The term risk is used in many ways and is given different definitions depending on the field and context. Common to most definitions of risk is uncertainty and undesirable outcomes. It's not just risk associated with the threat of accidental loss (property damage and injury), but it's also the level of certainty as to whether the organization can meet its goals and objectives, hence the need for an enterprise risk management focus.
An enterprise risk program works best when the stakeholders within an organization collaborate, as the portfolio of risk throughout an organization has many overlaps and interrelations between operating functions. How risk is treated, mitigated or exploited may have different impacts throughout an organization, so it is important to to have that collaborative approach to ensure that the identification, assessment, analysis and treatment of risk maximizes risk certainty and opportunity throughout the entire organization. Take cyber risk strategies as one example. The organization's IT Department, in an effort to enhance the protection of sensitive data, has incorporated an AI algorithm that scans the attachments of outgoing emails, applying encryption to any attachment that is interpreted to contain sensitive data. The decision was made by the Head of IT, without consulting with the various stakeholders to determine the potential benefits of the automatic encryption as well as potential negative issues that could arise. The organization's finance director attempted to send an email to the organization's banking partner, containing financial information. The email was automatically encrypted, and when the banking partner received the email, they were unable to access the information, creating an obstacle to completing a critical, time-sensitive business transaction.
Had IT collaborated with finance to implement the encryption protocol, both IT and fiance could understand the protocol and the impact of potential issues could have been anticipated and mitigated. Potential mitigation would have included adjusting the encryption protocol to include the automatic distribution of login credentials to the banking partner. And if that wasn't possible, a secure upload link could have been created, so only the banking partner could access the secure information in an efficient, timely manner. This is how enterprise risk management is supposed to work in an organization. There is collaboration to maximize risk certainty while supporting the achievement of organizational objectives and goals.
riskthinktank facilitates enterprise risk management workshops that bring diverse operating functions to the table to talk about risk and develop better ways to identify, assess, analyze and treat risk so that the organizations risk portfolio is understood, and the risk treatments factor the individual needs of the different stakeholders to maximize risk certainty. Contact firstname.lastname@example.org if you want to set up a discussion.