Latest Webinars on Governance, Risk & Compliance (GRC):
What does GDPR mean for your organisation?
The GDPR is one of the most important and impactful pieces of legislation to be introduced with regards to data privacy. If you or your organisation process the data of any European citizens, or have operations within the EU, you will be required to comply with the regulation. Join us on our first GDPRLive webinar to learn about the basics of what GDPR is and how it will affect the way the world does business after its inception on the 25th of May 2018. Data privacy is no longer just about how IT looks after security, it now involves the entire business and needs to be carefully managed across disciplines.
Improving the integrity of risk registers and how to aggregate risks
While it is important that we preserve a record the conversations we have about risk, for someorganisations the risk register can take on a level of importance that is out of keeping with its real value. In fact, some believe that keeping risk registers fosters a culture of ‘list management’ rather than risk management…
Integrating Strategic Management and Risk Management
Many organisations claim they already integrate risk management into strategic planning. However, in most cases that’s an illusion as, on inspection, risk management is just an ‘add on’ that adds little real value to the planning process.
This Webinar will discuss:
- How strategic management and risk management overlap and the synergies
- Why feeding information from an existing risk register or conducting a risk assessment after objectives are set yield little real value
- What integration really means and how to achieve it
- The hindsight, insight, foresight model
- Practically, how to integrate the risk management process into strategic planning and all other forms of decision making processes.
Unravelling Risk Appetite and Tolerance
We have been using the term risk appetite for many years. It is used regularly in the media and all the major consultancy groups and many professional associations with an interest in risk management.We discuss the term and describe its interpretation and application. Now regulators are asking companies to prepare statements of their risk appetite as part of their governance processes.
Managing risk management performance:
Organisations pursue their objectives by taking and implementing decisions but they must do so in external and internal environments in which there is uncertainty. We call the effect that this uncertainty has on the organisation’s objectives ‘risk’.
The purpose for managing risk is to improve decision-making so as to make it more likely that the subsequent actions will contribute as much as possible to the achievement of the organisation’s ultimate purpose – the realisation of its objectives. It has no other purpose.
This webinar will describe how:
- Performance management and improvement is an important component of a risk management framework;
- Performance measures and KPIs for risk management can be set and used;
- Tools that measure the effectiveness (maturity) of risk management that are tailored to an organisation’s standards and principles for managing risk can be developed and used for bench-marking, diagnostics and improvement planning;
- Such performance management approaches can form the cornerstone of governance reporting that seeks to demonstrate that an organisation’s approach to managing risk is soundly based and effective.
Risk Management Framework
This episode explores the concept of a Risk Management framework, how to create a framework and enhance one. Topics for this session include:
- What is a framework and what does it do?
- Risk Management vs. Managing Risk
- Expressing commitment and mandate
- Integration vs. Standalone
- Enhancing Risk Management Capability
- Risk Management Plans and the execution
- Driving Continuous Improvement
Risk Appetite and Tolerance
There is a tremendous amount of misinformation generated about risk appetite and tolerance. This session presentation demonstrates how risk appetite and tolerance can be managed in a practical and realistic way. ISO 31000 does not use the term ‘risk appetite’ for very good reasons. This presentation will concentrate on how organizations can properly handle risk-based decision making. Featured topics include:
- Definitions of risk appetite and tolerance that make sense;
- How we develop risk criteria and use them in risk analysis and evaluation;
- Developing risk criteria based on your organization’s critical success factors;
- Developing practical consequence and likelihood scales for qualitative risk analysis;
- What tolerance really means and how we use it to decide on the optimal approach to risk treatment.
Understanding Root Cause Analysis
Root Cause Analysis is just as important a technique in risk management as risk assessment. However, many risk management professionals are unclear as to its role and how to facilitate it and while organizations may use some techniques to investigate accidents that injure people and failures that cause loss, rarely is root cause analysis used more widely to analyze all successes and failures. Webinar presented by Grant Purdy (Broadleaf).
Establishing the Risk Context
Establishing the Risk Context is one of the most important steps in the risk management process. It establishes a firm basis for the subsequent risk assessment, allows the risk management activity to be planned and structured and also resolves out risk criteria which are the basis for making decisions about the level of risk which is tolerable. However, despite its importance, the step is often handled badly rushed, leading to an incomplete assessment of risks and poor risk treatment.
Risk Management Performance Management
The last installment in this series of masterclasses presented by Grant Purdy, covers the following topics:
- The requirements of ISO 31000 on risk management performance management
- Generating risk management KPIs
- The best types of performance indicators
- Risk management maturity evaluation
- Using performance measure in Governance reporting
- How performance management of risk management drives forward your initiative
Describing and Identifying Risks
- What is risk?
- What causes risk?
- What is ‘a risk’?
- Why risks don’t manifest, eventuate, occur or happen
- How should you describe a risk? What are the components?
- Using a key element system to guide risk identification
- Risk identification systems – a summary
- Why describing risks correctly is vital for effective risk treatment
Qualitative Risk Rating and Risk Criteria
- The purpose of risk criteria
- Developing consequences criteria tables based on critical success factors
- Wording criteria for positive and well as negative consequences
- 3 x 3, 5 x 5, 6 x 6, 5 x 6? Which is the best scheme for you
- Likelihood criteria
- Control effectiveness – why it is a relative measure and how to define it?
- Potential Exposure vs. Inherent Risk
- Combining consequences and likelihood ratings to define a level of risk
- Beware of semi-quantitative analysis
How to Roll Up and Consolidate Risk Registers
- The roll of risk categories
- How to develop them based on cause not consequence types
- The three types of risk
- Consolidation of risk registers
- Risk rating superior risks
- Risk and control owners on consolidated risk registers