Creating an ERM culture requires people: technology alone does not create an effective risk management system. It also takes dedicated people at all levels with focus and vigilance.

Author:Brown, Jeffery
Position:Enterprise Risk Management

The first "World Risk Day," on June 26, 2012, was created to raise awareness around how taking smarter risks drives corporate strategy, improves business confidence and grows profits. That message introduces a key point that is often overlooked: effective risk management is not about trying to avoid risk; it is about striking a balance between minimizing risk and maximizing reward.

Creating and implementing an enterprise risk management (ERM) practice is critical to achieving and maintaining that balance. A critical topic to examine within ERM is whether a lack of information controls is creating unacceptable risk levels. One solution to reducing elevated risk levels is to implement a software-based solution to establish automated end-to-end controls, eliminating the risks and costs associated with performing the risk-related tasks manually.

Technology can facilitate the implementation of a three-phase approach to ensuring accuracy of information as it moves across disparate systems. However, technology should not play an exclusive role in shaping an effective ERM program.

Regularly training and communicating risk to employees at all levels across the entire organization can play just as critical a role in improving decision-making, while also reducing risk and likelihood of falling out of compliance.

Business operations are information driven. Organizations receive, process, produce, store and send a staggering array of information to support and manage operations, satisfy regulators and make important decisions. They use sophisticated information systems and state-of-the-art information technologies.

However, information environments are inherently susceptible to the risk of information errors, which can result in increased costs, reputational and compliance risks and overall inefficiencies.

In addition, information errors may adversely impact an organization's ability to operate competitively. To combat overwhelming information errors, organizations are increasingly developing and implementing data governance strategies that are aimed at detecting and preventing occurrences.

Data governance is the practice of developing standards, processes and controls around data to ensure the availability, usability, integrity and security of the data employed in an enterprise. As part of their data governance initiatives, most organizations deploy an array of automated tools and techniques to ensure the accuracy, consistency and reliability of information.


To continue reading