Fusion Risk Management Introduces Generative AI-powered Assistant to Help Businesses Build Resilience
Maturity Level 0: Building a Risk Management Program
Posted on: August 26, 2020 Author:
Many companies find themselves facing the daunting task of building a risk management program from scratch with little to no knowledge of how to begin. Maybe this was brought on by pressure from shareholders or clients, misalignment with industry status quo, a board of director mandate, or an event that shook the organization and brought to light a critical gap. Every company strives to be proactive, integrated, informed, and resilient … but how does one get there if today the organization is reactive, stale, siloed, unprepared, and vulnerable?
It may seem pedestrian, but determining your approach in the context of why, who, what, and how ensures all bases are covered.
Understand your company’s motivation to implement risk management – WHY…
…are we focusing on risk management now?
…should the company dedicate resources to this effort?
…are shareholders, clients, customers, executives, and board members concerned about the company’s risk profile?
A clear vision and agreed upon objectives are essential to the success of any program. If the foundation is not sound and does not resonate, the program will flounder and stagnate. Documenting the reason for action and the value to be gained will ensure downstream support and impact.
Establish a governance model and supporting resources – WHO…
…will sponsor, lead, and champion the program?
…will provide the resource support to execute the program?
…will be the decision makers?
…will ensure program objectives are met?
…will ultimately be responsible for the success of the program?
Integrated risk management requires agreement, support, and input from across the organization. Establishing this model first and foremost and cultivating the culture of governance and collaboration throughout the program’s lifecycle will enable the program to make a true impact.
Determine the information to be collected and analyzed – WHAT…
…is the company trying to understand?
…do we need to know to make decisions?
…information is already accessible?
…does leadership care about?
Making informed decisions is the goal. To do that, understanding the universe of data within your organization and identifying the gaps that exist ultimately lands you with the picture of what needs to be collected and analyzed.
Determine the means to enable your program – HOW…
…do we gather the right information?
…can the company use resources wisely?
…can we utilize subject matter knowledge?
…should we leverage technology?
The appropriate methodology and process will support the collection of relevant information. However, standing up the program from a tactical perspective can be quite challenging. There are many areas in risk management to explore such as information risk management, but following the below makes it manageable:
Define the context through which risk management activities will be performed, such as by business or functional unit, legal or geographical area, etc.
Agree upon foundational taxonomies, beginning with process, risk, and control hierarchies to ensure aggregation consistency and comparable reporting/dash boarding
Execute foundational risk management activities, including risk and control identification, assessments, and analysis
As the information foundation begins to form, companies can consider where to grow into after. Areas of ongoing monitoring such as key risk indicators, control framework mapping, and control testing and attestations are next to explore.
Cookie Authorization Preferences
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!