Risk is pervasive throughout business strategies, operations, and processes. Siloed approaches to risk management leave the organization not seeing the big picture of risk. The reaction is often to centralize risk management which forces different areas of the organization into a one-size fits all risk management model that fails to adequately manage and monitor risk. Defining strategy, managing operations, and addressing organization change requires the ability to provide meaningful risk information for decision-making for boards, executives, GRC professionals, as well as the line of business. As business becomes increasingly complex in a changing business and risk environment – that struggles with growing regulations, globalization, and distributed operations – organizations need a blueprint for effective, efficient and agile risk management. This requires organizations to design risk management into the organization as an integrated part of strategy and operations supported by an integrated risk information architecture that allows organizations to have a 360° situational awareness of risk in context of business strategy and operations. Attendees will learn risk management strategies and techniques that can be applied to enterprise and operational risk management strategies as well as departmental focused risk initiatives. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of workshop:
- Risk Management Strategy. Understand risk in the context of business performance, strategy, objectives as well as its culture and values.
- Risk Management Processes. Flowing from strategy are the risk management processes integrated into the organization and how it operates. Good risk management is done in the rhythm of the business.
- Risk Management Information Architecture. Defining an information architecture that enables risk strategy and processes by providing 360° situational awareness of risk in context of business strategy and operations
- Risk Management Technology Architecture. The necessary technology components needed to bring together diverse and distributed risk management roles and integrate risk management into the culture and operations of the organization.
Benefits to attendees:
- Understand a top-down as well as a bottom-up approach to risk management
- Implement risk management in the context of business strategy, process, and operations
- Explore different risk management architecture models and how they apply to your organization
- Discover various risk management techniques and how they apply to your business
- Develop a risk information architecture that aligns with business operations and processes
- Effectively communicate risk across your organizations
Who should attend?
- Risk managers and officers responsible for leading and managing risk
- Business managers whose job responsibilities include risk management and risk ownership
- Executives and governance personnel who have to oversea risk
- Audit personnel that use risk to drive audit plans and provide assurance on risk management
- Security, health and safety, project management, compliance, and other personnel who are involved in risk management
Part 1: What is Risk?
Understanding Risk in the Context of the Organization
- Different views of risk throughout the organization
- Who owns risk?
- Understanding risk and its role in business strategy, objectives, performances, and operations
Part 2: Federated Risk Management
Blueprint for Risk Management Collaboration and Strategy
- Developing a risk committee (or herding cats), bringing together the range of risk roles in the organization
- Defining a risk management charter
- Developing a collaborative and enterprise view of risk
Part 3: Risk Management Process Lifecycle
Integrated Processes to Identify, Analyze, Manage, and Communicate Risk
- Risk identification – Collaborative process to identify risk from both the bottom and the top
- Risk analysis – Understanding and contrasting risk assessment & analysis techniques
- Risk management – Strategies to mitigate and reduce risk
- Risk communication – Assign and manage risk ownership and accountability
Part 4: Risk Management Information & Technology Architecture
Providing an Integrated View of Risk to the Enterprise Without Losing Value to the Department
- Developing a risk taxonomy and attributes of risk and risk ranking
- Addressing risk normalization and aggregation for enterprise risk reporting
- Monitoring risk in a changing environment
- Technology capabilities and considerations to support risk management