- Corporate Security
- Governance, Risk & Compliance
- Information Security
Governance, Risk and Compliance
By Resolver Modified February 7, 2021
There are many reasons why Enterprise Risk Management (ERM) programs stall, and sometimes even fail. But it’s not too late to give your program a kick start.
To understand why these programs stall, let’s first put ourselves in the shoes of the risk owner. At the beginning of the year, there is a brainstorm or questionnaire period where risks are identified and assessed as a group. After one quarter passes, the risk owner receives a notification asking them to update their risks. What does this mean to the risk owner when they are filling out these risk assessments? They begin asking a few questions, such as: Where does this risk assessment go? Am I really comfortable with my risk assessments? Isn’t this my perception of risk and not the actual risk? How do I know that this is an accurate assessment of my risk levels? What impact does it have to the organization? What is the value add? Why am I even doing this?
This lack of buy-in permeates itself into a culture of guesswork and pointlessness, which eventually leads to an unfinished and/or failed implementation. Is this the position you’re in? Don’t fret. We’ve narrowed down five steps you need to take to get your program back up and running in no time: