historically served risk management are now straining under the weight of a
global economy in which change is a constant and information travels at the
speed of light. Companies are increasingly putting into place an enterprise-
level methodology for thinking about risk.
Such an approach provides a framework for analyzing and managing risks in
the context of corporate strategy and performance, for gaining an under-
standing of the true exposures relating from risk correlation, and for com-
plete transparency so that risks can be effectively managed at the right
time. By agreeing on a common vocabulary, a unified catalog of risk types, a
common methodology for assessing the probability of risks occurring and
a formal remediation or response methodology, companies can take a more
strategic view of their risks, and risk can become a driver of the business to
help enable performance and innovation.
Without the help of a system that can help you automate monitoring of risks,
however, even a common methodology and a risk-aware culture won’t really
help you protect your brand value, let alone create value. If the market finds
out about loss events before or at the same time that you do, and that news
is published through the media, it’s already too late. Risk management today
needs to provide automated monitoring of key risk indicators as soon as cer-
tain thresholds are reached so that relevant risk information is constantly
being identified, analyzed, and managed before the risks become loss events
and negatively impact the business.
With this type of automated risk monitoring, different scenarios can be mod-
eled for future projects or products and these scenarios can be effectively
risk-adjusted and managed, supporting intelligent choices about strategic
directions. For example, if a salesperson enters a large quote, there is a risk
that the sale won’t close (and an even bigger risk if we are counting too much
on the success of that sale). With automated risk monitoring, that large quote
can trigger an e-mail to the salesperson with a few questions to help charac-
terize the risks associated with the deal. In this way, risks can be collected
and updated as part of standard operating procedure, rather than relying on
someone to get around to updating their risks.
A cultural approach
In a cultural approach, all of the people thinking about risk some of the time.
Face it: line of business managers and their teams have the best view of the
risks in their particular areas. Creating a culture in which risks are reported,
managed, and monitored by each of the business units is powerful, particularly
if reporting is easy to do. The responsibility for managing risks — because they
have a direct impact on business performance — must stay with the line of
business.
46 Part I: Governance, Risk, and Compliance Demystified
