While presentations ranged in content, there was strong agreement over what makes for an effective risk management program and what’s shaping the industry right now. Here’s some advice our customers brought to the table:
Take a Proactive Approach to Your Risk Management Program
As our keynote speaker and former Corporate One Chief Risk Officer, Joseph Ghammashi, put it, “Risk management doesn’t start when you have a crisis. You have to be prepared and form a plan. You have to socialize your risk management process so it reaches every employee in your company.” He pointed out that being proactive in your approach can prevent poor decision making fueled by emotion. In fact, it can be the difference between an organization that sinks or swims in the face of difficulty. When prompted, most attendees acknowledged that while they were worried about a looming recession, they were underprepared. Check out our CEO Steven Minsky’s blog on how to prepare for a recession with risk management.
Joseph Ghammashi, former Corporate One Chief Risk Officer, delivers keynote speech
Your Risk Management Program is Nothing Without Buy-In
You could have the best risk management program in the world, but if you aren’t able to get engagement from your organization, it won’t make a difference. This was a sentiment reflected by many speakers throughout the two-day conference, especially by IHS Markit’s ERM team, Angela Seaton and Johnny Mickens. They stressed the importance of engaging the rest of the business by clearly communicating the details of your risk management program, highlighting its benefits both to the company and to the individual, and outlining steps for the future. If you need help building that engagement, take a page out of Chief Risk Officer of Avidia Bank, Nicolas Karmelek’s book, “If you can feed them, you can usually get them to come to a meeting.”
Be Tactical in How You Use Your Solution Areas
There’s a handful of ways to implement the same solution, so don’t be afraid to get creative. Think about what “risk management” means to your organization and how the solution area can help add value. Event and Incident Management is a great example of a solution with many uses. IMPACT speaker and Risk & Procurement Director at the University of Florida’s Athletic Association, William Dolamore, has taken the solution to new lengths. His department is rolling out a new program where employees can leverage iPads to report incidents easily across the campus.
How to Take a Risk-Based Approach to Incident Management
Learn how to take a risk-based approach to your Incident Management program with tips and tricks from this ebook.
Be Sure to Track the Maturity of your Program
Measuring the maturity of your risk program can be an effective way to determine your company’s next steps. IMPACT speakers Patrick Kileen and Daniel Mawn of Bryn Mawr Trust shared their success story with mapping out their journey. They stressed the importance of having a solid idea of what you want your process to look like before executing it. They proudly shared that they are now often the go-to people for key business decisions. “We have grown with users. We started with 10-12 and are now close to 100, if not over, just two years later,” Mawn shares. Chief Compliance and Risk Management Officer Kathy Spain of Capitol Federal also emphasized the importance of being proactive in planning. She pointed out the more work you put into cleaning up your program initially, the better reporting and insights you will get out of it.
Daniel Mawn, Senior Compliance Analyst at Bryn Mawr Trust, shares his thoughts on Integrated Compliance, Policy, and Incident Management
Data Privacy is More Important Than Ever
One thing’s for sure: data privacy has become incredibly important to consumers. This is reflected through an ever growing list of regulations that organizations need to comply with – GDPR, CCPA, and let’s not forget the dozens of emerging and finalized state-level data laws. It was also a key theme at IMPACT, where speakers talked about making the most of the NIST Privacy Framework and protecting confidential data while working with vendors. As our CEO Steven Minsky put it in his closing statements, “When a data breach happens, the consumer doesn’t care whether it was your fault or your vendors. They just want to know their data is safe.”
The Role of the Risk Manager is Changing
As the industry continues to mature, so does what it means to be a risk manager. As Mawn points out, “Risk management is no longer the department of ‘no’, it’s the department of ‘yes, if’.” Risk managers are often key stakeholders at their companies when it comes to big business decisions. The kinds of industries that use risk management are expanding too. IT Risk and Audit Manager Dawn Romano of Cozen O’Connor shares that risk management at law firms is long overdue, but the industry is finally starting to realize its value.
Risk management is an ever changing industry. Conferences like IMPACT are a great opportunity for risk managers to sit down and share what’s working for them, what’s not, and what’s on the horizon for their organizations. It’s conversations like these that help us all do our jobs better. When our organizations count on us, it’s never a bad idea to count on each other.
We hope to see you next year at IMPACT 2020!
Until then, here’s an eBook to help you prepare for your upcoming board reports…
Click here to learn the steps to effectively present your ERM program to your Board and get the buy-in you need.