The role of risk management is to eliminate, mitigate, or accept. Most organisations have a range of risks that they have to deal with on a daily basis. They will often be determined by issues such as the business type, where in the world they operate, numbers of staff and the like.
There is also a wide range of legislation that determines that risks must be considered carefully. A good example is Health and Safety law, which impacted many organisations when it came into effect. Something previously as simple as using a set of ladders now often requires an assessment to be conducted, with the overall intention being the use of appropriate measures to prevent injury to the user, or other persons.
More recently we have witnessed a variance of responses to COVID across the world, which aptly illustrates part of the problem. You will rarely get a group of experts to agree about how to best manage the identified risks. As I was told many years ago during my time as a Deputy Director of Intelligence:
“your decision may come under scrutiny, your decision may be wrong, that can happen for a variety of reasons. The important thing is writing down how you came to that decision and what you put into place to manage it”.
Many of my clients have to conduct a variety of risk assessments in order to stay on the right side of the regulator. Using Money Laundering as an example, Due Diligence investigations fall into this category and are used as a tool to make an assessment. But let’s not forget the dangers associated with sensitive data held by companies in the financial services sector. A data breach due to a cyber-attack is devastating from a number of angles, not least reputational.
Having managed the risks associated with informants, surveillance operations and protected witnesses in my previous career, I know from experience that the final decision of what constitutes, ‘the risk from a risk’ can at times be varied. Most often based upon the assessor or assessor’s experience, or expertise, as mentioned earlier.
With that in mind we at Intelect have been working on a system that will help companies follow a consistent methodology for assessing a variety of business risks, such as customers, cyber and technology. The software will generate a report showing risk ratings based upon answers to questions and the ability to record how risks are being managed.
It is called IRIS (Intelect Risk Insight System). If you would like to know more, please keep an eye on our social media feeds for launch details.