Business Transformation Requires Transformational Leaders
Leadership and teaming skills are front and center in times of rapid change. Meet today’s constant disruption head on with expert guidance in leadership, business strategy, transformation, and innovation. Whether the disruption du jour is a digitally-driven upending of traditional business models, the pandemic-driven end to business as usual, or the change-driven challenge of staffing that meets your transformation plans—you’ll be prepared with cutting edge techniques and expert knowledge that enable strategic leadership.
Recently Published
In Part I of this Executive Update series, we looked at the barriers to and possible benefits of collaboration. I examined the "four pillars of collaboration," which provide a foundation that supports collaboration and collaborative structures.
"So the question remains on the table: is ERM unfixable, or can something be done to make it live up to its promise as an effective and relevant business practice?"
-- Robert N. Charette and Brian Hagen, Guest Editors
GETTING IN ON THE GROUND FLOOR
Enterprise risk management (ERM) can be viewed as a framework that consumes, aggregates, and reports analysis accumulated from diverse business units and factors that affect organizational risk. Historically, ERM deployments have tended to begin at a 40,000-foot corporate level, gaining authorization and executive commitment before trickling down into the enterprise.
FLAWED ASSUMPTIONS OF PROBABILITY THEORY
Risk analysis is the core of enterprise risk management (ERM). For example, to conduct a cost-benefit analysis of new security safeguards and controls, organizations first have to perform risk analysis. Risk analysis starts with the identification of risks and assigning values such as probabilities of risk occurrence and the expected amount of damage.
Over the years, the information security function has morphed from a very technologically based discipline to a function that, by circumstance, has become more aligned with business objectives. This increased synchronicity with the business is based on the true nature of security itself -- which is to provide a set of controls to protect assets from threats.
A MATTER OF TERMS
To the person in the street, the notion of managing risks at the enterprise level would seem like common sense -- ensuring that the enterprise doesn't take too many risks and that the ones it does take are sufficiently uncorrelated with one another that a single unfavorable event will not create a domino effect. Shareholders expect it. Employees want it for their own job security.
Organizations often spend huge amounts of money and time setting up risk processes and methods, along with supporting tools and training, which often fail to deliver the expected value. Why is this so? We believe the problem isn't in the risk processes themselves, which are usually logically correct. Rather, these investments alone do not enable great risk management practice because risk management is difficult -- it relies on getting groups of people to agree on how to manage things in the future that may or may not happen.
IN DESPERATE NEED OF INFALLIBLE RISK MANAGEMENT
Recent years have seen heightened concern about and focus on risk management, and it has become increasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk.