These are my notes from the OCEG webinar: Business Risk Intelligence.
- Carole Stern Switzer, President of OCEG
- Paul Shultz, Managing Director of Protiviti
- Dave Anderson, Senior Director of SAP Business Objects
Paul frames the problem: Risk is often just an afterthought of strategy, resulting in strategic objectives that may be unrealistic and risk management being an appendage to performance management.
Paul breaks the solution down into components: enable, measure, plan, aim, aspire and protect to enable technology to build enterprise risk intelligence.
Dave views risk intelligence as a peice of performance. Risks can prevent you from reaching your goals. Strategy needs context to make decisions and needs to be connected to operations. Then there maybe a gap between the strategy and the execution.
Dave (and SAP’s) approach is to have an integrated approach to strategy and risk management, by addressing financial risk, compliance risks,market risks,process risks, and people risks.
Dave points out that S&P’s now requires enterprise risk management into their evaluation criteria as part of their credit rating calculations.
Carole pointed out that you want transparency so that risk is not hidden (whether intentionally or not).
it was interesting to hear the use of KRIs in connection with KPIs. (That is Key Risk Indicators and Key Performance Indicators.