Risk Management by Design
A Federated & Connected Approach to Risk Management
Organizations are best served to take a federated approach to risk management that allows different projects, processes, and departments to have their own view of risk. This can then roll into enterprise and operational risk management and reporting that supports business objectives while being integrated with decision-making processes. This can be done through a common risk management strategy, process, information, and technology architecture that supports overall risk management activities from the process level up through an enterprise view. Organizations need to clearly understand the breadth and depth of their risk management strategy and process requirements, and from there select the right information and technology architecture that is agile and flexible to meet the range of risk management needs for today, and into tomorrow. The primary directive of a mature risk management program is to deliver effectiveness, efficiency, and agility to the business. This is in the context of managing the breadth of risks of organizational performance, objectives, and strategy. This requires a strategy that connects the enterprise, business units, processes, transactions, and information to enable transparency, discipline, and control of the ecosystem of risks across the extended enterprise.
- Monitoring and Managing Risk Effectively
- Challenges to Boards, Executives, and Risk Management Professionals
- Understanding the Interrelationship of Risk and its Impact
- Providing 360° Contextual Awareness of Risk
- The Risk Central Nervous System
- Risk Management by Design
- Different Approaches Organizations Take in Managing Risk
- Risk Management Strategic Plan
- Risk Management Architecture
- Risk Management Process Architecture
- Risk Management Information & Technology Architecture
- GRC 20/20’s Final Perspective
- Growing in Risk Management Maturity
- About GRC 20/20 Research, LLC
- Research Methodology
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.[/vc_column_text][/vc_column][/vc_row]