Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Mar 9th, 2017

We could not resist to publish some comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence.”

The survey shows, as expected, that reputation and cyber risk concerns remain central. Meanwhile progress in abolishing silos between legal, IT and finance is slow. This pairs up with 50% of polled organizations lacking a formal budget for Enterprise Risk Management (ERM). As a result the survey delivers a fairly dull and inefficient landscape.

Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Ponemon adeptly differentiate Enterprise Risk Intelligence (ERI), i.e. the “data gathering discipline” from ERM. ERM is the systematic analysis of enterprise risks. ERM should not be encumbered by silos, as discussed, for example above or in a prior post.

Some results

Roughly 40% of the respondents stated that ERI integrates well with the way decision-makers select their course of actions. This sounds good, meaning that 40% believe that getting data before making decisions is “good practice”. What is astounding is that 50% do not have “formal” ERM funded. This can be interpreted as they believe that data gathering and subsequent “intuitions” are enough to steer their companies toward success.

It could well be that the fault lies with the applied approach or even with the risk manager. That is if there is one formally in charge. Not defining the system to which ERM is applied and, more importantly, not stating clearly and transparently enough the success criteria of the ERM (the mirror image of the failure criteria) nullifies any ERM effort.

This is probably why many respondents consider ERM “useless”.

Another culprit is certainly to be found in communication, both internal and external. Furthermore, closely related to it, the failure to formulating coherent risk tolerance levels.

What to do

So, unless risk managers better their results, that is better define hazards and resulting risks, interdependencies and the full scope of potential outcomes there will be little progress.

Four years ago we were already stating this in papers like “Can we stop misrepresenting reality to the public and “Is it true that pigs can fly

Get over the obstructions and see a clearer future. Contact us!

Tagged with: , , , ,

Category: Risk analysis, Risk management, Tolerance/Acceptability

Leave a Reply

Your email address will not be published. Required fields are marked *

Riskope Blog latests posts

  • Review of Credibility Crisis
  • 26-01-2022
  • Today we present the review of Credibility Crisis, Brumadinho and the politics of mining industry reform. The authors of this…
  • Read More
  • Recent failure at Pau Branco Mine, MG, Brazil
  • 13-01-2022
  • The recent failure at Pau Branco Mine, MG, Brazil is a classic example of cascading events. At this Vallourec Mineração…
  • Read More
  • What lies ahead?
  • 5-01-2022
  • What lies ahead? Well, first of all we wish all the serene and fruitful 2022 we all deserve despite the…
  • Read More
  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Hosted and powered by WR London.