Feature
FOCUS
Down to earth While technology has become more complex since NASA’s 1969 moon landing, risk managers need to keep their feet on the ground BY MICHAEL LUTOMSKI
M
any people struggle in setting up or running a risk management process for their enterprise. They waste time on trying to nail down the fine details of the database, how to link other enterprise data to the risk database, how not to duplicate data from other processes – and they spend weeks talking to people about how processes “will be” implemented. They talk about how they will set up a review panel, who will attend, who is required to attend and on and on. What people forget is that fundamentally risk management is a communication system. It’s not rocket science – pun intended. Over the years in organisations large and small, government and private, I have been exposed to all sorts of risk management processes and databases. I will share some of my lessons on what is essential and what is optional in a risk process and how to continuously evolve the process commensurate with the maturity and size of the business.
What people forget is that fundamentally risk management is a communication system
Stepping back The first thing I like to do is to step back and consider why we are all doing risk management and what a risk management system is. I like to joke about how did NASA put a man on the moon in 1969 without a risk management process and risk register? How did they
18
Enterprise Risk