SlideShare ist ein Scribd-Unternehmen logo

Integrated Security & Risk Management: Benchmarking

Resolver Inc.
Resolver Inc.

As organizations shift towards an integrated approach to risk and incident management, leaders want to guide their teams in the right direction with confidence; this can be a challenge when you’re breaking new ground. Benchmarking is a great way to gain insight into what leading performers and competitors are doing, and see how your organization stacks up. Join us for an interactive session where you, the audience, will vote on the benchmark results and topics that are important to you, guiding the path of the presentation.

Software
1 von 34
Downloaden Sie, um offline zu lesen
Benchmarking
Hello! I am Joe Crampton I am the VP Product at Resolver. @JoeCrampton joe@resolver.com
Hello! I am Marc DiGiorgio Chief Revenue Officer at Resolver. dig@resolver.com
SURVEY APPROACH
Our Goals with the Survey Terminology Does the concept of IRM resonate with customers? Collaboration Risk Maturity How do organizations collaborate and report on risk? Where are organizations on the risk maturity curve?
Exploring the Results Definition of IRM Risk Maturity Model Collaboration Reporting
DEFINITION OF ‘IRM’
Identifying with IRM Do you identify with the term “Integrated Risk Management”?
Identifying with IRM Do you identify with the term “Integrated Risk Management”? 30 48 0 10 20 30 40 50 60 No Yes
Identifying with IRM If yes, what does this mean to you?
Identifying with IRM In your opinion, does your organization have a well-defined risk culture? 22 10 46 No Not Sure Yes
IRM Maturity Level Does your organization have a unified definition for “risk”? 22 33 40 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
IRM Maturity Level Does your organization practice an integrated approach to risk management? 35 43 No Yes
IRM Maturity Level Does your organization have goals related to Integrated Risk Management? 13 37 28 0 5 10 15 20 25 30 35 40 No Not sure Yes
COLLABORATION
Collaboration How often do they work together and collaborate? 2 16 22 44 11 0 5 10 15 20 25 30 35 40 45 50 Every 6 months - 1 year Not sure Once a month Once a week or more Once per quarter
CollaborationWhich teams are most likely to work together?
Collaboration When collaboration between people and teams does happen, at which level does it most often occur? 37 3 13 26 16 0 5 10 15 20 25 30 35 40 All Levels C-Suite Level Employee Level Manager Level VP or Director Level
Collaboration If collaboration between teams never occurs, why do you believe this is the case? 22 24 18 31 0 5 10 15 20 25 30 35 Difficult to measure tangible benefits No integrated vision from execs No time for cross collaborating Other (please specify)
Collaboration If collaboration across teams became commonplace, what potential impact would that have? Reduce Redundancies Reduce the time it takes to complete projects Clearer view of overall organizational risks Alignment on organizational goals 1 (Strongly Disagree) 2 3 4 5 (Strongly Agree)
REPORTING
Reporting How do the teams present reports to the Board? 11% 27% 62% Other (please specify) Present one consolidated report Present separate reports, specific to each team
Reporting If teams report separately, are there areas of overlap within your report data? 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
IRM MATURITY LEVEL
RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf
IRM Maturity Level How would you describe your organization’s Integrated Risk Management maturity level? 6 31 15 7 15 0 5 10 15 20 25 30 35 Tribal & Heroic: Ad hoc / chaotic; depends primarily on individual heroics, capabilities and verbal wisdom. Specialist Silos: Reaction to adverse events by specialists, typically finance, insurance, compliance. Top-down: Tone set at the top. Policies, procedures, risk authorities defined and communicated. System: Integrated response to adverse events. Performance linked metrics. Rapid Escalation. Bottom-up. Risk-Intelligent: Built in decision making. Sustainable. “Risk Management is everyone’s job.”
SO WHAT’S NEXT?
What are the right next steps? Suggested Next Steps ▪ Understand that being prepared for a risk event is a multi- disciplined process ▪ Specialized silos need to exist to respond to all elements of the program ▪ Establish specialized teams Specialized Silos Tribal
What are the right next steps? Suggested Next Steps ▪ Get to know the experts in the other silos ▪ Start to coordinate with each other ▪ Get support from management to establish policies and process that improve efficiency and risk coverage by working together Top Down Specialized Silos
What are the right next steps? Suggested Next Steps ▪ Work on establishing a good risk culture ▪ Combine Pre and Post event work to reduce risk exposure ▪ Use risk occurrences, loss events, incidents to provide feedback into the controls and counter measures that work SystemTop Down
What are the right next steps? Suggested Next Steps ▪ Consider risk in decision making, what is the right amount of risk for the objective? ▪ Look for opportunities around risk events ▪ Organization-wide participation in risk management aligned to the organizational risk appetite Risk Intelligent System
Thanks! Any questions? dig@resolver.com joe@resolver.com

Empfohlen

The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonResolver Inc.
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationResolver Inc.
 
Integrated Risk Management 101
Integrated Risk Management 101Integrated Risk Management 101
Integrated Risk Management 101Resolver Inc.
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationResolver Inc.
 
An Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationAn Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationResolver Inc.
 
How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsResolver Inc.
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 

Empfohlen

The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonResolver Inc.
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationResolver Inc.
 
Integrated Risk Management 101
Integrated Risk Management 101Integrated Risk Management 101
Integrated Risk Management 101Resolver Inc.
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationResolver Inc.
 
An Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationAn Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationResolver Inc.
 
How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsResolver Inc.
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk managementEndeavor Management
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceResolver Inc.
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to CoreResolver Inc.
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsResolver Inc.
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceResolver Inc.
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
The Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and PerformanceThe Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and PerformanceResolver Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsResolver Inc.
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionResolver Inc.
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsResolver Inc.
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Resolver Inc.
 
Key Slides
Key SlidesKey Slides
Key SlidesRichard Anderson
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGBrian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 

Weitere ähnliche Inhalte

Was ist angesagt?

Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceResolver Inc.
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsResolver Inc.
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceResolver Inc.
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
The Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and PerformanceThe Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and PerformanceResolver Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsResolver Inc.
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionResolver Inc.
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsResolver Inc.
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Resolver Inc.
 

Was ist angesagt? (20)

Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk management
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX Compliance
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to Core
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 Steps
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business Resilience
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: Compliance
 
The Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and PerformanceThe Intersection of Risk, Security, and Performance
The Intersection of Risk, Security, and Performance
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied Concepts
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss Prevention
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey Results
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management Solution
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
 

Ähnlich wie Integrated Security & Risk Management: Benchmarking

CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013Nidhi Gupta
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013Nidhi Gupta
 
سيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxسيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxAhmadHassanein
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
Victoria Tattersdill - Young Risk Professional interview
Victoria Tattersdill - Young Risk Professional interviewVictoria Tattersdill - Young Risk Professional interview
Victoria Tattersdill - Young Risk Professional interviewFERMA
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
Module 15 - Risk Management.pptx
Module 15 - Risk Management.pptxModule 15 - Risk Management.pptx
Module 15 - Risk Management.pptxcaniceconsulting
 
CSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfCSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfSaraJayneTerp
 
CME Risk Management Training, Risk Assessment Coaching
CME Risk Management Training, Risk Assessment CoachingCME Risk Management Training, Risk Assessment Coaching
CME Risk Management Training, Risk Assessment CoachingCharles McCabe
 
CME Inc service delivery sheet
CME Inc service delivery sheetCME Inc service delivery sheet
CME Inc service delivery sheetCharles McCabe
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionMichel Rochette
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOPiTech
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...Patrick A.
 

Ähnlich wie Integrated Security & Risk Management: Benchmarking (20)

Key Slides
Key SlidesKey Slides
Key Slides
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013
 
سيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxسيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptx
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk
 
Victoria Tattersdill - Young Risk Professional interview
Victoria Tattersdill - Young Risk Professional interviewVictoria Tattersdill - Young Risk Professional interview
Victoria Tattersdill - Young Risk Professional interview
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
 
Module 15 - Risk Management.pptx
Module 15 - Risk Management.pptxModule 15 - Risk Management.pptx
Module 15 - Risk Management.pptx
 
CSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfCSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdf
 
Crisis Ready Check - Example
Crisis Ready Check - ExampleCrisis Ready Check - Example
Crisis Ready Check - Example
 
CME Risk Management Training, Risk Assessment Coaching
CME Risk Management Training, Risk Assessment CoachingCME Risk Management Training, Risk Assessment Coaching
CME Risk Management Training, Risk Assessment Coaching
 
CME Inc service delivery sheet
CME Inc service delivery sheetCME Inc service delivery sheet
CME Inc service delivery sheet
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer function
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
 

Mehr von Resolver Inc.

Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityResolver Inc.
 
Terrorism in a Corporate Setting
Terrorism in a Corporate SettingTerrorism in a Corporate Setting
Terrorism in a Corporate SettingResolver Inc.
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
 
Modelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreModelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreResolver Inc.
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses ResolverResolver Inc.
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
A Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyA Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyResolver Inc.
 
An Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationAn Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationResolver Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data CleanResolver Inc.
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Leveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM ProgramLeveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM ProgramResolver Inc.
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskResolver Inc.
 
How to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with ExecutivesHow to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with ExecutivesResolver Inc.
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to COREResolver Inc.
 
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment TeamCreating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment TeamResolver Inc.
 
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & IrmaLessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & IrmaResolver Inc.
 
Planning a move from GRC Cloud to CORE
Planning a move from GRC Cloud to COREPlanning a move from GRC Cloud to CORE
Planning a move from GRC Cloud to COREResolver Inc.
 

Mehr von Resolver Inc. (20)

Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business Continuity
 
Terrorism in a Corporate Setting
Terrorism in a Corporate SettingTerrorism in a Corporate Setting
Terrorism in a Corporate Setting
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data Safe
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
 
Modelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreModelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver Core
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses Resolver
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
A Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyA Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management Strategy
 
An Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationAn Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience Application
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
Leveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM ProgramLeveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM Program
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New Risk
 
How to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with ExecutivesHow to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with Executives
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to CORE
 
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment TeamCreating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
 
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & IrmaLessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
 
Planning a move from GRC Cloud to CORE
Planning a move from GRC Cloud to COREPlanning a move from GRC Cloud to CORE
Planning a move from GRC Cloud to CORE
 

Kürzlich hochgeladen

Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 

Kürzlich hochgeladen (20)

Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 

Integrated Security & Risk Management: Benchmarking

  • 2.
  • 3. Hello! I am Joe Crampton I am the VP Product at Resolver. @JoeCrampton joe@resolver.com
  • 4. Hello! I am Marc DiGiorgio Chief Revenue Officer at Resolver. dig@resolver.com
  • 5.
  • 7. Our Goals with the Survey Terminology Does the concept of IRM resonate with customers? Collaboration Risk Maturity How do organizations collaborate and report on risk? Where are organizations on the risk maturity curve?
  • 8. Exploring the Results Definition of IRM Risk Maturity Model Collaboration Reporting
  • 10. Identifying with IRM Do you identify with the term “Integrated Risk Management”?
  • 11. Identifying with IRM Do you identify with the term “Integrated Risk Management”? 30 48 0 10 20 30 40 50 60 No Yes
  • 12. Identifying with IRM If yes, what does this mean to you?
  • 13. Identifying with IRM In your opinion, does your organization have a well-defined risk culture? 22 10 46 No Not Sure Yes
  • 14. IRM Maturity Level Does your organization have a unified definition for “risk”? 22 33 40 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
  • 15. IRM Maturity Level Does your organization practice an integrated approach to risk management? 35 43 No Yes
  • 16. IRM Maturity Level Does your organization have goals related to Integrated Risk Management? 13 37 28 0 5 10 15 20 25 30 35 40 No Not sure Yes
  • 18. Collaboration How often do they work together and collaborate? 2 16 22 44 11 0 5 10 15 20 25 30 35 40 45 50 Every 6 months - 1 year Not sure Once a month Once a week or more Once per quarter
  • 19. CollaborationWhich teams are most likely to work together?
  • 20. Collaboration When collaboration between people and teams does happen, at which level does it most often occur? 37 3 13 26 16 0 5 10 15 20 25 30 35 40 All Levels C-Suite Level Employee Level Manager Level VP or Director Level
  • 21. Collaboration If collaboration between teams never occurs, why do you believe this is the case? 22 24 18 31 0 5 10 15 20 25 30 35 Difficult to measure tangible benefits No integrated vision from execs No time for cross collaborating Other (please specify)
  • 22. Collaboration If collaboration across teams became commonplace, what potential impact would that have? Reduce Redundancies Reduce the time it takes to complete projects Clearer view of overall organizational risks Alignment on organizational goals 1 (Strongly Disagree) 2 3 4 5 (Strongly Agree)
  • 24. Reporting How do the teams present reports to the Board? 11% 27% 62% Other (please specify) Present one consolidated report Present separate reports, specific to each team
  • 25. Reporting If teams report separately, are there areas of overlap within your report data? 0 5 10 15 20 25 30 35 40 45 No Not Sure Yes
  • 27. RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf RISK MATURITY MODEL A framework to evaluate where your organization’s risk management practices are and where they need to go. Ad hoc/chaotic: depends primarily on individual heroics, capabilities and verbal wisdom Tribal and Heroic Stage 1 Reaction to adverse event by specialists Discrete roles established for small set of risk Typically finance, insurance, compliance Specialist Silos Stage 2 Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Top-down Stage 3 Integrated response to adverse events Performance-linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive System Stage 4 Built-in decision making Risk interactions managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Risk-Intelligent Stage 5 Unrewarded Risk Rewarded Risk Source: Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance- Risk-Compliance/dttl-grc-riskintelligent-erm-doneright.pdf
  • 28. IRM Maturity Level How would you describe your organization’s Integrated Risk Management maturity level? 6 31 15 7 15 0 5 10 15 20 25 30 35 Tribal & Heroic: Ad hoc / chaotic; depends primarily on individual heroics, capabilities and verbal wisdom. Specialist Silos: Reaction to adverse events by specialists, typically finance, insurance, compliance. Top-down: Tone set at the top. Policies, procedures, risk authorities defined and communicated. System: Integrated response to adverse events. Performance linked metrics. Rapid Escalation. Bottom-up. Risk-Intelligent: Built in decision making. Sustainable. “Risk Management is everyone’s job.”
  • 30. What are the right next steps? Suggested Next Steps ▪ Understand that being prepared for a risk event is a multi- disciplined process ▪ Specialized silos need to exist to respond to all elements of the program ▪ Establish specialized teams Specialized Silos Tribal
  • 31. What are the right next steps? Suggested Next Steps ▪ Get to know the experts in the other silos ▪ Start to coordinate with each other ▪ Get support from management to establish policies and process that improve efficiency and risk coverage by working together Top Down Specialized Silos
  • 32. What are the right next steps? Suggested Next Steps ▪ Work on establishing a good risk culture ▪ Combine Pre and Post event work to reduce risk exposure ▪ Use risk occurrences, loss events, incidents to provide feedback into the controls and counter measures that work SystemTop Down
  • 33. What are the right next steps? Suggested Next Steps ▪ Consider risk in decision making, what is the right amount of risk for the objective? ▪ Look for opportunities around risk events ▪ Organization-wide participation in risk management aligned to the organizational risk appetite Risk Intelligent System