Risk Appetite is such a simple concept that everyone thinks they know but invariably misunderstand. COSO and other regulatory requirements for boards to issue a Risk Appetite Statement has led to a belief a business has an overarching level of risk tolerance. Personally I don’t believe these Risk Appetite Statements add any value but regulators are regulators. Continue reading
How we design and implement systems and processes can play a large role in determining their usability. Poor usability can contribute to avoidable risks. This post addresses the need to employ risk identification and mitigation techniques in the course of designing things in order to minimize the probability of negative outcomes.
Exposure to threats, hazards and risks leads to vulnerabilities that an organization must deal with. Commonly these are addressed via a mitigation process. Once mitigation is accomplished, often times the organization feels that the risk, threat, hazard does not need to be revisited. However, as a result of the mitigation efforts on the part of the organization, the risks, threats, hazards reconfigure and re-emerge in a different form. In order for mitigation to be successful it has to be a constant and ongoing process that produces a resilience to the negative effects of risks, threats and hazards that are realized. Continue reading
In the 1960’s Ralph Nader became famous by writing an expose’ of the Corvair, a rear-engined Chevy built by General Motors. He called it “Unsafe at Any Speed: The Designed-In Dangers of the American Automobile “[1][2]. He accused car makers of ignoring safety, resisting providing seat belts and other design issues that contributed to injuries in accidents. In 1966 the U.S. Congress passed the Highway Safety Act (aka National Traffic and Motor Vehicle Safety Act), which created mandatory federal safety standards for motor vehicles and established what is now the National Highway Traffic Safety Administration. Continue reading
“The White House is putting enterprise risk management front and center in its update to a key policy on internal controls expected later this year”
According to OMB’s A-123 Rewrite to Flip Risk Management on Its Head, Federal News Radio, February 11, 2015 Continue reading