“Ten years from now there will be risk we haven’t seen or even though about yet,” said Ellen Shew Holland, ARM, president of Strategic Risk Frameworks, LLC, in conversation with Paola Saibene for our data governance video series. “But if you have your data and your IT infrastructure rolling and changing appropriately, you will be able to manage it.
“And if you do not, there will be disruption that impacts all the things we try to protect.”
Shew Holland founded Strategic Risk Frameworks, LLC, to help clients minimize risk and focus on growth. Her previous experience in risk management for universities supports her current efforts to address strategic enterprise risk, resilience, emerging risks, and supply chain assessments. Read on for highlights from her discussion of strategic risk management and data governance.
1 . The strategic risk process identifies and assesses risk, implements treatment, and monitors risk as part of a continuous cycle.
That process addresses certainties and gives a business the foundation and confidence to address the unknowns when they occur.
“I am passionate about getting companies to recognize it’s important to have someone with a risk focus at all times,” Shew Holland said. “That can be a partial role depending on bandwidth, but having that focus is extremely important.”
2. Like data governance, strategic risk requires leadership commitment, diverse skills that are cross-functional, and an enterprise perspective.
But unlike data governance, which focuses on life-cycle data management, strategic risk works to protect people, reputation, finance, operations, and assets.
“I’d always rather be prepared for an instance that never occurs,” Shew Holland said.
3. You miss opportunities whenever strategic risks are ignored or unidentified.
The strategic enterprise risk framework is grounded in best practices such as ISO 31000 and ISO 27001 and should be embedded in your existing processes or architecture. But to really make it work, you need to empower your team to do the right thing; manage and monitor KPIs and KPRs with appropriate data; and hold managers and staff accountable.
4. A strategic risk focus adds value by focusing on your priorities.
By definition, risk is a circumstance that can prohibit or impact your strategy. If you aren’t scanning the horizon and following the data, missed opportunities are a state of being. If, instead, you develop a strategic risk focus, you have the accurate, accessible, high-quality data and a framework for evaluating it.
“The key is being able to tell your story to the media, shareholders, [and other stakeholders],” Shew Holland said.
5. Strategic risk management depends on data governance.
“If you try to bluff, you’ll be found out,” Shew Holland said. “You have to understand when providing data that someone may have the wherewithal and curiosity to ask ‘where did you get it and how did you get it.” If you can answer with a high degree of confidence, that’s invaluable.”
Want to learn more? Check out the full conversation between Shew Holland and Saibene.