<iframe src="//www.googletagmanager.com/ns.html?id=GTM-52FKDF" height="0" width="0" style="display:none;visibility:hidden">

Risk Management Insights

I want to join the BLOG

22/11/2016 / Bow Tie Analysis, Risk Management, ERM, KRIs

Effective Risk Management Tool: Bow Tie

Bow Tie Risk-494157-edited.jpg

Protecht loves Bow Ties, both formal and informal!  Bow Tie analysis has been around for longer than you might think. 

While some industries including oil, gas and mining have been using the bow tie consistently for years, at a broader level it appears that other industries, such as financial services, are also now realising the value of this simple yet effective risk management technique.

What does the bow tie do? 

Bow tie analysis provides a tool to identify and map out the different components of risk including root cause, risk events, risk impacts and controls. 

Read More

09/11/2016 / Protecht News & Events, Risk Culture

COBA 2016 – Lead. Change. Grow. How does this theme apply to Protecht?

Coba_banner_Photo-462355-edited.png
Protecht was proud to provide its continuing support for the COBA conference. This year’s event was held in a somewhat wet and windy Adelaide – more about that in another article where I talk about real-life Business Continuity Planning (BCP) - but we didn’t let the weather dampen our enthusiasm. As usual, the conference provided a great environment for attendees to learn about a wide range of topics applicable to them.

Myself, Selina and Rajes met with numerous people enjoying a chat and letting them know what Protecht has been up to over the last 12 months and what the next year has in store for us… The theme of the conference “Lead. Change. Grow.” was particularly apt for us this year:

Lead: Protecht continues to be a leader in the provision of risk management services and was proud to be able to show attendees its new Bow Tie app for the iPad which is free to download and try. The app allows you to complete a Bow Tie risk analysis on your iPad or iPhone instead of a whiteboard. The Bow Tie can then be shared amongst other app users for easy editing and updating. If you didn’t get the opportunity to download the app then go to the Apple app store, search for Protecht and get started today.

Read More

31/10/2016 / Risk Culture, Risk Audit, ERM

The Risk of Gifts and Entertainment

As we approach the end of the calendar year, businesses grapple with the issue of giving and receiving gifts and entertainment to and from suppliers, customers and other stakeholders. This blog looks at the psychology of gift giving, the inherent risks in both giving and receiving gifts, and how the implementation of a ‘Gifts and Entertainment’ register can provide a defensible position if questioned about the probity of giving or receiving gifts.

The giving of gifts is ingrained across all cultures and societies. As an evolutionary trait, the act of giving a gift could be as old as humans. Individuals who generously gave would have more easily attracted a mate, and small gifts of food between members of a troop have been observed in our closest animal relatives, the chimpanzees.

Read More

13/10/2016 / Risk Culture, Risk Analytics, Business Intelligence, Risk Intelligence

The Power of Risk Data - Risk Intelligence

Many organisations that have implemented risk management systems – be they for compliance management, incident management, health and safety management, financial risk management – have failed to realise the value of the data that they collect each day, week, month, quarter and year. The reason for this is that they have not appreciated the value of that data when viewed collectively, only focusing on the data in the context in which it was collected.

While focusing on ensuring that the right data is collected correctly is an essential element in the risk management process, the real value of a good risk management system is the ability to quickly and easily consolidate, translate and display the risk data in a meaningful way so that appropriate analysis can be undertaken and business decisions made, transforming it to risk intelligence.

The real benefit of your risk management system should stem from its ability to release the power of the risk data captured and stored in the system: taking risk data and transforming it into business intelligence.
 
Read More

27/09/2016 / enterprise risk management, Risk Culture, risk maturity, Risk Manager

Successfully Implementing an Enterprise Risk Management System

5 factors of success

I was thinking about the characteristics of companies that make the decision to acquire and then successfully implement an Enterprise Risk Management software solution. Why? Well, we are in the business of providing software solutions to companies so we are always interested in understanding, why certain companies get more out of ERM solutions than others.  However, upon reflection, I think it is also important for companies on the ERM journey to reflect on these factors of success in their own decision-making process. So what are some of the factors of success?

1. Company Size – Does Size Matter?

Often company size is considered as a driver for moving to an ERM software solution. The bigger the company, the greater the need as there are more people involved in the process. Manually following up actions, treatment plans and risk assessment becomes more time-consuming and prone to errors. So generally speaking, we would expect some correlation between the number of ERM installations and size.

Read More

14/09/2016 / Risk Controls

Integrated Controls Assurance – Maximum Assurance, Minimum Effort


Controls assurance is a critical component of any robust risk management framework, providing an organisation with:

  1. Objective evidence that controls are designed and operating adequately as a basis for executive and Board signing off on the adequacy of controls over material risks.

  2. KnowIedge of control weaknesses as a basis of making improvements.

  3. Education to control owners and operators as to the objectives, workings and importance of controls that they are responsible for.

  4. A basis of assessing the adequacy of controls as part of a Risk and Controls Self Assessment process.

Controls assurance varies greatly between organisations. At the most basic level, some organisations rely on an annual or semi-annual attestation from business unit heads that all is in order. Usually this comes with no or little evidence and relies more on trust that the manager has adequate knowledge to make the attestation.

Read More

24/08/2016 / Compliance Management

What is the definition of Compliance? – Components.

Compliance Framework – Other components: 
Attestations, Breach Registers, Culture

In a previous article we wrote about the Key Components of a Compliance Framework and the importance of the Obligations Register and the relevant rules. We mentioned as well, that once the rules are understood, other processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board. 

How can we achieve this assurance?

By implementing the following components in your compliance process:

  • Attestations - Compliance questions can be created from key obligations and distributed to staff and executives for regular and periodic attestations that they are compliant with the relevant obligations or their underlying controls. (Refer Fig 1).

    The objective of these questions is twofold; firstly, to remind staff of their obligations and secondly to give comfort to Executive Management and Board that staff are being (or at least trying to be) compliant with their obligations. Attestation reporting should aggregate responses by key risks and obligations and present the trend of compliance/non-compliance over time.

    Taking this process one step further may involve providing evidence of compliance to support the attestation. This may be achieved by attaching a document or equivalent to the attestation response. 
Read More

10/08/2016 / Risk Management Training, Risk Controls

Risk Controls! Going through the motions or providing real value?


Controls to assist us managing risk have been around for thousands of years. Why – because risk has been around since the beginning of time. Our human instinct for survival has by necessity meant that we have had to try and control our environment and the risk contained therein.

Then the industrial revolution took the need for control to a new level as we placed large groups of workers together and added in a good dose of dangerous machinery and processes. As a result, we have grown to accept controls as an everyday part of our business lives. See an example of controls being implemented in our article Risk Management Controls in Tough Mudder.

Read More

15/07/2016 / Compliance Management

What is the definition of Compliance?

Key Components of a Compliance Framework – The Obligations Register

Compliance is an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.

The issue for an organisation is how to conform to these rules? This is the key objective of a compliance function. This blog provides an overview of one of the elements that need to be considered when building an optimal compliance function.

Understanding what the relevant rules are – plain English Obligation Registers

Before we can consider conforming to a rule, we need to comprehend what the rules are and what they mean. For external compliance, this necessitates having an understanding of relevant laws and regulations and how they apply to our organisation. This is typically achieved through an Obligations Register that contains information such as:

  • Act or regulation
  • Sections of relevant legislation
  • Penalties for non-compliance
  • Frequency that obligation occurs
  • Obligation owners and interested parties
  • Risk rating
  • Compliance status
Read More

24/06/2016 / Risk Management Training

Why is Risk Training important?



Their perception, attitude, risk culture, engagement, behaviour and actions, with respect to risk management, will make or break the success of your risk management framework. It is the number one ingredient for success.

Developing and maintaining the right culture requires knowledge, understanding and skills. This can be acquired in a number of ways including: life experience; work experience; informal learning and structured training. Given the maturity of risk management in most organisations is at the early stages, structured risk training is the most critical. 

Getting a consistent view through specific risk management training gets everyone on the same page.

Read More