Poor risk management capability will slow and potentially destroy an organisation’s potential. Risk capability residing within teams who proactively apply this will help contribute to an organisation’s relevance. If risk management practices are not mature and across the employee population, activities will slow or stop.
Blogs one to eleven content from my book DIGITAL IS EVERYONE'S BUSINESS included a learning mindset, transparency, and technology management tips, essential for creating trust. Consistent risk management practices contribute to maintaining trust.
The greater the number of employees with risk capabilities will increase the delivery velocity of initiatives, ensuring the organisation has the potential to remain relevant.
Technology risk within an organisation is considerable, and the consequences are potentially catastrophic. Agile teams of people working through the priorities sometimes place the voice of the customer or business ahead of outstanding risks. The assessment of risks before issues manifest is required. When assessing consider;
Inherent risk: How ‘likely’ or ‘bad’ could this be?
Residual risk: What are you comfortable tolerating? Accepting a risk needs to be within an organisation’s appetite for risk.
Controls can help minimise or possibly avoid something terrible happening. There are two primary types of controls.
Preventative controls are best; however, they are not always available or possible. An example would be the encryption of data across a network within an Infrastructure as a Service.
Detective controls can help minimise the event by identifying and actioning the event early in its occurrence. An example would be deploying a monitoring solution that would identify an extraction of data by a third party where encryption is not available.
Risk management is not the most exciting of topics; however, things can become the wrong type of exciting when employees do not regularly apply it. Next week's blog includes thoughts on controls and issue management.