Advertisement
Check these out next
Integrated Security & Risk Management: Benchmarking
May. 31, 2018•0 likes•165 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Software
As organizations shift towards an integrated approach to risk and incident management, leaders want to guide their teams in the right direction with confidence; this can be a challenge when you’re breaking new ground. Benchmarking is a great way to gain insight into what leading performers and competitors are doing, and see how your organization stacks up. Join us for an interactive session where you, the audience, will vote on the benchmark results and topics that are important to you, guiding the path of the presentation.
Resolver Inc.Follow
Resolver Inc.Advertisement
Advertisement
Advertisement
Recommended
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
Int:rsect: CEO Address with Will AndersonResolver Inc.
An Intro to Resolver's Risk ApplicationResolver Inc.
Integrated Risk Management 101Resolver Inc.
An Intro to Resolver's Compliance ApplicationResolver Inc.
An Intro to Resolver's Incident Management ApplicationResolver Inc.
Integrated Security & Risk Management: Benchmarking
- Benchmarking
- Hello! I am Joe Crampton I am the VP Product at Resolver. @JoeCrampton joe@resolver.com
- Hello! I am Marc DiGiorgio Chief Revenue Officer at Resolver. dig@resolver.com
- SURVEY APPROACH
- Our Goals with the Survey Terminology Does the concept of IRM resonate with customers? Collaboration Risk Maturity How do organizations collaborate and report on risk? Where are organizations on the risk maturity curve?
- Exploring the Results Definition of IRM Risk Maturity Model Collaboration Reporting
- DEFINITION OF ‘IRM’
- Identifying with IRM Do you identify with the term “Integrated Risk Management”?
- Identifying with IRM Do you identify with the term “Integrated Risk Management”? 30 48 0 10 20 30 40 50 60 No Yes
- Identifying with IRM If yes, what does this mean to you?
- Identifying with IRM In your opinion, does your organization have a well-defined risk culture? 22 10 46 No Not Sure Yes
- IRM Maturity Level Does your organization have a unified definition for “risk”? 22 33 40 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
- IRM Maturity Level Does your organization practice an integrated approach to risk management? 35 43 No Yes
- IRM Maturity Level Does your organization have goals related to Integrated Risk Management? 13 37 28 0 5 10 15 20 25 30 35 40 No Not sure Yes
- COLLABORATION
- Collaboration How often do they work together and collaborate? 2 16 22 44 11 0 5 10 15 20 25 30 35 40 45 50 Every 6 months - 1 year Not sure Once a month Once a week or more Once per quarter
- CollaborationWhich teams are most likely to work together?
- Collaboration When collaboration between people and teams does happen, at which level does it most often occur? 37 3 13 26 16 0 5 10 15 20 25 30 35 40 All Levels C-Suite Level Employee Level Manager Level VP or Director Level
- Collaboration If collaboration between teams never occurs, why do you believe this is the case? 22 24 18 31 0 5 10 15 20 25 30 35 Difficult to measure tangible benefits No integrated vision from execs No time for cross collaborating Other (please specify)
- Collaboration If collaboration across teams became commonplace, what potential impact would that have? Reduce Redundancies Reduce the time it takes to complete projects Clearer view of overall organizational risks Alignment on organizational goals 1 (Strongly Disagree) 2 3 4 5 (Strongly Agree)
- REPORTING
- Reporting How do the teams present reports to the Board? 11% 27% 62% Other (please specify) Present one consolidated report Present separate reports, specific to each team
- Reporting If teams report separately, are there areas of overlap within your report data? 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
- IRM MATURITY LEVEL
- RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf
- IRM Maturity Level How would you describe your organization’s Integrated Risk Management maturity level? 6 31 15 7 15 0 5 10 15 20 25 30 35 Tribal & Heroic: Ad hoc / chaotic; depends primarily on individual heroics, capabilities and verbal wisdom. Specialist Silos: Reaction to adverse events by specialists, typically finance, insurance, compliance. Top-down: Tone set at the top. Policies, procedures, risk authorities defined and communicated. System: Integrated response to adverse events. Performance linked metrics. Rapid Escalation. Bottom-up. Risk-Intelligent: Built in decision making. Sustainable. “Risk Management is everyone’s job.”
- SO WHAT’S NEXT?
- What are the right next steps? Suggested Next Steps ▪ Understand that being prepared for a risk event is a multi- disciplined process ▪ Specialized silos need to exist to respond to all elements of the program ▪ Establish specialized teams Specialized Silos Tribal
- What are the right next steps? Suggested Next Steps ▪ Get to know the experts in the other silos ▪ Start to coordinate with each other ▪ Get support from management to establish policies and process that improve efficiency and risk coverage by working together Top Down Specialized Silos
- What are the right next steps? Suggested Next Steps ▪ Work on establishing a good risk culture ▪ Combine Pre and Post event work to reduce risk exposure ▪ Use risk occurrences, loss events, incidents to provide feedback into the controls and counter measures that work SystemTop Down
- What are the right next steps? Suggested Next Steps ▪ Consider risk in decision making, what is the right amount of risk for the objective? ▪ Look for opportunities around risk events ▪ Organization-wide participation in risk management aligned to the organizational risk appetite Risk Intelligent System
- Thanks! Any questions? dig@resolver.com joe@resolver.com
Advertisement