Risk is pervasive throughout business strategies, operations, and processes. Siloed approaches to risk management leave the organization not seeing the big picture of risk. The reaction is often to centralize risk management which forces different areas of the organization into a one-size fits all risk management model that fails to adequately manage and monitor risk. Defining strategy, managing operations, and addressing organizational change requires the ability to provide meaningful risk information for decision-making for boards, executives, GRC professionals, as well as the line of business.
Benefits to attendees:
- Understand a top-down as well as a bottom-up approach to risk management
- Implement risk management in the context of business strategy, process, and operations
- Explore different risk management architecture models and how they apply to your organization
- Discover various risk management techniques and how they apply to your business
- Develop a risk information architecture that aligns with business operations and processes
- Effectively communicate risk across your organizations
As business becomes increasingly complex in a changing business and risk environment – that struggles with growing regulations, globalization, and distributed operations – organizations need a blueprint for effective, efficient and agile risk management. This requires organizations to design risk management into the organization as an integrated part of strategy and operations supported by an integrated risk information architecture that allows organizations to have a 360° situational awareness of risk in the context of business strategy and operations.
This workshop aims to provide a blueprint for attendees on effective risk management strategies in a dynamic business and risk environment. Attendees will learn risk management strategies and techniques that can be applied to enterprise and operational risk management strategies as well as departmental focused risk initiatives. Learning is done through lectures, collaboration with peers, and workshop tasks.
Attendees will take back to their organization approaches to address:
- Risk Management Strategy. Understand risk in the context of business performance, strategy, objectives as well as its culture and values.
- Risk Management Processes. Flowing from the strategy are the risk management processes integrated into the organization and how it operates. Good risk management is done in the rhythm of the business.
- Risk Management Information Architecture. Defining an information architecture that enables risk strategy and processes by providing 360° situational awareness of risk in the context of business strategy and operations
- Risk Management Technology Architecture. The necessary technology components needed to bring together diverse and distributed risk management roles and integrate risk management into the culture and operations of the organization.
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Part 1: What is Risk?
Understanding Risk in the Context of the Organization
- Different views of risk throughout the organization
- Who owns risk?
- Understanding risk and its role in business strategy, objectives, performances, and operations
Part 2: Federated Risk Management
Blueprint for Risk Management Collaboration and Strategy
- Developing a risk committee (or herding cats), bringing together the range of risk roles in the organization
- Defining a risk management charter
- Developing a collaborative and enterprise view of risk
Part 3: Risk Management Process Lifecycle
Integrated Processes to Identify, Analyze, Manage, and Communicate Risk
- Risk identification – Collaborative process to identify risk from both the bottom and the top
- Risk analysis – Understanding and contrasting risk assessment & analysis techniques
- Risk management – Strategies to mitigate and reduce risk
- Risk communication – Assign and manage risk ownership and accountability
Part 4: Risk Management Information & Technology Architecture
Providing an Integrated View of Risk to the Enterprise Without Losing Value to the Department
- Developing a risk taxonomy and attributes of risk and risk ranking
- Addressing risk normalization and aggregation for enterprise risk reporting
- Monitoring risk in a changing environment
- Technology capabilities and considerations to support risk management
Sword GRC is an ERM solution provider to drive business performance by increasing an organization’s risk-bearing capacity. Where others turn risk management into an overly complex task, the Sword GRC approach is built on a six-step process that reduces complexity and builds value. The Sword GRC solution was the first web-based risk management solution in the industry. Today, Sword GRC customers benefit from more than 25 years of focused development, Enterprise Risk Management experience, and strong industry relationships