by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Spring 2012
32 GRC Professional • Spring 2012 VIEWPOINT Top level managers will need to move from business units assessing and managing risk independently to risk being viewed and managed as an organisation-wide activity. So many times while implementing our riskcloud.NET system we have seen the health and safety department manage and assess risk completely differently to the finance department. Although business units may function in isolation, risks certainly don't. A health and safety risk, for example, can quickly grow into a financial risk; a privacy risk can evolve into a reputational risk. Without an integrated approach to enterprise risk management (ERM) an organisation will never achieve optimum results. Moving away from a siloed view of risk to an "enterprise" view is the holy-grail of ERM. What do you see as the main challenges facing enterprise risk management in the next 12 months? GEORGE PANTAZIS, PRINCIPAL CONSULTANT, PAN SOFTWARE As risk managers, we have become adept at building "robust yet fragile" management systems. "Robust" because we are rigorous in identifying, assessing and managing known, predictable risks for our organisations. "Fragile" because our risk management processes do not seem particularly suited to dealing with the unknown, unpredictable risks. "Robust" because we apply quantifiable assessment processes and models around risk management activity. "Fragile" because we fail to understand that often the underlying assumptions for these processes and models are discretionary, subjective and may not hold true in a shifting business environment. Top level managers should focus on how to redefine the role of risk management from not only building robust and comprehensive risk management systems, but also to building resilience within the organisation that will enable it to cope with changing, and often threatening, business environments. This requires new skill sets and ways of thinking not only for the risk managers but also for the organisations. These new skill sets include ensuring greater connectivity with external and internal environments to monitor trends and future patterns that might create risk for the organisation, facilitating rapid organisational adaptation to the new risks by encouraging more creative and innovative thinking and activities and, finally, understanding how to identify and implement appropriate change interventions to manage the new risks. This is what top-level managers should focus on over the next 12 months. The key question is will they? Or will they continue to follow the more traditional paths of risk management and fail to manage the biggest risk that all organisations face -- perpetually changing and difficult business environments. ••• LUCIENNE LAYTON PRINCIPAL CONSULTANT GRC CONNECTION PTY LTD Although business units may function in isolation, risks certainly don't. Top level managers should focus on how to redefine the role of risk management. ' INDUSTRY LEADERS SHARE THEIR VIEWS
GRC Winter 2012
GRC Summer 2013