Value Achieved in Risk Management
[tabs style=”default”] [tab title=”Executive Summary”]
Organizations take risks all the time but fail to monitor and manage risk effectively, particularly in understanding incidents that have occurred and how this impacts risk analysis. Organizations need to understand how to monitor risk and incidents, whether they are taking the right risks, and whether risk is managed effectively to mitigate future incidents. Managing risk effectively requires multiple inputs and methods of modeling and analyzing risk. This requires information gathering, risk intelligence, so the organization has a full perspective and can make better business decisions. Mature risk management is built on an information architecture that can show the relationship between risks, incidents, objectives, and controls. This is done through a common information and technology architecture to support overall risk management activities. Winona Health is a case in point. Winona Health is a nonprofit healthcare provider that aims to improve the health and well-being of the community and the patients it serves. Enterprise risk management was a strategic direction for Winona Health and they were visionary in seeing that incident management needed to be an integrated and foundational part of risk management. To address this particular challenge of risk and incident management, Winona Health evaluated solutions available on the market and chose LogicManager to be their platform for managing risks and incidents in an integrated platform.
[/tab] [tab title=”Table of Contents”]
- The Interrelationship of Risk and Incidents
- Winona Health: Value Achieved in Risk Management
- The Challenge Winona Health Faced
- Solution to Winona Health’s Problem
- Winona Health Achieved Value in Efficiency, Effectiveness, and Agility
- GRC Efficiency Value
- GRC Effectiveness Value
- GRC Agility Value
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.