Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Mar 9th, 2017

We could not resist to publish some comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence.”

The survey shows, as expected, that reputation and cyber risk concerns remain central. Meanwhile progress in abolishing silos between legal, IT and finance is slow. This pairs up with 50% of polled organizations lacking a formal budget for Enterprise Risk Management (ERM). As a result the survey delivers a fairly dull and inefficient landscape.

Comments on the Ponemon survey The Imperative to Raise Enterprise Risk Intelligence

Ponemon adeptly differentiate Enterprise Risk Intelligence (ERI), i.e. the “data gathering discipline” from ERM. ERM is the systematic analysis of enterprise risks. ERM should not be encumbered by silos, as discussed, for example above or in a prior post.

Some results

Roughly 40% of the respondents stated that ERI integrates well with the way decision-makers select their course of actions. This sounds good, meaning that 40% believe that getting data before making decisions is “good practice”. What is astounding is that 50% do not have “formal” ERM funded. This can be interpreted as they believe that data gathering and subsequent “intuitions” are enough to steer their companies toward success.

It could well be that the fault lies with the applied approach or even with the risk manager. That is if there is one formally in charge. Not defining the system to which ERM is applied and, more importantly, not stating clearly and transparently enough the success criteria of the ERM (the mirror image of the failure criteria) nullifies any ERM effort.

This is probably why many respondents consider ERM “useless”.

Another culprit is certainly to be found in communication, both internal and external. Furthermore, closely related to it, the failure to formulating coherent risk tolerance levels.

What to do

So, unless risk managers better their results, that is better define hazards and resulting risks, interdependencies and the full scope of potential outcomes there will be little progress.

Four years ago we were already stating this in papers like “Can we stop misrepresenting reality to the public and “Is it true that pigs can fly

Get over the obstructions and see a clearer future. Contact us!

Tagged with: , , , ,

Category: Risk analysis, Risk management, Tolerance/Acceptability

Leave a Reply

Your email address will not be published.

Riskope Blog latests posts

  • Questions on ALARP studies at Tailings 2022
  • 13-07-2022
  •  Readers and conference delegates asked the following Questions on ALARP studies at Tailings 2022 and when they read a case…
  • Read More
  • A Case Study on ALARP Optimization
  • 6-07-2022
  • A Case Study on ALARP Optimization is the title our paper at Tailings 2022. The combination of probability of failure…
  • Read More
  • Tailings dams risk mitigation through risk informed decision making
  • 22-06-2022
  • Tailings dams risk mitigation through risk informed decision making (Tailings Dam Risk Mitigation Through Risk Informed Decision Making,) is the…
  • Read More
  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Hosted and powered by WR London.