Risk is pervasive throughout business strategies, operations, and processes. Siloed approaches to risk management leave the organization not seeing the big picture of risk. The reaction is often to centralize risk management which forces different areas of the organization into a one-size-fits-all risk management model that fails to adequately manage and monitor risk. Defining strategy, managing operations, and addressing organizational change requires the ability to provide meaningful risk information for decision-making for boards, executives, GRC professionals, as well as the line of business.
Benefits to attendees:
Understand a top-down as well as a bottom-up approach to risk management
Implement risk management in the context of business strategy, process, and operations
Explore different risk management architecture models and how they apply to your organization
Discover various risk management techniques and how they apply to your business
Develop a risk information architecture that aligns with business operations and processes
Effectively communicate risk across your organizations
As business becomes increasingly complex in a changing business and risk environment – that struggles with growing regulations, globalization, and distributed operations – organizations need a blueprint for effective, efficient, and agile risk management. This requires organizations to design risk management into the organization as an integrated part of strategy and operations supported by an integrated risk information architecture that allows organizations to have a 360° situational awareness of risk in the context of business strategy and operations.
This workshop aims to provide a blueprint for attendees on effective risk management strategies in a dynamic business and risk environment. Attendees will learn risk management strategies and techniques that can be applied to enterprise and operational risk management strategies as well as departmental-focused risk initiatives. Learning is done through lectures, collaboration with peers, and workshop tasks.
Attendees will take back to their organization approaches to address:
Risk Management Strategy. Understand risk in the context of business performance, strategy, objectives as well as its culture and values.
Risk Management Processes. Flowing from the strategy are the risk management processes integrated into the organization and how it operates. Good risk management is done in the rhythm of the business.
Risk Management Information Architecture. Defining an information architecture that enables risk strategy and processes by providing 360° situational awareness of risk in the context of business strategy and operations
Risk Management Technology Architecture. The necessary technology components needed to bring together diverse and distributed risk management roles and integrate risk management into the culture and operations of the organization.
Part 1: What is Risk?
Understanding Risk in the Context of the Organization
Different views of risk throughout the organization
Who owns risk?
Understanding risk and its role in business strategy, objectives, performances, and operations
Part 2: Federated Risk Management
Blueprint for Risk Management Collaboration and Strategy
Developing a risk committee (or herding cats), bringing together the range of risk roles in the organization
Defining a risk management charter
Developing a collaborative and enterprise view of risk
Part 3: Risk Management Process Lifecycle
Integrated Processes to Identify, Analyze, Manage, and Communicate Risk
Risk identification – Collaborative process to identify risk from both the bottom and the top
Risk management – Strategies to mitigate and reduce risk
Risk communication – Assign and manage risk ownership and accountability
Part 4: Risk Management Information & Technology Architecture
Providing an Integrated View of Risk to the Enterprise Without Losing Value to the Department
Developing a risk taxonomy and attributes of risk and risk ranking
Addressing risk normalization and aggregation for enterprise risk reporting
Monitoring risk in a changing environment
Technology capabilities and considerations to support risk management
The GRC 20/20 Workshop Teacher & Facilitator
GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Workshop Host and Sponsor
Sword GRC is an ERM solution provider to drive business performance by increasing an organization’s risk-bearing capacity. Where others turn risk management into an overly complex task, the Sword GRC approach is built on a six-step process that reduces complexity and builds value. The Sword GRC solution was the first web-based risk management solution in the industry. Today, Sword GRC customers benefit from more than 25 years of focused development, Enterprise Risk Management experience, and strong industry relationships.