Boards and Risk Management

Increasing risk oversight is a priority of boards and management since the global financial crisis, but many are unprepared to do this according to a recent report from the Canadian Institute of Chartered Accountants (CICA). A Framework for Board Oversight of Enterprise Risk presents a nine-step roadmap to help directors identify, understand and address enterprise risk and recognize potential compounding effects when risks collide.  The roadmap is sound and also can be a valuable resource for risk management professionals.

The CICA report states “a common concern among boards of directors is the lack of a comprehensive framework and toolsets to assist boards to structure an effective, robust risk oversight process.”  Key activities in the CICA framework include: identifying risks; analyzing, validating and prioritizing them; determining risk tolerance and risk appetite; managing risk through various response strategies; and ongoing monitoring.  These are similar to recommendations included in ISO’s risk management standard (31000) and their business continuity management system standard (22301). Read More


Context of the Organization – A 360 Perspective and ISO 22301:2012

Black Swan events, holistic business continuity, Emerging Risk Audits, and non-financial risk management are terms swirling in C-Suites, on Boards, and in the business, risk management and auditing literature.  Also swirling around are discussions about sustainability, corporate social responsibility, organizational resilience, as well as organizational health.

The confluence of these signals suggest an emerging business model that incorporates a 360 Perspective. Central to this perspective is a systems view and an integration orientation. Read More


Leveraging EHS/S Expertise for Non-financial Risk Management

Organizational risk management has evolved from a singular focus on financial risk to a broader perspective that includes enterprise-wide and non-financial risks. Approaches such as enterprise risk management, strategic risk management, and value risk management are morphing into an area called “non-financial risk management (NFRM).” A paradox in this arena is that even though risk management is important, it is fragmented, siloed, and poorly integrated in companies. NFRM frameworks are weak or non-existent.

A solution to this paradox can be found right down the hall in the EHS/S (environmental, health, safety, and sustainability) department. But because of the historic focus on regulatory compliance, the decades of risk-management experience that the EHS/S function has often goes unnoticed.

Click here to read full post on the NEAM Green Tie Blog.


Risk Management, EHS/S, Business Continuity, and the 360 Risk Management Check-Up™

It has been a while since I’ve posted. The  summer has been full, working on developing the 360 Risk Management Check-Up™, a high-level diagnostic to measure the EHS/S and risk management function in organizations. Associated with this work, I have been conducting research on the evolution of organizational risk management and growing attention on non-financial risk management (NFRM).

Organizational risk management (RM) concepts and practices have been evolving from a singular focus on financial risk to a more broad focus on enterprise-wide and non-financial risks. Approaches such as enterprise risk management, strategic risk management, value risk management, etc. have been evolving into what is being called NFRM. Read More