Focusing on the ‘Enterprise’ in Enterprise Risk Management

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Why does COSO ERM:2017[i] use the word “enterprise” in the title of their standard and ISO 31000:2018[ii] is a “risk management standard?”  CERM Academy also has a book on this topic[iii]. So, what does the concept of an “enterprise” impart to an organization, if anything, to set apart the COSO standard from the ISO standard?

A search of the definition for enterprise covers the entire gamut of possible uses. There appears to be little difference between business enterprise and the business itself. [Read more…]

Enterprise Risk Management, Millennials, and Cyber

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Kevin Curry in an opinion piece for The Hill raised several issues which will ultimately impact the adoption of Enterprise Risk Management (ERM) in government. The article entitled “America’s public sector has a problem –

It’s not getting any Millennials”, makes four points.  These are; 1. the federal government is having trouble hiring Millennials, 2. the federal government has old legacy cyber systems, 3. millennials expect up to date cyber systems and 4. the lack of up to date cyber systems is one of the problems keeping Millennials away.

Since the article does not specifically deal with ERM, one might ask: What is the intersection between the four issues and the adoption of ERM in government?  This article looks at the relationship of this problem with ERM in government. [Read more…]

Truth, Lies, and Paltering Leaders – What and Who Can Be Believed?

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“Lies, damn lies and statistics” is an often-used phrase attributed to the 18th Century British Prime Minister Benjamin Disraeli.  He acknowledged the persuasive power of numbers to bolster weak arguments.

In a statistical moment his contemporary, Abraham Lincoln, said; “You can fool all the people some of the time and some of the people all the time, but you cannot fool all of the people all of the time“.  Politics, persuasion and manipulation (deception) have gone hand in hand for centuries.

Many people have monopolized in the area of Churchill’s “terminological inexactitudes’ or, as it’s now being referred to Stateside of the Pond “False News“.  The term”lie” is an accusatory word and maybe impolite and vulgar and’ politically incorrect’ but do ‘lies’ really help us and why can’t we know the truth? [Read more…]

Stepping Stones in the Lean Journey

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

As very young children, we had an instinctive need to be very close to our parents – feeling a great deal of anxiety, even a sense of abandonment, if they were not within our sight.  As we grew older – and whether it was geographically, intellectually, or psychologically – we would become more comfortable with greater distances from what we felt were our basic truths, but almost always as stepping stones and rarely great leaps. 

Think of early commanders of sailing ships always keeping sight of land until traveling ever greater distances was more predictable because of maps and navigation techniques and tools. [Read more…]

Resilience & Enterprise Risk Management

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The term resilience is used in reports and studies by numerous government agencies and international institutions.  For instance, in 20014 the Organization forEconomic Cooperation and Development issued a report entitled “OECD Reviews ofRisk Management Policies: Boosting Resilience Through Innovative Risk Governance”. [Read more…]

Integrating ISO 31000:2018 Risk Management Throughout the Organization

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In 2012, ISO’s ‘Joint Technical Coordinating Group’ (JTCG) completed work to provide a high-level structure, text, and common terms and definitions for all future and revised management system standards. All Technical Committees developing management system standards were required to follow Annex SL found in the ISO/IEC Directives, Part 1, Annex SL[i].   

As we approach 2019, it is abundantly clear that the high-level structure mandate has been followed by the Technical Committees with mixed results. All the new and revised management systems used the 10-clause structure and all of them include the same definition of risk and risk management.  However, the way risk management was used in the different management system standards varied considerably. What can an organization learn from this exercise? [Read more…]

Less is More – Efficiency in Project Management Plans

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

We’ve all seen it…a filing cabinet full of project management plans and procedures from the last job that people have tried to adapt and modify to meet the current project. Amazing that such a plethora can give the impression of effectiveness and, to a skeptic, surprising if they are relevant, read or assimilated. [Read more…]

Understanding the ‘Risk Management’ Process

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

There are two widely-used risk management standards:

• ISO 31000:2018
• COSO ERM 2017

In my previous blog[i], I presented details on how these risk management standards address the development of a risk-aware culture – a necessary foundation for risk management success. As promised, this blog will address the risk management “process.” This is how the organization addresses specific risks. [Read more…]

Project Ain’t Broke: Don’t Fix It: But Are You Maintaining It?

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Projects go wrong and in our binary world projects either succeed or fail.  There is a plethora of articles, opinions and reasons for such success and failure but why, and how, is this possible when we have more and more ‘qualified’ project managers?

When a project is still moving or hasn’t fallen apart it may be categorised as “it ain’t broke” and optimistic project managers may conclude “no need to fix it“.  However, we all know that preventive maintenance will allow for successful operation and minimise breakdowns and avoid trouble, “a stitch in time saves nine“. [Read more…]

SCRM VUCA

Just think of all the changes occurring in your organization. New regulations. Changing customers with new product preferences. New competitive product offerings. New technologies. New branding. New business platforms. New business models. Compressed lifecycles. Change is no longer gradual. Change is rapid and abrupt.

Supply Chain Risk Management (SCRM) is being able to adapt to disruptive changes occurring in supply chains, management, and even all professions (quality, engineering, supply management, etc.). As well, we believe general management is evolving into risk management.

A few years ago, we believed competitiveness was the supply chain paradigm buster.  We even wrote in Supply Management Strategies: 

“Capitalism, competitiveness, dot.com profitability, and innovation are today’s paradigm busters. They are what drive today’s New Economy. Capitalism is triumphant in almost every activity in every corner of the world. National boundaries are disappearing as goods and services move freely. Competitiveness and innovation are continually destroying the current business paradigm. Just as a business feels it has found its niche and understands what is going on, supply management and sourcing rules change again.” [Read more…]

The Antidote to VUCA is OODA

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The date is September 15, 2008.  The crisis in subprime mortgages had been going on for a little over a year.  It was triggered in the last half of 2006 when house prices began to fall as the housing bubble in the United States burst.  This caused those who had taken NINJA (No Income, No Job, or Assets) loans to buy their home, with the expectation that prices were going to increase five per-cent year on year forever, to default.  This accelerated the decline in home prices which, in turn, accelerated the number of defaults – a financial and economic death spiral had formed.

[Read more…]

Status of ERM in the U.S. Federal Government

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In 2015 the Office of Management and Budget (OMB) issued Circular A-123.  It requires all federal agencies to implement Enterprise Risk Management (ERM). ERM is a methodology which allows an organization to, in a systematic manner, identify, prioritize and reduce the adverse impact of risks events, such as fraud, cyber-attacks, mismanagement, and natural disasters, that could prevent the organization from accomplishing its mission and objectives.

For the past several years federal agencies have been surveyed to determine the extent of the ERM implementation. This article reviews the results of the past four years. [Read more…]

The D-Word – Discipline Is Not a Dirty Word

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In our aging societies with a work force ranging from Baby Boomers through Generation Xers to Millennials the ‘D-Word’ may summon up images of stoical sergeant-major types shouting and barking and removing any freedom of thought or act.  Discipline is variously defined but it is generally understood to be ‘the ‘training that produces orderliness, obedience and self control to follow rules‘ and, operatively, if rules are broken ‘chastising or punishing‘.  . [Read more…]

Transformation vs Disruption

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Transformation… I am hearing more and more talk about how companies are seeking to transform themselves, or that they are launching a transformation initiative.  And as expected, there is the corresponding increase in transformation conferences, symposia, articles and books.

But what is “transformation”? [Read more…]

Risk Based Problem Solving and Decision Making

All organizations regardless if they are public or private, for profit or not for profit, large or small face uncertainty.  Uncertainty results in risks.  More organizations will face uncertainty in the design, implementation, and assurance of their Quality Management System (QMS), Environmental Management System (EMS), Information Security Management System (ISMS), and most ISO management systems.  The critical organizational challenge over the next decade is how organizations will address and treat the risks that result from the uncertainty.  ISO 31000:2018 was developed to address this growing uncertainty. [Read more…]