About BWise

Blog

Assessing Operational Risks and Managing Incidents

December 22, 2011 by
Filed under: Governance, Risk and Compliance

I'd like to write about some basic things, nothing groundbreaking, simply using existing information you might probably have. Many organizations have a lot of information on their risks, but do not find ways to properly use it or do not find ways to garner business intelligence from it. Organizations may regularly perform risk assessments, some in a very structured way, many others in less structured ways. Many organization already collect incidents, sometimes just for compliance purposes with no particular business reasoning. Few use the combined intelligence; could it be valuable to compare risk assessment results with incident data? Certainly for operational risk events, there should be a relation between the two. One would expect that a risk that is assessed and is happening frequently, would also result in demonstrable incidents. The interesting data results when you have the information, but you do not find the relation.


Now, two things might be the case:

Your risk assessment was high, but you don't see any incidents. Again two things:
  • Business was too negative and the risks aren't actually that high. In this case, care should be taken that business hasn't over controlled everything at considerable cost and frustration. This is an opportunity for cost reduction.
  • The incidents aren't captured, implying they might happen, and the business is losing many without even knowing it. This is a more serious situation and immediate action is required. This is an opportunity for risk reduction.
Your risk assessment was low, and incidents are happening more than anticipated.
  • Clearly, the business underestimated risks and business processes are under-controlled. Extra measures should be taken immediately and risks should be re-assessed. This is an opportunity for risk reduction and cost reduction too; preventing the incidents from happening.
All situations are triggers to increase risk awareness and risk responsiveness. Such an integrated view on risk assessments and incidents is only possible when you have an integrated system.

Tags: Risk Management, GRC, Incident Management

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up