risk oversight

5 Tips to Making Board Risk Reports Meaningful Tools for Decision-Making

By Carol Williams / April 28, 2021 /

The year is flying by as we’re well into the second quarter already. Q1 board risk reports should be done, assuming your company prepares one quarterly, and you are likely getting ready to prepare a midyear update. As I discuss in The Ultimate Primer for Effective Risk Reporting, board risk reports serve a dual purpose……

Read More

3 Questions to Consider if Management Rejects Recommendations Due to Cost

By Carol Williams / March 3, 2021 /

Occasionally, I examine local or national events with a risk lens to see what went right and wrong, such as this example of poor vendor risk management in my local community. Doing so can help us better understand areas we may need to improve in our own organizations to avoid similar consequences. Quick Synopsis of…

Read More
risk controls

An Easier Way to Understand the Effectiveness of Risk Controls

By Carol Williams / November 5, 2020 /

KRIs, KPIs, ORSA, ISO, COSO…risk controls, risk owners, risk appetite. The acronyms, the alphabet soup, oh my! To anyone with little to no experience, risk management jargon can be dizzying and confusing, especially to executives who are often deluged with risk registers, reports, and processes that are overwhelming and not helpful for managing the organization…

Read More
changes in risk owner

Avoid the Scramble: Proactively Plan for Changes in Risk Owner

By Carol Williams / September 2, 2020 /

Wouldn’t it be nice if a risk simply went away when the risk owner left the organization or changed roles? Okay, now wake up from that dream…this doesn’t happen in real life. As a previous article on assigning a risk owner explains, the ERM unit does not actually manage risks. Instead individual(s) who are close…

Read More

Quantitative Risk Analysis: What Companies Must Have First

By Carol Williams / January 8, 2020 /

The goal of my blog has been and will always be to distill ERM concepts into actionable insights for anyone interested or who is tasked with risk management in their organization. If you browse around, you will find that I discuss qualitative risk analysis methods like scenario planning, root cause analysis, and just plain old…

Read More

Questions for Gauging the Value of your Organization’s Risk & Performance Management

By Carol Williams / July 22, 2019 /

Although there can be an infinite number of reasons for an organization to evaluate its risk and performance management, two main reasons that apply across-the-board include: You need to understand where your organization stands in order to plan where it should go. Executives want to know if what’s in place or being done is adding…

Read More

One Scarcely Mentioned Way Social Media Can Damage an Organization’s Reputation (…and how to address it)

By Carol Williams / June 3, 2019 /

Now that we’re over a decade from when the first IPhone hit the market in 2007, it’s becoming clear the impact social media can have on an organization’s reputation. Generally speaking, reputation is more significant in today’s world in large part due to the lightning speed at which news can spread. To illustrate the growing…

Read More
risk volume complexity

Organizations Across-the-Board Report Increasing Risk Volume and Complexity

By Carol Williams / May 13, 2019 /

In my first post analyzing NC State’s latest State of Risk Oversight report, we discussed how more organizations are designating a Chief Risk Officer. In this post, I want to take some time to discuss another significant observation from this year’s survey – the volume and complexity of risk. The ERM Initiative in partnership with…

Read More
Chief Risk Officer

Chief Risk Officer: An Increasingly Vital Role in Effective Risk Oversight

By Carol Williams / May 6, 2019 /

The 2019 State of Risk Oversight report from NC State recently came out with some interesting results about the current state of risk management leadership in organizations. The report breaks down results into four different industry-categories – large organizations, public companies, financial institutions, and not-for-profit. Over the last five years, nonprofits have seen the biggest…

Read More

The Board’s Role in Risk Oversight and Why It’s Important

By Carol Williams / April 29, 2019 /

A majority of articles here on the blog focus on the process of ERM for anyone involved in their organization’s strategy-setting and day-to-day operations. While learning about processes like risk identification, assessment, and reporting is important, there are other risk-related activities in the organization that are equally important, namely the oversight of risk by the…

Read More