To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is not a simple equation of 1 + 1 = 2. It is a mesh of exponential relationship and impact in which 1 + 1 = 3, 30, or 300. What seems like a small disruption or exposure may have a massive effect or no effect at all. In a linear system, effect is proportional with cause, in the non-linear world of business, risk is exponential. Business is chaos theory realized. The small flutter of risk exposure can bring down the organization. If we fail to see the interconnections of risk on the non-linear world of business, the result is often exponential to unpredictable.
Risk management processes are used to manage and monitor the ever-changing risk environments as a part of overall business processes, transactions, and systems. This requires that organizations have a risk management function that brings together risk management and business processes with an integrated risk management information architecture with embedded business intelligence and analytics.
An enterprise risk management program needs a structural design of risk management processes, including their components of inputs, processing, and outputs. This inventories and describes risk management processes, each process’s components and interactions, and how risk management processes work together in context of other enterprise processes.
Effective risk management processes deliver . . .
[GRC 20/20’s, Michael Rasmussen, is the author of this blog as a guest blogger at the following link]