This is part 1 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about the key building blocks of a good risk management framework and how these can  help form an integrated view of risks in your organisation.

Building Blocks of Risk Management_Edited

Video Transcription

Hi, I'm David Tattam, Director of Research and Training at the Protecht Group. One of the common issues we find when we talk to clients about implementing and managing a risk management framework is they'll often highlight that they face a series of disparate and disconnected risk processes and, as a result, disparate, disconnected risk information.

The second problem is that a lot of the information they use is at a point in time, and often that point in time is historical, and as a result is not overly valuable. The solution to this is really two fold:

  1. Number one is to identify what the key building blocks of a good risk management framework and, as a result, what risk information should look like. What are the parts?
  2. Secondly, once we understand those parts, how do we bring all that information, those processes, to an integrated combined view?

The Building Blocks of Risk Management

Let's go back to the building blocks. There are six:

  1. Risk taxonomy
  2. Risk assessment
  3. Control effectiveness
  4. Risk metrics (Key Risk Indicators)
  5. Incidents
  6. Control weaknesses and gaps

The first building block is to come up with a really good series of risk descriptions. We often call these the risk categories, the risk taxonomies. This allows us to aggregate risk up to the highest level, the board by using the risk information underneath.

The second one is to carry out a periodic risk assessment. This identifies the risks that we face together with the key controls.

Thirdly, once we've identified the key controls, we should then be doing periodic control effectiveness assurance to let us know or tell us how effective our controls are.

Fourthly, because our risk assessments aren't very dynamic, we should also be collecting risk metrics. We call these key risk indicators that give us a more up to date view of our risks and our key controls.

Fifthly is our past incidents. What has actually gone wrong? What can we learn from those mistakes?

And lastly, from all of this we may identify areas we are not happy with. We call those control gaps or control weaknesses and out of those we can come up with actions to improve and make ourselves stronger.

Once we have those building blocks we then move on to bringing them all together into a consolidated view. We call this a dynamic risk profile. We at Protecht call this RiskInMotion.

RiskInMotion-Dashboard-1280px

So please check our other blogs and our other videos, and until then take care.

What's next?

Watch a recording of our Risk Taxonomies webinar and learn about the common mistakes we see in risk libraries and what you can do to deploy a strong and consistent risk taxonomy:

New call-to-action

Other videos in this series:

ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk
Whitepaper

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
Risk Management Framework Internal Auditors Risk Professionals Compliance Professionals Health & Safety Managers Protecht.ERM

Take a new look at risk with Protecht.ERM 9.0

The release of version 9.0 sees a brand new layout, making it easier for you to use and navigate Protecht.ERM like never before. And with our new...
Read more
feature image
Compliance Management Protecht News & Events Risk Management Risk Reporting Videos Compliance Professionals

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan...
Read more
feature image
ERM Risk Controls Risk Manager Risk Management Software Videos Webinars

Controls Assurance Webinar

Awesome Controls Assurance: The Confidence to Go Faster This event was done live on Oct.22nd 2019. Access the recording here. “The greatest potential...
Read more