an ERM software solution. The bigger the company, the greater the need as there are more people involved in the process. Manually following up actions, treatment plans and risk assessment becomes more time-consuming and prone to errors. So generally speaking, we would expect some correlation between the number of ERM installations and size.

Read More

14/09/2016 / Risk Controls

Integrated Controls Assurance – Maximum Assurance, Minimum Effort

Controls assurance is a critical component of any robust risk management framework, providing an organisation with:

  1. Objective evidence that controls are designed and operating adequately as a basis for executive and Board signing off on the adequacy of controls over material risks.

  2. KnowIedge of control weaknesses as a basis of making improvements.

  3. Education to control owners and operators as to the objectives, workings and importance of controls that they are responsible for.

  4. A basis of assessing the adequacy of controls as part of a Risk and Controls Self Assessment process.

Controls assurance varies greatly between organisations. At the most basic level, some organisations rely on an annual or semi-annual attestation from business unit heads that all is in order. Usually this comes with no or little evidence and relies more on trust that the manager has adequate knowledge to make the attestation.

Read More

24/08/2016 / Compliance Management

What is the definition of Compliance? – Components.

Compliance Framework – Other components: 
Attestations, Breach Registers, Culture

In a previous article we wrote about the Key Components of a Compliance Framework and the importance of the Obligations Register and the relevant rules. We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board. 

How can we achieve this assurance?

By implementing the following components in your compliance process:

  • Attestations - Compliance questions can be created from key obligations and distributed to staff and executives for regular and periodic attestations that they are compliant with the relevant obligations or their underlying controls. (Refer Fig 1).

    The objective of these questions is twofold; firstly, to remind staff of their obligations and secondly to give comfort to Executive Management and Board that staff are being (or at least trying to be) compliant with their obligations. Attestation reporting should aggregate responses by key risks and obligations and present the trend of compliance/non-compliance over time.

    Taking this process one step further may involve providing evidence of compliance to support the attestation. This may be achieved by attaching a document or equivalent to the attestation response. 
Read More

10/08/2016 / Risk Management Training, Risk Controls

Risk Controls! Going through the motions or providing real value?

Controls to assist us managing risk have been around for thousands of years. Why – because risk has been around since the beginning of time. Our human instinct for survival has by necessity meant that we have had to try and control our environment and the risk contained therein.

Then the industrial revolution took the need for control to a new level as we placed large groups of workers together and added in a good dose of dangerous machinery and processes. As a result, we have grown to accept controls as an everyday part of our business lives. See an example of controls being implemented in our article Risk Management Controls in Tough Mudder.

Read More

15/07/2016 / Compliance Management

What is the definition of Compliance?

Key Components of a Compliance Framework – The Obligations Register

Compliance is an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.

The issue for an organisation is how to conform to these rules? This is the key objective of a compliance function. This blog provides an overview of one of the elements that need to be considered when building an optimal compliance function.

Understanding what the relevant rules are – plain English Obligation Registers

Before we can consider conforming to a rule, we need to comprehend what the rules are and what they mean. For external compliance, this necessitates having an understanding of relevant laws and regulations and how they apply to our organisation. This is typically achieved through an Obligations Register that contains information such as:

  • Act or regulation
  • Sections of relevant legislation
  • Penalties for non-compliance
  • Frequency that obligation occurs
  • Obligation owners and interested parties
  • Risk rating
  • Compliance status
Read More

24/06/2016 / Risk Management Training

Why is Risk Training important?

Their perception, attitude, risk culture, engagement, behaviour and actions, with respect to risk management, will make or break the success of your risk management framework. It is the number one ingredient for success.

Developing and maintaining the right culture requires knowledge, understanding and skills. This can be acquired in a number of ways including: life experience; work experience; informal learning and structured training. Given the maturity of risk management in most organisations is at the early stages, structured risk training is the most critical. 

Getting a consistent view through specific risk management training gets everyone on the same page.

Read More

03/06/2016 / Operational Risk, Key Risk Indicators, Risk Manager, KRIs

How do Key Risk Indicators work?

In February this year, I ran a blog highlighting the power of the human brain and its senses in acting as a personal key risk indicator (KRI) system for personal early warning risk awareness as we journey through this inherently risky world.

This blog looks at the potentially awesome power that a well-designed and well applied
KRI system can have in the business world.

KRIs have multiple purposes. The main one is to act as an early warning system to prompt initial investigation and response so as to deal with a risk early in its life. It helps a firefighting risk manager to become a proactive risk preventer. At a wider level, KRIs allow us to “measure” risk and incorporate risk into risk-based performance measurement, risk-based decision making and risk-based incentive schemes.

So how do KRIs work?

KRIs operate on the fact that as risk develops through its life, from root cause(s), through event(s) to final impact(s), red flags, symptoms and other evidence may be given off.  KRIs tap into this information and turn it into intelligence to then be investigated and acted upon to deal with the risk most appropriately.

Read More

20/05/2016 / enterprise risk management, Risk Management, risk appetite

When to Invite 'Good' Risk


During this month we have been talking about Risk Management and Risk Appetite. NSW Business Chamber also interviewed Our CEO Alf Esteban on the value of risk management to organisations - regardless of size. We wanted to share this article with you; we hope you find it useful:

Don't just tick the box of risk management - think outside it.
It's where real value lies.

As kids we’re taught to avoid risk but embracing it may be the best thing you can do for your business.

Risk management is a day-to-day part of running a business, but many organisations are failing to manage their risk effectively, resulting in reduced productivity and even profitability. 

Look through negative perceptions

“There is a perception that all risk is bad in business and that ‘managing’ it is just about compliance,” says Alf Esteban, Chief Executive Officer of risk management company Protecht. “Consequently many businesses look at it as something they have to do, a box they have to tick, without seeing the value of it.”

In fact, placing a higher value on risk management is one of the best things you can do to ensure your business flourishes. 
Read More

06/05/2016 / Risk Management Training, risk appetite

Risk Appetite – The starting point of great risk management


The concept of risk appetite has been around for a number of years now and many organisations have developed a form of risk appetite as part of their overall risk management framework.

The process is not easy, from deciding on how the appetite should be articulated and the exact content of the statement to how the risk appetite can be cascaded through the organization to be practically used in decision making and risk evaluation. These are all difficult challenges.

Read More