Black swans - unlikely, unexpected events that change paradigms - justify investment in ERM but now there is even greater justification with the advent of black elephants - looming disasters that are visible but no one wants to address or deal with them. History teaches us the importance of building resilient organizations comprised of people that are self-confident, believe in each other, and feel a sense of responsibility to control their collective fate for the better.
In the age of pandemics, cyber crime, and other black elephant type risks, getting senior leadership to increase their involvement and commitment to ensure that ERM becomes integrated into all organizational activities is more important than ever. We start this article series by looking at the difference that good leadership makes in determining whether their organizations build the necessary infrastructure to pursue opportunities and absorb the shocks of doing business in an increasingly intertwined and interdependent world.
Part I of this article provided an overview of the results of the 2019 risk management survey conducted by The Risk Institute at The Ohio State University’s Fisher College of Business. Part II of this article focuses on the role of leadership and the integration of risk management throughout the enterprise, including day-to-day decision-making.
The State of Enterprise Risk Management in the USA (Part I): Building Internal Risk Management Capacity Through Outsourcing
Part I of this article by Phil Renaud shares leading research from more than 500 risk management practitioners across a broad cross-section of industries.
Boards have broad duties that they owe to their company including corporate governance and overseeing risk management.
Boards are responsible for ensuring that the company has established risk management programs appropriate for the material risks facing the company and for overseeing how company management implements those programs. Boards have recognized their responsibility for overseeing the management of credit risk, liquidity risk, and operational risk. Addressing cybersecurity risks should be included as one of those responsibilities. Boards that ignore, or minimize, the importance of cybersecurity risks are not doing their job. As many IT professionals advise, it’s not a matter of “if” a company will face a cybersecurity breach, but “when.”
There has been a 20.5% increase in data breaches this year compared to last year according to a recent report from the Identity Theft Resource Center. The business sector, with 33.5% of the breaches, represents approximately 60% of the compromised records. In light of the recent data breaches reported by Ebay, Target, Adobe and Wyndham, among others, corporate boards are making cyber threats a board-level issue. Boards should evaluate their company’s cyber risks and ask:
Enterprise Risk Management: A Primer for Business Leaders – Part IX (The Role of Senior Leadership in ERM)
Released in 2009 as the first global standard for ERM, ISO 31000 was revised in 2018. In this section, we focus on the reasons for the revision, including the most important one: an appeal to senior leadership to increase their involvement and commitment to ensure that ERM becomes integrated into all organizational activities, including day-to-day decision-making and everyday behavior.
What types of commercial insurance apply to COVID-19 losses? This article explains what types of policies should be collected and reviewed for potential coverage.
ERM in the Age of Pandemics: History Lessons for Business Leaders – Part VIII (Creating the First Version of ISO 31000 from 2004 to 2009)
During the period of 2004 to 2009, the Australian-New Zealand standard for enterprise risk management (AS/NZS 4360) was converted to a global ERM standard known as ISO 31000. In this section, we take a closer look at this five-year period that would propel ISO 31000 into becoming the most well-known standard for creating and implementing an ERM framework within organizations.
Lori Siwik and Mark Siwik are the founders of SandRun Risk. They apply the principles of vertical leadership and lean six sigma to the discipline of risk management. From time to time they share their blog with guest authors who write about important risk management principles.