This is part 1 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about the key building blocks of a good risk management framework and how these can help form an integrated view of risks in your organisation.
Hi, I'm David Tattam, Director of Research and Training at the Protecht Group. One of the common issues we find when we talk to clients about implementing and managing a risk management framework is they'll often highlight that they face a series of disparate and disconnected risk processes and, as a result, disparate, disconnected risk information.
The second problem is that a lot of the information they use is at a point in time, and often that point in time is historical, and as a result is not overly valuable. The solution to this is really two fold:
Let's go back to the building blocks. There are six:
The first building block is to come up with a really good series of risk descriptions. We often call these the risk categories, the risk taxonomies. This allows us to aggregate risk up to the highest level, the board by using the risk information underneath.
The second one is to carry out a periodic risk assessment. This identifies the risks that we face together with the key controls.
Thirdly, once we've identified the key controls, we should then be doing periodic control effectiveness assurance to let us know or tell us how effective our controls are.
Fourthly, because our risk assessments aren't very dynamic, we should also be collecting risk metrics. We call these key risk indicators that give us a more up to date view of our risks and our key controls.
Fifthly is our past incidents. What has actually gone wrong? What can we learn from those mistakes?
And lastly, from all of this we may identify areas we are not happy with. We call those control gaps or control weaknesses and out of those we can come up with actions to improve and make ourselves stronger.
Once we have those building blocks we then move on to bringing them all together into a consolidated view. We call this a dynamic risk profile. We at Protecht call this RiskInMotion.
So please check our other blogs and our other videos, and until then take care.
Watch a recording of our Risk Taxonomies webinar and learn about the common mistakes we see in risk libraries and what you can do to deploy a strong and consistent risk taxonomy:
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. His career includes many years working with PwC, as well as two Australian banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB).