Part I of this article provided an overview of the results of the 2019 risk management survey conducted by The Risk Institute at The Ohio State University’s Fisher College of Business. Part II of this article focuses on the role of leadership and the integration of risk management throughout the enterprise, including day-to-day decision-making.
The State of Enterprise Risk Management in the USA (Part I): Building Internal Risk Management Capacity Through Outsourcing
Part I of this article by Phil Renaud shares leading research from more than 500 risk management practitioners across a broad cross-section of industries.
Boards have broad duties that they owe to their company including corporate governance and overseeing risk management.
Boards are responsible for ensuring that the company has established risk management programs appropriate for the material risks facing the company and for overseeing how company management implements those programs. Boards have recognized their responsibility for overseeing the management of credit risk, liquidity risk, and operational risk. Addressing cybersecurity risks should be included as one of those responsibilities. Boards that ignore, or minimize, the importance of cybersecurity risks are not doing their job. As many IT professionals advise, it’s not a matter of “if” a company will face a cybersecurity breach, but “when.”
There has been a 20.5% increase in data breaches this year compared to last year according to a recent report from the Identity Theft Resource Center. The business sector, with 33.5% of the breaches, represents approximately 60% of the compromised records. In light of the recent data breaches reported by Ebay, Target, Adobe and Wyndham, among others, corporate boards are making cyber threats a board-level issue. Boards should evaluate their company’s cyber risks and ask:
Enterprise Risk Management: A Primer for Business Leaders – Part IX (The Role of Senior Leadership in ERM)
Released in 2009 as the first global standard for ERM, ISO 31000 was revised in 2018. In this section, we focus on the reasons for the revision, including the most important one: an appeal to senior leadership to increase their involvement and commitment to ensure that ERM becomes integrated into all organizational activities, including day-to-day decision-making and everyday behavior.
What types of commercial insurance apply to COVID-19 losses? This article explains what types of policies should be collected and reviewed for potential coverage.
ERM in the Age of Pandemics: History Lessons for Business Leaders – Part VIII (Creating the First Version of ISO 31000 from 2004 to 2009)
During the period of 2004 to 2009, the Australian-New Zealand standard for enterprise risk management (AS/NZS 4360) was converted to a global ERM standard known as ISO 31000. In this section, we take a closer look at this five-year period that would propel ISO 31000 into becoming the most well-known standard for creating and implementing an ERM framework within organizations.
In light of the COVID-19 crisis, we are postponing publication of Part III of our conversation with Kevin Knight on the history of ISO 31000 and ERM in order to bring you this important guest essay by Matt Warnock and Sommer Sheely, attorneys with Bricker & Eckler, who discuss the application of force majeure to business disruptions caused by the pandemic.
Part III of our Conversation with Kevin Knight tells the story of how the Australian/New Zealand standard for enterprise risk management became an international standard known as ISO 31000.
ERM in the Age of Pandemics: History Lessons for Business Leaders – Part VII (The Transition to ISO 31000 Begins With Vocabulary)
Long before the COVID-19 pandemic, the field of standardization worked to develop a useable framework to help organizations manage risk and uncertainty in a holistic way. This article traces the conversion of AS/NZS 4360 to ISO 31000 which began in the late 1990s with an interim step to build a basic vocabulary of terms associated with managing risk.
Lori Siwik and Mark Siwik are the founders of SandRun Risk. They apply the principles of vertical leadership and lean six sigma to the discipline of risk management. From time to time they share their blog with guest authors who write about important risk management principles.