French CaldwellDoes your company do an annual risk assessment? What happens afterward — is there ongoing monitoring and management of risks throughout the year? Or is the assessment just an exercise to review last year’s risk assessment and update it for this year’s?
Very few enterprises truly evaluate their risks — rather they take a list of risks common to their industry and just have a tabletop discussion once a year or once a quarter. However regulators are pushing companies to get more serious in their risk management programs.
In talking with clients, I’ve come up with five characteristics of a good enterprise risk management program:
- Risks are derived from business goals and objectives
- A framework guides a common approach across the enterprise
- Risks, including IT risks, are communicated in terms of their impact on the business
- There is operational support for risk management and accountable ownership of risks
- There is a business process approach to risk management technology
Comments Off
Category: Uncategorized Tags:
