In this 19th issue of Risk Watch, three authors share opinions, perspectives, and ideas about what is happening in the risk world and beyond.
Imran Ahmad, Partner and National Leader of Cybersecurity at Miller Thomson LLP, and Richard Arthurs, Partner and National Governance and Risk Management Leader at MNP LLP list four key steps that organizations can take to effectively respond to the dual requirement of compliance and overall cyber readiness. They recommend conducting a full critical infrastructure asset, building a risk and control framework, considering “legal privilege,” and creating a clear roadmap to prioritize allocation of resources.
Navin Maharaj, Senior Manager, Enterprise Risk Management at OP Trust, provides insights into operating and sustaining enterprise risk management in the absence of a dedicated ERM function. He recommends three approaches—decentralizing ERM and using risk “champions,” integrating ERM into organizational planning and decision-making; and embedding risk in the decision-making process of the organization—to assist with maintaining, sustaining, and enhancing an organization’s ERM program.
Salvatore Cucchiara, Foresight Strategist and Systemic Designer, Government of Alberta’s Department of Energy, Alberta CoLab, maintains that more emphasis should be placed on strategic risk. He suggests that evolution in risk management should draw on foresight tools to understand how risks could evolve in the future, and that techniques, such as wind-tunnelling and the three-horizons model, can help prepare for an uncertain future.
This issue also includes a brief overview of a session on risk frameworks that took place at The Conference Board of Canada’s Enterprise Risk Management 2017 conference. The session focused on the evolution and recent changes to the leading enterprise risk management standards: ISO 31000 and COSO ERM Integrated Framework.