In my blog last week I defined the terms in the poll below and explained how risk management can prevent these failures from occurring. Vote your opinion and then view the results of what others think.
Thanks to Toren for his comments on my blog last week “Intelligence Failures, Part II: Risk Management is the Answer” Toren writes:
“How would Risk management software deal with perceptions and preconceptions that drive leaders and make them look the other way once intelligence points against their gut feeling? Is there a software that integrates human experience and takes preconceptions, even feelings and mere hunches that may drive a decision, into account?”
Business has political interests and politics has business interests, but the discipline of risk management applies to all just the same. Toren’s comment highlights the need for acquiring human intelligence front line experts and balancing it with other data sources to achieve better decision making. This is the heart of what risk management software is designed to address.
First, the underlying prerequisite for a successful risk management program is the “tone from the top” from leadership to embrace a rigorous, objective and qualified risk management process. Transparency in the risk assessment and mitigation process is necessary to build the confidence and credibility for this buy-in. Software achieves this with embedded best practices and real-time interactive dashboards and reports for efficiency and governance of the process. Senior leadership commitment to actively engage in the risk management process will result in their conviction in the results.
With this mandate in place, the next issue then is how to widen the net and process the information in an objective and consistent fashion to prevent unsubstantiated preconceptions from blocking out the facts. True Enterprise Risk Management software supports a risk control self-assessment approach with a library of guided questions to qualify, quantify and prioritize human intelligence for follow-up. This process breaks the information down into its root cause categories and factors and quantifies the potential impact of the risk, the likelihood that the risk will occur and the current effectiveness of controls in place should the risk actually occur. A risk index score is calculated with the formula of (impact x likelihood x control). The highest risk score index can now systematically cull a broader base of information systematically to the most dangerous or high risk issues or scenarios.
Follow-up activities are assigned with due dates for deeper analysis that culminates in a recommendation for action along with the supporting documentation of cost benefit analysis, controls, budgets, etc. This web based system aggregates data from all areas of the organization. Control activities enforce discipline in the implementation and monitoring phases of then preventing risks or minimizing the impact of risks should they occur. It is this combination of methodology, process and software that prevents a premature conclusion or disregard for the facts.
Thanks again to Toren, keep your inquires coming and don’t forget to vote your opinion above!