What's the best way to coordinate with other risk management departments?

One of the biggest challenges in Risk Management and governance protocols is the lack of buy in and understanding of the end users. A simple task like incident logging or user management risk / governance requirements can cause great frustration to your users and operational deliverables of the organisation. One of the key enablers to having a greater compliance to the risk management strategy is to have regular and effective engagement sessions with your end users. Their buy in and compliance is often overlooked but is a key requirement in operationalizing your risk management strategies.

- Discover and document the real risks, across the various units of the Enterorise - Define a commonly agreed target with all key stockholders - Sync all related units’ activities towards the target - Use Technology and IT processes to enable change management - Demonstrate leadership in implementing all required controls - Foster collaboration and coordination - Fine tune and optimize results, based on lessons learned - Frequently reassess the whole process

Have an integrated risk leadership function where all risk departments are represented and which follows the rule "no-one speaks twice until everyone has spoken once"

These are the different ways to coordinate with other risk management departments: 1. Establish clear communication channels for regular updates and discussions. 2. Define roles and responsibilities to avoid overlap and ensure focus. 3. Create cross-functional teams for collaborative projects and diverse expertise. 4. Implement shared data repositories, integrated assessments, and unified frameworks.

IMHO, instead of having risk management departments, we need to integrate risk management more organically into our day-to-day operations. It should be as fundamental as any of our core business processes. I also believe in the importance of transparent and clear communication when it comes to addressing and discussing risks. It’s paramount that all stakeholders, internally and externally, are well-informed. Moreover, consistent training sessions could be beneficial, ensuring we’re all aligned with the latest methodologies and best practices in risk management. And, as the business landscape continues to evolve, it’s prudent for us to periodically re-evaluate our strategies to ensure they remain effective and in line with current demands.

A standardised Risk Taxonomy is seen to be a key step towards achieving the sharing of data across the business. Ownership and accountability for the different levels of hierarchy is additionally a key step

True, the risk framework that each are uses needs to be consistent. If one group uses a 1-3 range, and the other uses 1-5, then you have a problem. The underlying data from each area is not so important. What is is the expression of the risks that everyone can understand.

Risk managers should make sure that common risk management principles and language are used throughout the organization. However, they should be able to help tailor risk management tools for risks assessment and documentation to suit specifics of each function.

To truly synchronize with other risk management departments, it’s imperative that we share our data and insights. By establishing a consistent language and framework for IT risk reporting, we not only streamline communication but also bolster the integrity and accuracy of our assessments. Leveraging standardized tools can help in ensuring that our data remains relevant and updated. Naturally, adhering to data protection norms is non-negotiable. Sharing our data, in this manner, paves the way for enhanced transparency, allowing for more informed decision-making and an effective risk response across the organization.

Language or expression of data used to communicate risk must be practical and have a sense of urgency that can convince everyone to prioritize and implement.

Integrating Real-Time Risks in Business Functions: A Practical RCSA Approach In the dynamic world of risk management, the real challenge lies in identifying and addressing risks in real-time, particularly across diverse business functions. Risk Control Self-Assessment (RCSA) is not just a theoretical concept but a practical tool in our arsenal to tackle these challenges. The importance of RCSA in real-time risk identification and resolution across various business functions, in sync with global standards like those set by the Basel Committee. By integrating RCSA effectively into everyday operations, organizations can turn potential conflicts into opportunities for strengthening risk controls and achieving operational excellence.

Look for opportunities where the departments can cooperate in the area of risk mitigation. A common activity of one department may increase risk for another.

The ISO experts at the ISO Technical Committees level are doing it, making sure the language in ISO9001:2015 and ISO14000:2015 is consistent with ISO31000:2009, so no excuses for the risk managers on the ground.

Lessons learned and root cause analysis (given usually after something bad has happened) are excellent teachers. They are not always a happy activity, but they can save lives in the future.

Fostering a continuous improvement culture is integral. It’s not easy to call out control issues and incidents, and open them up for feedback. Remembering that it’s all professional and we’re all trying to do the best for the organization is key.

There will always be gaps... and some may take time and political willpower to close. Clear agreement on what the gap at hand is... is critical for success in closing it.

Coordinating with other risk management departments can be crucial for effective risk mitigation and sharing best practices. Benchmarking and competition can be effective techniques to foster collaboration and drive continuous improvement. 1. Benchmarking: Comparing performance and practices with other risk management departments can provide valuable insights and help identify areas for improvement. 2. Competitions and Challenges: Organizing friendly competitions and challenges can stimulate healthy competition among risk management departments and encourage innovation.