Manage Tomorrow's Surprises Today™ ERM Blog

risk prevention 0

Why are so many companies missing the point? ERM’s Role in Incident Prevention

Regardless of guilt or innocence, FedEx’s recent indictment has reminded us that in today’s world of complex global interactions and increased regulations, organizations must have a strong handle on interrelated risk, business processes, and relationships. This past week, FedEx made headlines for knowingly assisting illegal online pharmacies, according to the U.S. Federal Government. The company is...

Risk Management software package 0

Why Your Boss Doesn’t Get Risk Management

There are a couple of common refrains we hear at LogicManager on a consistent basis. One is of particular concern to risk managers seeking to establish legitimacy and trust within their organization. “My boss just doesn’t get it.” The signs you’re on this boat are noteworthy. You’re rarely questioned about the legitimacy of the data you’ve...

Healthcare Industry 1

PCI DSS in Healthcare: HIPAA Compliance Isn’t Enough to Protect Patients

The healthcare industry has grappled with HIPAA for nearly 20 years. The ever-changing, extensive piece of legislation mandates the protection and security of patients’ private health information, and HIPAA compliance is a costly and time consuming process for healthcare organizations. With the amount of focus and effort directed towards HIPAA compliance, risk and compliance professionals at...

Risk Appetite 0

Risk Managers Are Spending Their Time on the Wrong Things

There is always a lot of buzz about “risk appetite statements” and “risk tolerance.” In theory, these sound like a natural launching point for ERM Programs – how can risk managers manage risks without a known goal of what they should be managing towards? However, the problem with risk appetite is that it is not actionable,...

ERM Mitigation Effectiveness 1

Best Practices for Developing Mitigation Plans

A common challenge for early-stage ERM programs is making the step from risk identification and prioritization to the formalization of a control (or mitigation) environment. Keep in mind, it is only possible to know if a Mitigation Activity is effective and efficient if the objective of this activity is known. The objective o f the activity must...

Plane - Transport Industry 0

How ERM Prevents Disasters: Case Studies by Malcolm Gladwell

Over the weekend while traveling, I was reading Malcolm Gladwell’s Outliers, and as coincidence would have it, I hit “Chapter Seven: The Ethnic Theory of Plane Crashes,” at a cruising altitude of 30,000 feet. The challenge with Enterprise Risk Management is quantifying how many disasters have been prevented due to its efforts.  Because of this, there is still skepticism...

college university erm 0

Report: Colleges & Universities Lack ERM, Guidance

Colleges and Universities are some of the most at risk institutions when it comes to high profiles failures in risk management. Reputational risk – and remaining off the homepage of CNN – requires an active approach to managing enterprise governance, and most universities are unsure where to start. An Association of Governing Boards of Universities and...

ERM Process 0

How the RIMS Risk Maturity Model Works

Hack Wilson was an MLB star in the 1920’s, but he had a drinking problem. Realizing his potential, Hack’s manager pulled him into the dugout and said, “If I drop a worm into a glass of water, it swims around fine. If I drop it into a glass of whiskey, it immediately dies. What does this...

Risk Assessment Template 0

Are Risk Assessments a Waste of Resources?

Where are there more homicides? Detroit or Michigan? Most people would say Detroit, even though every murder in Detroit also takes place in Michigan. Our initial impressions, even those we have the utmost confidence in, can quickly and easily lead us astray. Avoiding such misconceptions is the value that risk assessments provide ERM programs. Many risk...