Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

Briefs and Insights

May 1, 2012

Managing Levels of Innovation Risk

The highly competitive landscape and the rapid pace of change means organizations must continually seek to innovate to survive and grow. For many, their rush to get new innovations to market overlooks critical risks that threaten the success of those initiatives. More organizations are seeing first-hand how difficult of a task it is to mitigate innovation risk. The Harvard Business Review (HBR) article "Managing Your Innovation Portfolio" highlights how organizations can, through the balance of diversifying and appropriately focusing efforts within their innovation portfolios, achieve higher returns over their long-term innovation investments. The authors of this article discuss issues dealing with managing innovation and ways to initially guide management.

May 1, 2012

Lack of Senior Manager Support Impairs Risk Management

Here's a new twist to "risk management" one of the most damaging risks an organization may face is "management" itself. The article "Risky Management" in Disaster Recovery Journal highlights the realities of how management's attitude and embrace of risk management approaches can undermine the organization's effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise's risk management strategies: management that ignores reasoned words, management that works against others' efforts and management that is nonexistent in the execution of a plan.

May 1, 2012

Risks Associated with Product Development

With over 50 years of experience in advising companies on product development efforts, the authors of this Harvard Business Review article present six flawed assumptions that bring rise to risks associated with product development. Product development managers often follow conventional assumptions to execute their projects effectively and efficiently based on the belief that these lead to the most productive approach. But often, risks associated with product development rise due to fallacies in these assumptions causing major delays, glacial progress, and costly failures.

Feb 1, 2012

Is it Necessary to Have a Separate Risk Committee?

A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe “It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

Jan 1, 2012

Risk Committees

While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

Nov 1, 2011

Proactively Managing External Relationship Risk

The focus on managing third-party risk is becoming prevalent in the current business environment as more organizations turn to external providers to gain access to needed services, reduce costs, or achieve other strategic advantages. While most executives recognize the importance of thinking through risks associated with delegating key tasks to external parties, several studies suggest the extent of vendor risk assessments is lacking and they fail to be adequately resilient in holding vendors to certain risk management standards. A thought paper by Crowe Horwath presents a process for managing third-party relationship risks by utilizing a risk landscape framework. They highlight three steps to implement a successful third party risk management program.

Oct 17, 2011

Compliance, Ethics and Enterprise Risk Management

Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization's five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.

Aug 1, 2011

Avoiding Confirmation Bias in Decision Making

Executives today are becoming even more aware of the biases within their own mind that can prevent them from making the correct decisions. One of these major biases is confirmation bias, which is the phenomenon in which people throw away any evidence as irrelevant if it contradicts their initial notion of the situation. Increased awareness of the decision making process can help executives better evaluate situations when coming to a major decision. Confirmation bias is likely to be present in any risk identification and risk assessment task as new information comes to light that might contradict our preconceived notions about a risk event. This thought paper explores twelve questions to think through before jumping into the deep end and making a major decision with an unfounded assumption as its base.

Jul 1, 2011

Managing Human Capital Risk

Though companies recognize the high impact of Human Capital Risk (HCR), many still have immature HCR management processes, if any. The Conference Board researched companies based in North America, Europe, and Asia-Pacific to evaluate current HCR management practices. Companies with Strategic Workforce Planning (SWP) indicated better HCR maturity. The research in this article also highlights a need for HR and ERM executives to engage each other more to better understand risks associated with their human capital management.

Jul 1, 2011

Managing Social Media Risks

As organizations realize the potential of social media to positively benefit their marketing and advertising strategies, they are also aware of potential risks. In a white paper published by Crowe Howarth LLP, the authors outline sources from which social media risks can originate and provides a six-step approach that an organization can use to create an effective social media risk management strategy.