positive risk

Risk & Strategy Visionary Shares Valuable Insights on Risk Appetite and Tolerance

By Carol Williams / January 27, 2022 /

It’s clear from commentary and my blog’s web traffic data that risk appetite is considered to be the most challenging and controversial parts of ERM. To learn more about these differing perspectives, I invite you to check out this article that includes commentary from various thought leaders. We are always trying to better understand the…

Read More
risk controls

An Easier Way to Understand the Effectiveness of Risk Controls

By Carol Williams / November 5, 2020 /

KRIs, KPIs, ORSA, ISO, COSO…risk controls, risk owners, risk appetite. The acronyms, the alphabet soup, oh my! To anyone with little to no experience, risk management jargon can be dizzying and confusing, especially to executives who are often deluged with risk registers, reports, and processes that are overwhelming and not helpful for managing the organization…

Read More

Traditional vs. ERM – 3 Steps to Move from Loss Prevention to Focused on Organizational Success

By Carol Williams / July 1, 2019 /

One point I discuss at a high-level in my flagship article comparing traditional and enterprise risk management is the difference in what each focuses on. In this article, I’m going to dive a little deeper into this difference with a real world example and how executives and practitioners can move from focusing strictly on loss…

Read More
disjointed vs. embedded

Disjointed vs. Embedding in Culture and Mindset – A Key Difference Between Traditional Risk Management and ERM

By Carol Williams / January 28, 2019 /

One of the big differences between traditional risk management and ERM is the role risk plays in the organization. I briefly discussed this point at a high-level in my popular article linked above. And while the point of disjointed vs. embedded in culture and mindset is connected to other differences mentioned in the article, the…

Read More

ERM and Economics – Making Organizations More Resilient in Difficult Times

By Nathan Williams / January 14, 2019 /

Upon reviewing a report from NC State discussing top risks for 2019, both Carol and I were surprised that an economic downturn was pretty far down the list of concern for executives. (As a quick side note, neither one of us are doomsday people thinking the sky is perpetually falling…) I know nobody wants to…

Read More

Practicing ERM without a Formal ERM Program

By Carol Williams / October 29, 2018 /

Many of the ERM resources you encounter on my blog and elsewhere focus on elements of a formal program like developing a framework, establishing risk appetite, and more. We imply, at least indirectly, that your organization must have this formal structure in place before practicing ERM. However, this isn’t always the case… Double-take – why…

Read More

Traditional vs. ERM – Elevating Risk Management from the Business Unit to the Whole Enterprise

By Carol Williams / October 8, 2018 /

One of my most popular articles discusses the differences between traditional risk management and ERM, with one of the core differences being the approach to risk. Traditional risk management occurs within a singular business unit – it is departmentalized or occurs in what’s called a “silo” or “stove pipe.” The IT Director or Chief Technology…

Read More

Enterprise Risk Analysis – Prioritizing Risks for Maximum Benefit to the Organization

By Carol Williams / July 23, 2018 /

Resources – whether they are time, financial, human, or natural – are limited. You only have so many hours in the day or only so much money, which is why all of us prioritize our activities for the day or how much money to spend. The same process we subtly do each day is definitely…

Read More

4 Easy Ways to Ensure Management is Supportive and Actively Engaged in your ERM Program

By Carol Williams / June 4, 2018 /

When it comes to enterprise risk management, I have struggled with ways to engage management. After all, it is not like ERM is an exciting topic…at least for most people. Me, I love talking about ERM! Most executives or mid-level management focus their days on what they specialize in, whether it is finance, marketing, information…

Read More

Wait a Second – You Mean We Can Have Positive Risks Too?

By Carol Williams / November 19, 2016 /

I know, seems counter-intuitive, right? When we hear the word “risk,” we automatically think it has to be negative. In many cases, it is. Perhaps a certain process is outdated and causing the company to lose money, or a defective product is leading to some bad press. However, some risks can be considered “positive,” at…

Read More