The Active Risk Blog


On July 15th 2016 the Office of Management and Budget, an Executive Office for the President, released a major revision to OMB A-123. Now entitled ‘Management’s Responsibility for Enterprise Risk Management and Internal Control’ the new version underlines the importance of the relationship between Internal Controls and Enterprise Risk Management (ERM). This is the next step following the introduction of ‘risk based thinking’ in ISO9001:2015.   To our minds, we are seeing a natural progression as organizations worldwide look to improve performance by operating at higher levels of risk maturity which integrate ERM, Internal Controls, and Governance in a closed-loop process.  

  In OMB A-123, the administration emphasizes the importance of having appropriate risk management processes and systems in place to identify challenges early, to bring them to the attention of agency leadership and to develop solutions.   It also states that implementation of this policy ...  



We’ve been working with the folks at GRC20/20, and in particular, with Michael Rasmussen, the father of the term GRC which he created when he was the Lead Research Fellow at Forrester in 2003.   Together we’ve produced a paper about providing 360˚ contextual awareness of risk. Michael’s industry research has shown that in many organisations, it is the case that risk management still takes place in silos. Distributed business units maintain their own risk data, spreadsheets, analytics, modelling, frameworks and assumptions. And while organizations are keen to improve risk management, this standalone approach for each area poses a major challenge.   When an organization runs risk in a piecemeal fashion with information held in silos, there is little collaboration, and therefore no opportunity to build intelligence as individual risks intersect and compound. This approach makes it all but impossible to ...  



23 June was not just the day that UK citizens voted on the EU Referendum, it was also the day that our series of Global Conferences went to London.   This was the largest of our conferences to date, and we were delighted to welcome record numbers of attendees, despite traffic chaos caused by heavy rain.   Our two keynote speakers, Sir Ranulph Fiennes, the renowned adventurer and polar explorer and Michael White, Assistant Editor of the Guardian and broadcaster were both were extremely entertaining. Ran told numerous anecdotes of hair-raising near-disaster in polar expeditions, with plenty of grizzly photos. He also talked about his earlier military career, and about reducing risk in warfare – particularly reducing the number of deaths of soldiers. His final comment was that nature isn’t out to get you, but in business, your competitors ...  



  The other day I came across an EY white paper called Turning Risk into Results that I first read a couple of years ago. What struck me is just how on the button the paper was, and we are certainly seeing many of the trends discussed reflected in our own customer base currently.   The paper is all about how leading companies use risk management to improve business performance. The original research was based on a global, quantitative survey (with 576 interviews and a review of over 2,750 analyst and company reports), that assessed the level of risk maturity and its relationship with financial performance.   It highlights some stark contrasts between the top performing companies (in terms of risk maturity) and those at the bottom. For example, companies in the top 20% of risk maturity generated three times the level ...  



Guest blog - Paul Leach – Principal of Commercial & Risk, JukesTodd.   In our business we provide professional services to improve outcomes and business performance for organizations in the mining, infrastructure and energy sectors.   We identified early on when working with our clients that good risk management practice is essential to the successful delivery of all projects including achievement of agreed budgets and timescales. In fact, risk management has always been fundamental to our services approach.   While skilled at identifying risk and opportunities, we recognized that we needed a disciplined approach to help us better manage and drive value from the risk management process – a system that would benefit both us and our clients.   For us Active Risk Manager is that system – it helps us to keep track of project risks, and holds us to account for delivery of effective risk ...