The Institute of Operational Risk has published a Key Risk Indicators Sound Practice Guidance paper

The Institute of Operational Risk has published a Key Risk Indicators Sound Practice Guidance paper to address the lack of written support on the effective application of this important tool.

This Guidance paper covers the whole of the Key Risk Indicators (KRI) process from their selection to their use in risk reporting and assessments. Download the Guidance paper here.

Update from the NC State University ERM Initiative

The most recent newsletter from the North Carolina State University College of Management’s ERM Initiative includes a couple of particularly interesting articles from the perspective of the linkage between strategy, performance and risk management.

Linking ERM and Strategy:  An Example from Target Corporation

Launching an ERM process can be a daunting task, especially in large, complex organizations.  The importance of keeping the risk oversight process simple, but strategic, can be the key to realizing strategic value from ERM.  Tony Heredia, Vice President of Corporate Risk and Responsibility at Target Corporation, shared insights from his experience in helping strengthen their organization’s integration of enterprise risk oversight and strategy. Creating opportunities for executive management dialogue about critical emerging risks is proving to be invaluable as the company navigates the highly competitive retail business in the new economy.  Read about the Target experience

Panel of ERM Experts Discusses “The Value Proposition of ERM:  Strategic or Compliance”
The ERM Initiative’s October 1, 2010 ERM Roundtable Summit featured a panel of executives responsible for ERM leadership at organizations including Advance Auto Parts, Standard & Poor’s, RTI International, and Public Service Enterprise Group that discussed the topic of positioning ERM for strategic versus compliance benefits.  Among numerous practical suggestions was the overarching reality that, for ERM to be successful, leaders need to realize that there is no one-size-fits-all approach to ERM and that effective ERM is one that fully considers the culture of the organization and the importance of board and CEO support.  Read more



Leverage your SharePoint platform to deliver your GRC framework

Governance, Risk and Compliance (GRC) is a popular and broad term which put simply, provides a framework for collaboration between the traditionally siloed functions of governance, risk management, and compliance. Michael Rasmussen, who coined the term “GRC” while at Forrester, states  "It is to get different business roles to share information and work in harmony"

With collaboration as the watch word for not only GRC, but also widely used strategy methodologies, like the Balanced Scorecard, Microsoft’s SharePoint was the natural development platform on which to build our solution. As a leader in five Gartner Magic Quadrants - Portal, Enterprise Content Management, Search, Business Intelligence and Social Computing - SharePoint is one of Microsoft’s most successful enterprise solutions. It is also a solution around which a huge, and ever expending network of partners and application providers has focused development.

In the post-credit crunch age, many organizations are reviewing the technology they use for strategic processes, including GRC reporting.  Many of these organizations have SharePoint deployed but may not be fully leveraging their investment. StratexPoint is the only SharePoint application available today that fully supports and embeds collaboration into GRC processes. StratexPoint goes beyond traditional GRC solutions by offering a fully integrated performance and risk management solution that is specifically designed to support and align organization management information at both a strategic and operational level.

StratexPoint enables Risk-based Performance Management deployment across US retail bank network

Risk-based performance has been selected as the framework to support the roll out of an integrated, enterprise-wide performance and risk framework, after a rigorous proof of concept process.

This deployment will cover the entire US network of a US retail bank and will be enabled via StratexPoint, a SharePoint application for performance and risk management. Given the nature of this deployment with an emphasis on cultural change and the need to embed performance and risk management, collaborative nature of StratexPoint, the ease of roll-out to 1500+ users and comprehensive functionality was critical in the client’s decision-making.