Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Ten simple ways to manage risk … or not

Richard M. Steinberg | January 23, 2017

Much is written about risk, with directives to senior executives on how to manage it effectively and to boards on how to provide meaningful oversight. But what we read is comprised not only of the good, but also the bad and the ugly, causing intelligent executives and directors to struggle to recognize what really makes sense.

In an attempt to bring some light to the topic, outlined here are the ugliest of the ugly ways for companies to manage risk. It’s a “top ten” list, ala the no-longer-late night TV host David Letterman, which hopefully will provide insight into exactly what not to do!

10. Be sure to call your process “ERM.” “Enterprise risk management” is the catchword of the day, and executives can and do say that their risk management activities represent an ERM process. While “ERM” defines a risk management process that conforms to specified criteria, there seems to be no downside in telling people and the world that your company...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.