RESOLUTION8
  • Home
  • About us
    • Our team
    • Case studies
  • What we do
    • Digital Advisory
    • Project Delivery
    • Data & Innovation
    • Business Support
    • Digital Advisory as a Service
    • PMO as a Service
  • Insights
  • Contact us

Enterprise Risk Management as a Mitigation for Cyber-Aggression

4/4/2024

0 Comments

 
In a connected world, multiple tools and tactics can be deployed to lower the risk of cyber-aggression disrupting business. There remains a residual risk that an attack, infiltration or unintended process failure can lead to loss of systems or data, privacy breaches and theft of IP, resulting in damage or even business failure.
Picture
Implementation of an Enterprise Risk and Assurance Management (ERAM) framework is recommended for all organisations. If used it is a wide and deep capability to reduce the likelihood and impact of cyber-aggression or process failure. In many cases the framework identifies an appetite for risk taking, in contrast to traditional risk avoidance. If utilised well a structured, phased approach can help to manage risk and protect value:
  • Consistent and transparent use of risk and assurance tools streamlines enterprise risk and opportunity response i.e. moving from a ‘just do it’ and superficial risk assessment to knowledge sharing and acceptance of structured risk taking;
  • Moving from a compliance model to better utilisation of cash and capital through consideration of both risk and opportunity spend i.e. using a risk appetite model to determine risk management value and spend.

Picture
Implementation of a comprehensive ERAM framework presents several challenges:
  • Often Enterprise Risk and Assurance objectives are not aligned with corporate objectives. This challenge is deflected through the explicit linking of the Framework to strategy and policies.
  • Senior management may not whole-heartedly support the implementation of Enterprise Risk and Assurance. This is addressed through an approval process by the executive and governance bodies and education steps in a structured implementation plan.
  • The ERAM model itself may be inadequate. The use of peer review, senior and executive review and governance level approval puts the Resolution8 model to the test at each client site. The model is reviewed after the pilot phase of the implementation plan has concluded to ensure it remains fit for purpose.
  • Inadequate tools for quantitative analysis and decision support can derail implementation. Risk assessment is a blend of qualitative and quantitative analysis. When supported by standardised business processes and performance measures there is a sound basis for risk and opportunity measurement. Resolution8 offers a skilled group of data and business analysts who can assist in this phase.
  • A cultural mismatch, much like the challenges faced in a change management programme, can retain a silo type approach to ERAM implementation. Technology implementation and reliance means that the core competencies of Business Continuity Planning/Preparation (BCP) and technology Disaster Recovery (DR) solutions link directly to Enterprise Risk Management. Resoution8 has the expertise to introduce and implement both BCP and DR at appropriate scale for your organisation.

Picture
Why Enterprise – why not just Risk Management?
 
Enterprise risk and assurance management comprises:
  • Aligning risk appetite and strategy through project, programme and BAU activity
  • Enhancing risk response decisions – risk avoidance, reduction, sharing and acceptance
  • Reducing operational surprises and losses
  • Identifying and managing multiple concurrent risks
  • Seizing opportunities
  • Measuring and monitoring risk and assurance achievement
  • Improving deployment of capital through appropriate technology decisions and protection through BCP and DR.
 
How does it work?
Implementing Enterprise Risk and Assurance Management is a five step programme and, unlike other enterprise-wide initiatives, business units can be at differing stages of achievement of the plan. The Resolution8 model distinguishes phases which are flexible enough to take into account the varying stages of evolution of ERAM across the business.
 
The five standard steps of a continuously improving Enterprise Risk and Assurance Management programme are:
  • An ‘as is’ analysis
  • Establish the value proposition
  • Develop the ERAM model or framework
  • Pilot the framework
  • Review/revise/roadmap
 
If you would like to know more, or even have a current concern which needs support, get in touch: [email protected]

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    AUTHORS.

    Peter Gilbert is the Director of Resolution8 and has a passion for good project delivery.

    Sally Rosenberg is the Project Delivery Lead and focused on getting great client outcomes delivered.

    Vivek Sharma is the Data and Innovation Lead and an innovative problem solver.

    Louise Mercer is the Digital Advisory Lead with a keen interest in technology and governance.

    ARCHIVES.

    October 2024
    August 2024
    May 2024
    April 2024
    March 2024
    June 2023
    October 2022
    August 2022
    May 2022
    March 2022
    November 2020
    September 2020
    July 2020
    June 2020
    October 2017
    August 2017

    CATEGORIES.

    All
    Animation
    Privacy
    Projects

    RSS Feed

What we Do

Digital Advisory
Project Delivery
Data & Innovation
Foundation Support
PMO as a Service
Digital Advisory as a Service

Contact Us

E I  [email protected]
​
P | 0508 737 658​

Resolution8 is based in the Waikato and works across the North and South Islands.
© COPYRIGHT 2024. ALL RIGHTS RESERVED.
  • Home
  • About us
    • Our team
    • Case studies
  • What we do
    • Digital Advisory
    • Project Delivery
    • Data & Innovation
    • Business Support
    • Digital Advisory as a Service
    • PMO as a Service
  • Insights
  • Contact us