Risk Management Insights

I want to join the BLOG

10/03/2017 / Enterprise Risk Management, Risk Culture, Risk Management

How to Achieve your Risk Management Goals

TEN KEYS to Risk Management Success 

Having worked with many clients over the years in implementing, maintaining and developing their risk management systems you learn what works and, on the other hand, what does not.

The following are my top TEN KEYS to success – get these right and you will have a risk management function that is seen as critical as any other management function in the value it adds.

1. Keep it Simple

With any developing discipline, there is a tendency to invent new words and use big words that sound smart but no one understands. Risk management is no exception with a myriad of fancy words and acronyms. 

Read More

09/02/2017 / Enterprise Risk Management, Risk Culture, Risk Manager

Our Top 5 Risk Management blogs in 2016

It is already February 2017. The year certainly feels like it is flying by. We are glad to see that our Risk Management Insights Blog continues to be read by thousands of professionals such as you, from all around the world. We all seem to receive a lot of information every day from many different sources. So to ensure that you didn't missed out on some of the articles that we have shared, we thought we would recap on some of our articles from 2016.

So we have made a selection of the '2016 Top five most read blogs'. We hope you enjoy the content and if you have not subscribed yet, just click here to receive the next articles directly in your Inbox. Enjoy.

1. What does it take to be a Risk Manager?

What are the key skills and characteristics needed to be successful in this role? Here is my list:

  • Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.
  • At the same time, the risk manager needs to be logical, analytical, problem-solving and exhibit a high degree of common sense.
  • The risk manager must be commercially astute and demonstrate a high degree of business acumen. Read more.

Operational Risk Management and the wider defined Enterprise Risk Management are often touted as a new concept. While the methodologies and processes employed may have been enhanced in the recent past, risk management is hardly new. Humans, arising from the instinct for survival, have been using and developing risk management techniques from the beginning of time. Continue reading here.

Read More

26/01/2017 / Enterprise Risk Management, Inherent & Residual Risk, Risk Controls

Inherent Risk – Is it useful?

The ISO 31000:2009 standard does not refer to “inherent” risk. Is this a deliberate omission and if so, what is the reason? This leads to the question as to whether inherent risk is a useful concept in risk management and risk assessment. The main areas of contention are:

What does Inherent Risk mean?

There are few common definitions in risk but “Inherent risk” is commonly defined as “the risk without considering internal controls” or alternatively “a raw risk that has no mitigation factors or treatments applied to it”. Residual Risk on the other hand is commonly defined as “the level of risk remaining after controls have been applied”. 

Read More

06/01/2017 / Enterprise Risk Management, Risk Culture, ERM, Operational Risk, Risk Manager

Changing the Risk Conversation

Three Key Questions

Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?

One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'

Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.

Read More

06/12/2016 / Enterprise Risk Management, ERM, Risk in Motion

Enterprise Risk Management - Connecting the Dots

Connecting the dots (in this case, the risks).

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Roll forward to 2016 and there are even more dots to connect. Over the last 5 years we have seen our clients rapidly build and deploy the following additional web-based forms to capture, workflow and report on risk related information pertaining to:

  • Fraud
  • Supplier due diligence
  • Conflicts of interest
  • Internal audit findings
  • Complaints
  • Compliance breaches
  • Business continuity plans and tests
  • Conflicts of interest
  • New products evaluation
  • Ex gratia payments
  • Policy management
Read More

27/09/2016 / Enterprise Risk Management, Risk Culture, Risk Maturity, Risk Manager

Successfully Implementing an Enterprise Risk Management System

5 factors of success

I was thinking about the characteristics of companies that make the decision to acquire and then successfully implement an Enterprise Risk Management software solution. Why? Well, we are in the business of providing software solutions to companies so we are always interested in understanding, why certain companies get more out of ERM solutions than others.  However, upon reflection, I think it is also important for companies on the ERM journey to reflect on these factors of success in their own decision-making process. So what are some of the factors of success?

1. Company Size – Does Size Matter?

Often company size is considered as a driver for moving to an ERM software solution. The bigger the company, the greater the need as there are more people involved in the process. Manually following up actions, treatment plans and risk assessment becomes more time-consuming and prone to errors. So generally speaking, we would expect some correlation between the number of ERM installations and size.

Read More

09/06/2016 / Enterprise Risk Management, Risk Audit, ERM, Risk Maturity

ATO implements Protecht's Enterprise Risk Management System

NOT SUCH A TAXING TIME

Some months ago Protecht was delighted that Protecht.ERM was selected by the ATO as the ATO’s corporate-wide risk and governance system. After just a short time, under the guidance of Jodie Thomas, Executive Director, ATO Corporate and the ATO project implementation team, the ATO is already recognising some of the immense benefits that Protecht.ERM is capable of delivering.

Read More

20/05/2016 / Enterprise Risk Management, Risk Management, Risk Appetite

When to Invite 'Good' Risk

 BLOG_Interview_pic_NBC_2-534307-edited.jpg

During this month we have been talking about Risk Management and Risk Appetite. NSW Business Chamber also interviewed Our CEO Alf Esteban on the value of risk management to organisations - regardless of size. We wanted to share this article with you; we hope you find it useful:

Don't just tick the box of risk management - think outside it.
It's where real value lies.

As kids we’re taught to avoid risk but embracing it may be the best thing you can do for your business.

Risk management is a day-to-day part of running a business, but many organisations are failing to manage their risk effectively, resulting in reduced productivity and even profitability. 

Look through negative perceptions

“There is a perception that all risk is bad in business and that ‘managing’ it is just about compliance,” says Alf Esteban, Chief Executive Officer of risk management company Protecht. “Consequently many businesses look at it as something they have to do, a box they have to tick, without seeing the value of it.”

In fact, placing a higher value on risk management is one of the best things you can do to ensure your business flourishes. 
Read More

03/03/2016 / Enterprise Risk Management, Risk and Control Self Assessment, Operational Risk

Operational Risk Management 3 – Risk and Controls Self Assessment applied in a Business Context

Operational Risk Management

This is the third blog in this Operational Risk Management series. In the first article, I explained the incredible KRI system we all have via our five senses. In the second blog, I discussed the application of the Risk and Control Self Assessment (RCSA) in our personal lives using the example of the annual medical check-up. The seven key steps of the RCSA process were set out as part of this example. 

In this blog, we will see how the RCSA works in a business context by applying it to a business process. I will use the process of managing employee expense claims, their payment, processing and recording, a process we can all appreciate from one perspective or another. This example is deliberately at a granular level to illustrate the principles. The same concepts should be used at any level of the organisation using the appropriate level of granularity. This means that the volume of information should be similar for any risk assessment carried out.

Read More

24/02/2016 / Enterprise Risk Management, Risk and Control Self Assessment, Operational Risk

Operational Risk Management 2 – Learning from yourself as an expert already!

Risk-_Controls_Self_Assesment.jpg

My last blog highlighted the extensive use of KRIs (Key Risk Indicators) in our personal lives and the incredible KRI system we all have via our five senses. This blog focusses on the Risk and Control Self Assessment process. Again, the expertise we have in our personal lives provides excellent guidance as to how a good RCSA should be carried out in our businesses and the value add of the RCSA process when done well.

In our personal lives, risk assessments are sometimes performed formally, such as for your motor vehicle’s annual service. Other times, however, they are performed informally, from checking the risks and controls relating to your swimming pool to assessing the risks of your house when your first child is born.

Read More