<iframe src="//www.googletagmanager.com/ns.html?id=GTM-52FKDF" height="0" width="0" style="display:none;visibility:hidden">

Risk Management Insights

I want to join the BLOG

06/01/2017 / Enterprise Risk Management, Risk Culture, ERM, Operational Risk, Risk Manager

Changing the Risk Conversation

Three Key point.pngThree Key Questions

Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?

One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'

Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.

Read More

16/12/2016 / Protecht News & Events, Risk Culture, Risk Management

2016 - The Year That Was

Merry Xmas 3.png2016 Done and Dusted

Over the last three weeks we have had Christmas parties in Melbourne and Sydney for our clients, as well as our staff Christmas event. (Check out more photos at the end of the post.) Needless to say, we are all looking forward to some downtime leading into the New Year.

Read More

06/12/2016 / Enterprise Risk Management, ERM, Risk in Motion

Enterprise Risk Management - Connecting the Dots

Risk Identification-610167-edited.jpgConnecting the dots (in this case, the risks).

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Roll forward to 2016 and there are even more dots to connect. Over the last 5 years we have seen our clients rapidly build and deploy the following additional web-based forms to capture, workflow and report on risk related information pertaining to:

  • Fraud
  • Supplier due diligence
  • Conflicts of interest
  • Internal audit findings
  • Complaints
  • Compliance breaches
  • Business continuity plans and tests
  • Conflicts of interest
  • New products evaluation
  • Ex gratia payments
  • Policy management

Read More

22/11/2016 / Bow Tie Analysis, Risk Management, ERM, KRIs

Effective Risk Management Tool: Bow Tie

Bow Tie Risk-494157-edited.jpg

Protecht loves Bow Ties, both formal and informal!  Bow Tie analysis has been around for longer than you might think. 

While some industries including oil, gas and mining have been using the bow tie consistently for years, at a broader level it appears that other industries, such as financial services, are also now realising the value of this simple yet effective risk management technique.

What does the bow tie do? 

Bow tie analysis provides a tool to identify and map out the different components of risk including root cause, risk events, risk impacts and controls. 

Read More

09/11/2016 / Protecht News & Events, Risk Culture

COBA 2016 – Lead. Change. Grow. How does this theme apply to Protecht?

Coba_banner_Photo-462355-edited.png
Protecht was proud to provide its continuing support for the COBA conference. This year’s event was held in a somewhat wet and windy Adelaide – more about that in another article where I talk about real-life Business Continuity Planning (BCP) - but we didn’t let the weather dampen our enthusiasm. As usual, the conference provided a great environment for attendees to learn about a wide range of topics applicable to them.

Myself, Selina and Rajes met with numerous people enjoying a chat and letting them know what Protecht has been up to over the last 12 months and what the next year has in store for us… The theme of the conference “Lead. Change. Grow.” was particularly apt for us this year:

Lead: Protecht continues to be a leader in the provision of risk management services and was proud to be able to show attendees its new Bow Tie app for the iPad which is free to download and try. The app allows you to complete a Bow Tie risk analysis on your iPad or iPhone instead of a whiteboard. The Bow Tie can then be shared amongst other app users for easy editing and updating. If you didn’t get the opportunity to download the app then go to the Apple app store, search for Protecht and get started today.

Read More

31/10/2016 / Risk Culture, Risk Audit, ERM

The Risk of Gifts and Entertainment

As we approach the end of the calendar year, businesses grapple with the issue of giving and receiving gifts and entertainment to and from suppliers, customers and other stakeholders. This blog looks at the psychology of gift giving, the inherent risks in both giving and receiving gifts, and how the implementation of a ‘Gifts and Entertainment’ register can provide a defensible position if questioned about the probity of giving or receiving gifts.

The giving of gifts is ingrained across all cultures and societies. As an evolutionary trait, the act of giving a gift could be as old as humans. Individuals who generously gave would have more easily attracted a mate, and small gifts of food between members of a troop have been observed in our closest animal relatives, the chimpanzees.

Read More

13/10/2016 / Risk Culture, Risk Analytics, Business Intelligence, Risk Intelligence

The Power of Risk Data - Risk Intelligence

Many organisations that have implemented risk management systems – be they for compliance management, incident management, health and safety management, financial risk management – have failed to realise the value of the data that they collect each day, week, month, quarter and year. The reason for this is that they have not appreciated the value of that data when viewed collectively, only focusing on the data in the context in which it was collected.

While focusing on ensuring that the right data is collected correctly is an essential element in the risk management process, the real value of a good risk management system is the ability to quickly and easily consolidate, translate and display the risk data in a meaningful way so that appropriate analysis can be undertaken and business decisions made, transforming it to risk intelligence.

The real benefit of your risk management system should stem from its ability to release the power of the risk data captured and stored in the system: taking risk data and transforming it into business intelligence.
 
Read More

27/09/2016 / Enterprise Risk Management, Risk Culture, risk maturity, Risk Manager

Successfully Implementing an Enterprise Risk Management System

5 factors of success

I was thinking about the characteristics of companies that make the decision to acquire and then successfully implement an Enterprise Risk Management software solution. Why? Well, we are in the business of providing software solutions to companies so we are always interested in understanding, why certain companies get more out of ERM solutions than others.  However, upon reflection, I think it is also important for companies on the ERM journey to reflect on these factors of success in their own decision-making process. So what are some of the factors of success?

1. Company Size – Does Size Matter?

Often company size is considered as a driver for moving to an ERM software solution. The bigger the company, the greater the need as there are more people involved in the process. Manually following up actions, treatment plans and risk assessment becomes more time-consuming and prone to errors. So generally speaking, we would expect some correlation between the number of ERM installations and size.

Read More

14/09/2016 / Risk Controls

Integrated Controls Assurance – Maximum Assurance, Minimum Effort


Controls assurance is a critical component of any robust risk management framework, providing an organisation with:

  1. Objective evidence that controls are designed and operating adequately as a basis for executive and Board signing off on the adequacy of controls over material risks.

  2. KnowIedge of control weaknesses as a basis of making improvements.

  3. Education to control owners and operators as to the objectives, workings and importance of controls that they are responsible for.

  4. A basis of assessing the adequacy of controls as part of a Risk and Controls Self Assessment process.

Controls assurance varies greatly between organisations. At the most basic level, some organisations rely on an annual or semi-annual attestation from business unit heads that all is in order. Usually this comes with no or little evidence and relies more on trust that the manager has adequate knowledge to make the attestation.

Read More

24/08/2016 / Compliance Management

What is the definition of Compliance? – Components.

Compliance Framework – Other components: 
Attestations, Breach Registers, Culture

In a previous article we wrote about the Key Components of a Compliance Framework and the importance of the Obligations Register and the relevant rules. We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board. 

How can we achieve this assurance?

By implementing the following components in your compliance process:

  • Attestations - Compliance questions can be created from key obligations and distributed to staff and executives for regular and periodic attestations that they are compliant with the relevant obligations or their underlying controls. (Refer Fig 1).

    The objective of these questions is twofold; firstly, to remind staff of their obligations and secondly to give comfort to Executive Management and Board that staff are being (or at least trying to be) compliant with their obligations. Attestation reporting should aggregate responses by key risks and obligations and present the trend of compliance/non-compliance over time.

    Taking this process one step further may involve providing evidence of compliance to support the attestation. This may be achieved by attaching a document or equivalent to the attestation response. 
Read More