Another great year at the ISACA Ireland national conference in Dublin. Built on Basics, Running on Trust is an excellent theme for this year’s annual conference. All too often we forget about risk management fundamentals (Built on Basics) and trust that what we are doing is the right thing to do (Running on Trust). My session entitled Asset-oriented Risk Management explores a case study where placing blind faith in the enterprise risk management (ERM) process led to catastrophic results. We explore an organization that had by all accounts a highly mature world-class ERM program. However, the organization had a minor flaw in their ERM process that nearly destroyed the organization. As risk practitioners, we must constantly challenge the status quo and ask ourselves;
• Are we doing enough?
• Are we doing the RIGHT things?
• Just because we have always done it this way, is this the right thing to do?”
• Are we running on trust (and being lucky) or are we really protected?
I presented a new risk management paradigm that focuses on risk management fundamentals (Built on Basics). During the session we saw how loosely coupled risk management processes can benefit the organization, improve organizational resiliency, and prevent risk management disasters. This new paradigm is asset-oriented risk management. Nearly all international standards and industry experts state that the fundamental reason we must manage risk is to protect the assets needed to meet business objectives. With asset protection as the stated goal of risk management, why do we place so much emphasis on the risk management process instead of focusing on asset protection? Asset-oriented risk management helps avoid problems created when people and organizations put blind faith in the risk management process without regard to process effectiveness. This session presents asset-oriented risk management and shows how it can improve an organization’s ERM and help them more effectively manage risk.