有几个函数是 被误解的 作为风险管理.
GRC professionals work tirelessly to comply with regulation, 减轻或操纵风险, 帮助企业扩大规模.
但人们对这个职业仍然有很多误解——包括GRC专业人士自己. 我们是来放 13个常见的风险管理误区 休息.
这是一个一目了然的列表——让我们直接进入一个大列表.
- Risk management is one department’s responsibility
- Risk management is just about compliance
- Risk management is just about avoiding risk
- 风险管理是一次性的活动
- Risk management is too expensive/time-consuming
- Risk management is about eliminating all possible 风险
- 所有形式的风险都是不好的
- 您当前的流程已经涵盖了它
- 你不需要应急计划
- 风险管理是100%数据驱动的
- 风险管理是悲观的
- There’s a catch-all solution to risk management
- 风险管理很无聊
Myth 1: risk management is one department’s responsibility
可能是 最普遍的信念 在这个列表中.
公平地说,它 is 让人困惑. Yes, there’s someone with the specific title of Risk Manager. 不,不是的 只有 他们的 管理风险的责任.
您的风险策略——以及日常的风险识别和控制——是您的风险团队的工作, be that a one-person show or a full function.
但是,正如皮特•德鲁克(Pete Drucker)曾经说过的,“文化把战略当早餐吃掉。.”
美国国立卫生研究院的管理分析师保罗·米勒, 把更多的GRC肉放在骨头上.
“如果一个ERM项目只关注组织绩效指标来确定有效性, 那么这些ERM项目就有可能只看到一半的前景.
“即使是最全面的ERM框架,也需要积极的组织风险文化的支持。”.
But even risk culture is made more 让人困惑 than needed.
听IRM的吧 - it’s just the term describing the values, 信仰, 知识, 一群有共同目标的人对风险的态度和理解.
最后一点是关键. Everyone in your business has a common purpose, 因此,有责任理解你面临的威胁和机遇.
Myth 2: risk management is just about compliance
监管力度正在加大 罚款滚滚而来 – make no mistake, compliance is more vital than ever.
事实上, if it was a country, US regulation alone would be the the 世界第八大经济体.
但GRC做得好并不仅仅是勾选复选框并关注它们 水平扫描电子邮件.
There are countless other business – and human – elements to it.
Myth 3: risk management is just about avoiding risk
GRC专业人士需要时间来真正 理解 风险. 与他们亲近. Decide if they’re a 为ce 为 good or evil.
That’s where the management aspect of risk management comes in.
它比以往任何时候都更重要. 阅读我们的 十大网博靠谱平台它的持续相关性的博客在这里.
Myth 4: risk management is a one-time activity
The 风险 of 2023 aren’t the same as the 风险 of 2003.
本周的风险甚至可能与上周的风险不一样.
Un为tunately, risk management can’t be switched to Rest Mode. 这是全功率的, 全职活动, and while creating processes can and should have structure, the act of risk management itself has no start, 中间, 或结束.
这么说吧:风险不是静止的——市场和风险不会因为你建立了风险委员会就静止不动——所以你的风险管理也不应该静止不动, 要么.
Myth 5: risk management is too expensive/time-consuming
Of course there are costs associated with risk management.
Salaries, software, audits – it doesn’t come cheap.
但未能管理好风险的代价却没有被广泛讨论.
- 400万美元 -组织因违规事件而面临的平均收入损失
- $1.0300万年 – the average saved by businesses through regulatory monitoring
- 45% - the increase in cost of non-compliance since 2011
处理风险过于耗时,通常是由于将风险管理视为一种“锦上添花”,而不是像其他任何业务功能那样的业务功能.
比如市场营销或销售, 真正的结果需要时间, 而且,风险管理的成功与否很难通过工作中无形的部分来衡量.
Risk functions can waste a lot of time on legacy processes也. 手动搜索数据,依靠电子表格——这并不是所有必要的.
选择正确的风险管理软件可以节省风险团队每周的工作时间,因为它们都在一个方便的位置,并自动化较慢的过程.
要了解更多十大网博靠谱平台风险管理软件被越来越广泛使用的原因,请阅读我们的 blog on using RiskTech in an economic crisis.
Myth 6: Risk management is about eliminating all possible 风险
There’s more to risk management than ticking 风险 off a list.
Risk practitioners aren’t a pest control squad. 没有防护服. 没有全面卫生的最终目标.
事实上, risk management doesn’t really have an end goal at all. 作为风险管理者,你的工作是帮助企业减轻、控制风险,甚至从风险中获益.
是的,这最终意味着在风险增长之前创建识别和解决风险的流程.
But like we mentioned be为e – that’s not a one-time thing. 可悲的是, GRC专业人士不能创造完美的风险管理流程,然后坐下来放松.
“我梦想生活在一个没有任何风险的世界里. 我们都是这样。 马特·拉德, Head of Product at RiskSmart and experienced Risk Analyst.
“但这是不可能的. 而不是, risk managers can (and do) focus on prioritisation, 从数据到直觉再到人际交往能力,用一切来支持他们.
“That’s why it’s best described as both an art and a science.”
误解7:所有形式的风险都是不好的
风险往往是坏消息.
- 公用事业的失败
- 气候变化
- 合规的失败
- 声誉损失
- 供应链中断
- 健康和安全危害
- 客户满意度低
- 新的竞争者蚕食了整个市场
- Macroeconomic changes (inflation, interest rates)
It's not hard to see why risk gets a bad name.
但是让我们回到 风险的定义,如ISO 31000所规定:“不确定性对目标的影响”.
不确定性并不意味着灾难. 事实上,最好的风险管理者知道什么时候不确定性可以转化为机会.
Myth 8: your current processes have risk management covered
哦,伟大的. 那就这样吧. 除了……
当这些风险发生变化时会发生什么?
当新的风险出现时会发生什么?
What happens when an audit finds you need new processes?
What happens when new senior leadership demand a risk overhaul?
没有经历过风险事件的负面影响并不意味着您当前的流程是无懈可击的.
Complacency is the enemy of effective risk management.
Myth 9: you don’t need contingency plans
风险经理不是智者. 妖怪们. 千里眼能力的人.
Even the very best risk managers – backed up by all the data, 人际交往能力, and sheer talent possible – don’t get everything right.
世界各地的企业经历了十年的不稳定.
As 杰瑞·海曼指出, “最好是为实施做好应急准备,而不是在风险造成损失时制定应急计划。”.
Myth 10: risk management should be 100% data-driven
让我们来解决这个问题:事实上,只有29%的受访者认为2021年 Caseware 调查显示,他们在审计中经常使用数据分析是令人担忧的.
However, there’s much more to risk management than data.
“The Chief Risk Officer needs to be a finance professional, a scientist (including natural and political), and even a philosopher” explains Anne-Marie Straatthof in 首席风险官的关键作用 为 银行家 杂志.
CRO在 European Bank 为 Reconstruction and Development goes on to explain: “in terms of emotional intelligence, CRO需要有弹性, 协作, and compassionate more than ever be为e”.
Mahesh Aditya支持风险函数的成功取决于数据以外的因素, 集团CRO 桑坦德银行也.
“CRO应该被认为是房间里不会让任何事情被忽视的人……我们(CRO)现在需要更好地了解运营, 企业的幕后和战壕里到底发生了什么, as well as determine what to do about it.”
你可以了解更多 why data is still an essential part of risk management here.
Myth 11: risk management is pessimistic
她来了——从大厅下来. 风险管理者. 扫兴者是非凡的.
这是过时的想法.
事实上, 超出职责范围,“超出风险管理的基本要素”的企业 在财务上优于同行.
We prefer the term cautious, thank you very much.
Myth 12: there’s a catch-all solution to risk management
We’d love to be able to do the work 为 you. 我们真的会.
But there’s no catch-all solution to risk management.
Spreadsheets are the most common method of tackling risk, with 1 in 5 GRC professionals relying on 他们的 accuracy 成功的.
Whether or not that’s sustainable is another question, 考虑到几乎90%被认为包含错误(“非常难以检测和纠正”),而且“企业对其电子表格的准确性过于自信”.
而且还不止于此. Plenty of horror stories exist, such as 摩根大通60亿美元的亏损 在使用Excel创建风险价值模型时,由于错误的复制/粘贴作业而导致的错误.
That being said, they’re widely used 为 a reason. They’re widely accessible, widely understood, and totally free.
Risk management software is becoming more popular, with 70%的风险和合规专家 他说,疫情增加了他们对技术的依赖,以改善决策, 性能监控, 风险管理.
不仅如此,而且 67%的安全专业人员 正在寻找升级他们的工具作为提高公司安全的一种手段吗.
误解13:风险管理很无聊
嘿,谁告诉你的?
Like any jobs, it can have its downsides. 但风险管理是十大网博靠谱平台冲突的, 催化剂, 控制混乱, 协作(与各部门), and carrying the business in new directions.
And if it’s just the manual parts of the job getting you down, then it might be time to embrace an automated approach.
For all things no-nonsense risk management straight to your inbox, join hundreds of fellow risk professionals in the RiskSmart社区.
