Mitigate Risk with Better Plan Execution and Organizational Alignment

1© 2016, all rights reserved, www.GRC2020.com
WEBINAR
Mitigate Risk with
Better Plan Execution and
Organizational Alignment

SUPPLY CHAIN PLANS
SALES DEVELOPMENT PLANSCERTIFICATION PROGRAMS
SERVICE PERFORMANCE
RISK MANAGEMENT
STRATEGY EXECUTION
NEW PRODUCT LAUNCHES
SERVICE LINE PLANS
COMPLIANCE ADHERENCE
MERGERS & ACQUISITIONS
OPERATIONAL EXCELLENCE
PROCESS WORK FLOWS
2

3
Meet the Speakers
Michael Rasmussen, GRC 20/20 Research
Michael Rasmussen is an internationally recognized pundit on governance, risk management and
compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology,
corporate compliance and policy management. With 22+ years of experience, Michael helps
organizations improve GRC processes, design and implement GRC architecture and select
technologies that are effective, efficient and agile. He is a sought-after keynote speaker, author
and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC
market in February 2002 while at Forrester.
Michael Rasmussen
Speaker
Joe Krause
Moderator
Joe Krause, AchieveIt
Joe is responsible for empowering AchieveIt clients to execute their plans. With a consultative
strategic planning background, Joe has worked with clients to execute over 1000 strategic,
operational, and project plans. Throughout his four year tenure at AchieveIt, Joe has
experienced, first-hand, the pitfalls organizations experience during the execution phase of their
strategic planning processes and is passionate about helping teams drive toward successful
business outcomes.

4
A Couple of Housekeeping Notes
Slides will be sent via email in 1-2 days
Recording link will be available on demand
There are dial-in only participants
Type in the Questions Panel
Share on Twitter @GoAchieveIt

WEBINAR
Mitigate Risk with
Better Plan Execution and
Organizational Alignment

Mitigate Risk with Better Plan Execution & Organizational Alignment
Effective, Efficient & Agile Strategy & Risk Management Program
October 2017
Michael Rasmussen, J.D., GRCP, CCEP
The GRC Pundit @ GRC 20/20 Research, LLC
OCEG Fellow @ www.OCEG.org

Never in all history have
we harnessed such
formidable technology.
Every scientific
advancement known to
man has been incorporated
into its design. The
operational controls are
sound and foolproof!
E.J. Smith,
Captain of the Titanic
Are you truly aware of your risks?

The Chaos of Compliance Interconnectedness
Realize that everything connects to everything else.
Leonardo da Vinci

Change is the Greatest Challenge Impacting Risk Management

➢ Inability to gain clear view of risk
dependencies;
➢ High cost of consolidating risk information;
➢ Difficulty maintaining accurate risk information;
➢ Failure to trend across risk assessment periods;
➢ Redundant approaches limit correlation,
comparison and integration of risk information;
and
➢ Lack of agility to respond timely to changing
risks, regulations, laws, and situations.
. . . and we hope nothing fails

The Organization Has to be Able to See . . .
 The Tree. The individual area of risk
 The Forest. The interconnectedness of risks

Risk is like fire: If
controlled it will help you;
if uncontrolled it will rise
up and destroy you.
Theodore Roosevelt
Success Requires Risk Taking, But Risk Must Be Managed

What it is about . . .

Titelmasterformat durch Klicken bearbeiten
GRC is the integrated collection of capabilities
that enable an organization to:
G) reliably achieve objectives
R) while addressing uncertainty and
C) acting with integrity.
SOURCE: OCEG GRC Capability Model
Risk management is the core of GRC . . .

The questions organizations need to ask:The questions organizations need to ask:
ü Does the organization have enough information to make decisions about the future
of the company, when they don’t have a clear view of risk that impacts critical
business operations and processes?
ü Does the organization know its risk exposure at the enterprise, business process,
and technology levels and how they interrelate?
ü How does the organization know it is managing and mitigating risk effe
c
tivel y in
the context of the business to achieve business goals?
ü Can the organization accurately gauge the impact of risk on business strategy ,
objectives, and operations?
ü Does the organization get the information it needs to tak e timely action to risk
exposure to avoid or mitigate loss and situations of non-compliance?
ü Does the organization monitor key risk indicators across key IT systems, processes,
and information?
ü Does the organization optimally measure and model risk in a business context?

Defense in Depth: Layers of Defense

Risk Management Collaboration:
Providing Collaboration on Risk Management Across the Organization

Risk Management: a Top Down Approach
Risk Management Strategy
Risk Management Technology
Risk Management Information
Risk Management Process

Risk Management Information Architecture Provides 360° Contextual Intelligence
Strategic
Financial
Operational
Preventive
Corrective
Detective
Complaint
Investigation
Event
Strategic
Process
Department
Regulatory
Values
Contractual
Code of Conduct
Training & Awareness
Policies & Procedures
Owner
Employee
Subject Matter Expert
Controls
Risks
Issues
Roles
Objectives
Policies
Obligations
Organization
Entity
Asset
Process

ISO 31000:2009 Risk Management
Risk
Assessment
✓ Creates value
✓ Integral part of organizational processes
✓ Part of decision making
✓ Explicitly addresses uncertainty
✓ Systematic, structured and timely
✓ Based on the best available information
✓ Tailored
✓ Takes human and cultural factors into account
✓ Transparent and inclusive
✓ Dynamic, iterative and responsive to change
✓ Facilitates continual improvement and
enhancement of the organization
Design of
Framework for
Managing Risk
Implementing
Risk
Management
Monitoring &
Review of the
Framework
Continual
Improvement
of the
Framework
Communicate&Consultation
Monitoring&Review
Establishing the
Context
Risk Treatment
Risk Identification
Risk Analysis
Risk Evaluation
Mandate and
Commitment
1) Risk Management Principles 2) Risk Management Framework 3) Risk Management Process

Risk Detail Capability
Risk Name: Risk Status:
Green
Reporting Period: Subject Matter Expert:
Risk Team:
Risk Description
Control Environment Evaluation to Mitigate Risk
ControlledOver-Controlled Under-ControlledNeed Fewer Controls Need More Controls
Concerns Regarding Current Control Environment
Emerging Risks / Events That Could Change Assessment of Risk
Mitigation Activities Deadline Status
Emerging Risk Mitigation Activities Deadline Status

Risk Detail Capability, continued
Related Objectives
Related Assets
Related Risks
Related Processes
Risk Scenarios (Types of Events That Could Cause Loss)
Scenario Impact Likelihood Velocity Management Systems
History of Risk Events (Losses)
Event Description When Impact ($)

Post-Mitigation Risk Assessment (Residual Risk)
Impact ($ MM)
Pre-Mitigation Risk Assessment (Inherent Risk)
Impact ($ MM)
Likelihood (%) Likelihood (%)
Velocity (Time to React) Velocity (Time to React)
Duration (Time to Recover) Duration (Time to Recover)
Management, Systems & Processes Management, Systems & Processes

Likelihood
low medium high
lowmediumhigh
Impact
Inherent
Risk
Residual
Risk
Risk Mitigation Actions
Key Risk Factors Monitored
Risk Acceptance
01.01.2015
Date Signature Risk Owner Signature Risk Expert

Risk technology provides automation and tracking
COLLABORATIONAUDIT TRAIL ENFORCEMENT
MANAGEMENT REPORTING
WORKFLOW & TASKS

360° Risk Contextual Analytics & Intelligence Capabilities
Integrated and
mapped together to
provide context
Analyzed to
understand relationships
Action Items
Distributed & Disconnected
Risk Data Points

Risk Information Architecture Provides 360° Contextual Intelligence Capabilities
Strategic
Financial
Operational
Preventive
Corrective
Detective
Complaint
Investigation
Event
Strategic
Process
Department
Regulatory
Values
Contractual
Code of Conduct
Training & Awareness
Policies & Procedures
Owner
Employee
Subject Matter Expert
Controls
Risks
Issues
Roles
Objectives
Policies
Obligations
Organization
Entity
Asset
Process

Mature GRC Capabilities Achieve the Following 10 Objectives. . .
1 Achieve Business Objectives
2
Ensure Risk Aware Setting of Objectives
and Strategic Planning
3 Enhance Organizational Culture
4 Increase Stakeholder Confidence
5 Prepare & Protect the Organization
6
Prevent, Detect, and Reduce Adversity
and Weaknesses
7 Motiviate & Inspire Desired Conduct
8 Stay Ahead of the Game
9 Improve Responsiveness & Efficiency
10 Optimize Economic Return & Value

Current Level of GRC Integration Across Organization
1 The more integrated, the more consistent in how GRC needs are addressed in different areas of concern.
2 The more integrated, the more confident about management of risk and compliance.
3 The more integrated, the more confident about performance and ability to audit performance, risk and
compliance.
4 The more integrated, the more confident about having the right metrics to get clear views about
performance, risk and compliance.
5 The more integrated, the more business units feel they give the right amount of information to strategic
decision-makers and the board.
6 The more integrated, the more respondents select positive terms to describe metrics they use.
The Value of Integrated GRC
SOURCE: OCEG & GRC 20/20 2014 GRC Maturity Survey, data is
from 190 respondents from organizations with 500+
employees.

1. Aware
✓ Have a finger on
the pulse of
business
✓ Watch for change
in internal &
external
environment
✓ Turn data into
information that
can be, and is,
analyzed
✓ Share information
in every relevant
direction
2. Aligned
✓ Support and inform
business objectives
✓ Continuously align
objectives and
operations to risk
of the entity
✓ Give strategic
consideration to
information from
risk management
enabling
appropriate change
Maturing Risk Culture Through 360° Contextual Risk Intelligence Delivers . . .
3. Responsive
✓ You can’t react to
something you
don’t sense
✓ Gain greater
awareness and
understanding of
information that
drives decisions
and actions
✓ Improve
transparency, but
also quickly cut
through the morass
of data to what you
need to know to
make the right
decisions
4. Agile
✓ More than fast,
nimble
✓ Being fast isn’t
helpful if you are
headed in the
wrong direction.
✓ Risk management
enables decisions
and actions that
are quick,
coordinated and
well thought out.
✓ Agility allows an
entity to use risk to
its advantage,
grasp strategic
opportunities and
be confident in its
ability to stay on
course.
5. Resilient
✓ Be able to bounce
back quickly from
changes in context
and threats with
limited business
impact
✓ Have sufficient
tolerances to allow
for some missteps
✓ Have confidence
necessary to
rapidly adapt and
respond to
opportunities
6. Lean
✓ Build the muscle,
trim the fat
✓ Get rid of expense
from unnecessary
duplication,
redundancy and
misallocation of
resources within
the risk
management
✓ Lean the
organization
overall with
enhanced
capability and
related decisions
about application
of resources

Two Things to Note . . .
▪ Organizations evaluating or considering GRC
solutions are free to ask GRC 20/20 on our
understanding and comparison of solutions in
the market to meet your GRC requirements.
▪ Inquiries are single focused questions that can
be answered in under 30 minutes.
▪ Complimentary inquiry is only available to
organizations evaluating or considering GRC
solutions for their internal use.
Complimentary Inquiry
▪ GRC 20/20 has an extensive library of RFP
requirements across a range of GRC capability
areas presented in this presentation.
▪ GRC 20/20 can be engaged in RFP development
and support projects to streamline your process,
gain perspectives learned from other
organizations, and to keep solution providers
honest in their responses.
RFP Development & Support

Questions?
Michael Rasmussen, J.D.
The GRC Pundit & OCEG Fellow
mkras@grc2020.com
+1.888.365.4560
Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics
without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org.
GRC 20/20 Newsletter
LinkedIn: GRC 20/20
Blog: GRC Pundit
Twitter: GRCPundit
LinkedIn: Michael Rasmussen

33
A Couple of Housekeeping Notes
Slides and Recording will be sent via email in 1-2 days
Share on Twitter @GoAchieveIt
Type in the Questions Panel
to participate in our Q&A

Solving the Challenges of
Strategy Execution

35
What Drives Execution?
MIDDLE MANAGEMENT
SENIOR LEADERSHIP
FRONT LINE EMPLOYEES
• Executive Dashboards
• Predictive Decision Making
• Board Reporting
• Identify Tasks with Overall Objectives
• Easy Reporting Updates
• Establish Relationship with Other
Initiatives
• Real-Time Information
• Big Picture and Detailed Views
• One Platform, No Manual Compilation

36
What Drives Execution?
4
DRIVERS
OF
EXECUTION

37
Visual Alignment
Qualitative Context
Big Picture Visibility
Streamlined Updates
Purpose-Built for Execution
Current Tools Don’t Enable Drivers

PURPOSE-BUILT
SOFTWARE
BEST-PRACTICE
EXPERTISE
HANDS-ON
GUIDANCE
Want to Know More?See it in action:
www.achieveit.com/demo

Q&A with Michael Rasmussen
Michael Rasmussen, Speaker
The GRC Pundit
GRC 20/20 Research
mkras@grc2020.com
+1.888.365.4560
Joe Krause, Moderator
Senior Strategy Consultant
AchieveIt
(800) 535-1559
jkrause@achieveit.com

Upcoming Events & Resources
Webinar >> 3 Proven Methods to Optimize Your 2018 Strategy and Goals through
Culture and Employee Engagement
Tuesday, November 7th at 1 pm ET
REGISTER:
https://www.achieveit.com/resources/webinars/
Follow us on Twitter @goachieveIt

Mitigate Risk with Better Plan Execution and Organizational Alignment

More Related Content

Similar to Mitigate Risk with Better Plan Execution and Organizational Alignment

More from Paige Pulaski

Mitigate Risk with Better Plan Execution and Organizational Alignment