<iframe src="//www.googletagmanager.com/ns.html?id=GTM-52FKDF" height="0" width="0" style="display:none;visibility:hidden">

Risk Management Insights

I want to join the BLOG

25/04/2017 / Risk Management, Performance Management, Risk and Reward

Opportunity risk management

Writing blogs in risk management is risky. It has a potential upside and a downside.  On the upside, the hope is that the blog adds to the development of risk management thinking and at the least promotes discussion on ideas that could lead to improvements in this great discipline. On the downside, it opens oneself up to criticism, usually relating to the view that we are overcomplicating things and/or not being technically correct. 

I for one, think the risk is worth taking as I believe the upside outweighs the downside and by and large positive and/or constructive feedback outweighs any negative and or destructive comments.

Read More

23/03/2017 / Risk Management Training, Inherent & Residual Risk

Risk Appetite - Inherent and Residual?

 The case for setting both an Inherent and Residual Risk Appetite

In the last two blogs, Inherent Risk - It is useful? and Expected and Targeted risks, I discussed the potential value of assessing inherent, residual, expected and targeted risks. In this article, I go one stage further and discuss the potential relevance and value of setting both an inherent and residual risk appetite. 

The instigator that prompted me to consider this topic came from a board risk appetite setting session I conducted a short time ago. It was clear that the board was not going to agree on the levels of risk appetite for certain risks as their views were quite diverse.

At one extreme, one director wanted to set high appetites, especially for strategic risk, while another more conservative director was very uncomfortable with this and wished to set much lower appetites.  Listening to the conversations it becomes clear that the discussion was at cross purposes.

Read More

16/03/2017 / Protecht News & Events, Risk Culture, Risk Management, Risk Management Training

Risk and Compliance Management Journey.

A personal story

Behind every hard-working professional there is always a personal story to tell and one of the best ways of learning is listening, talking and sharing those stories and those personal points of view. A key philosophy at Protecht is to listen and learn from professionals across all lines of business.

I was recently invited to present the Governance Institute Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for a number of years. The award recipients generally don't have a background in risk and compliance management, with many coming from legal or accounting professions.

Read More

23/02/2017 / Risk Management, Risk and Control Self Assessment, risk maturity, Risk Controls

Expected and Targeted Risks

Are they useful?

Residual risk, the risk after considering existing controls, is universally accepted as important to assess in the risk assessment process. 

In a previous blog article,  we questioned whether inherent risk was useful. We concluded on balance that it can be a useful concept to recognise and assess. Inherent risk is useful in providing assistance when assessing the importance of controls and helping in the understanding of stress test scenarios.

This blog takes the next step and explores whether “Expected” and “Targeted” risk are useful. 

Read More

09/02/2017 / Enterprise Risk Management, Risk Culture, Risk Manager

Our Top 5 Risk Management blogs in 2016

It is already February 2017. The year certainly feels like it is flying by. We are glad to see that our Risk Management Insights Blog continues to be read by thousands of professionals such as you, from all around the world. We all seem to receive a lot of information every day from many different sources. So to ensure that you didn't missed out on some of the articles that we have shared, we thought we would recap on some of our articles from 2016.

So we have made a selection of the '2016 Top five most read blogs'. We hope you enjoy the content and if you have not subscribed yet, just click here to receive the next articles directly in your Inbox. Enjoy.

1. What does it take to be a Risk Manager?

What are the key skills and characteristics needed to be successful in this role? Here is my list:

  • Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.
  • At the same time, the risk manager needs to be logical, analytical, problem-solving and exhibit a high degree of common sense.
  • The risk manager must be commercially astute and demonstrate a high degree of business acumen. Read more.

Operational Risk Management and the wider defined Enterprise Risk Management are often touted as a new concept. While the methodologies and processes employed may have been enhanced in the recent past, risk management is hardly new. Humans, arising from the instinct for survival, have been using and developing risk management techniques from the beginning of time. Continue reading here.

Read More

26/01/2017 / Enterprise Risk Management, Inherent & Residual Risk, Risk Controls

Inherent Risk – Is it useful?

The ISO 31000:2009 standard does not refer to “inherent” risk. Is this a deliberate omission and if so, what is the reason? This leads to the question as to whether inherent risk is a useful concept in risk management and risk assessment. The main areas of contention are:

What does Inherent Risk mean?

There are few common definitions in risk but “Inherent risk” is commonly defined as “the risk without considering internal controls” or alternatively “a raw risk that has no mitigation factors or treatments applied to it”. Residual Risk on the other hand is commonly defined as “the level of risk remaining after controls have been applied”. 

Read More

06/01/2017 / Enterprise Risk Management, Risk Culture, ERM, Operational Risk, Risk Manager

Changing the Risk Conversation

Three Key Questions

Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?

One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'

Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.

Read More

16/12/2016 / Protecht News & Events, Risk Culture, Risk Management

2016 - The Year That Was

2016 Done and Dusted

Over the last three weeks we have had Christmas parties in Melbourne and Sydney for our clients, as well as our staff Christmas event. (Check out more photos at the end of the post.) Needless to say, we are all looking forward to some downtime leading into the New Year.

Read More

06/12/2016 / Enterprise Risk Management, ERM, Risk in Motion

Enterprise Risk Management - Connecting the Dots

Connecting the dots (in this case, the risks).

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Roll forward to 2016 and there are even more dots to connect. Over the last 5 years we have seen our clients rapidly build and deploy the following additional web-based forms to capture, workflow and report on risk related information pertaining to:

  • Fraud
  • Supplier due diligence
  • Conflicts of interest
  • Internal audit findings
  • Complaints
  • Compliance breaches
  • Business continuity plans and tests
  • Conflicts of interest
  • New products evaluation
  • Ex gratia payments
  • Policy management
Read More

22/11/2016 / Bow Tie Analysis, Risk Management, ERM, KRIs

Effective Risk Management Tool: Bow Tie

Protecht loves Bow Ties, both formal and informal!  Bow Tie analysis has been around for longer than you might think. 

While some industries including oil, gas and mining have been using the bow tie consistently for years, at a broader level it appears that other industries, such as financial services, are also now realising the value of this simple yet effective risk management technique.

What does the bow tie do? 

Bow tie analysis provides a tool to identify and map out the different components of risk including root cause, risk events, risk impacts and controls. 

Read More