When a Risk Analysis Group professional introduces themselves as an Integrated Risk Manager, the usual response is "Uh... is that like an insurance guy or an accountant or a security guard or something?"

The focus includes all these areas and more.

Integrated risk management goes beyond insurance inspections by acknowledging the broad range of internal and external hazards facing businesses, then combining a number of disciplines to gather information and create governance and security solutions.

The risks to an organization are many and varied, The risks identified in an insurance evaluation are often different than those considered by the finance experts and are certainly different than those identified by conventional security risk assessments.

Paradigm shift

Integrated risk management in conjunction with the Compliance Solution Matrix (tm) recognizes governance and security solutions that widely affect an organization should be made by, and be accessible by, a broad range of company personnel. This is a departure from the more traditional view that only top executives should be part of creating and implementing a company's survival plan.

Traditionally, identified risks were not shared with other elements of the organization and in many instances were protected from publication throughout the organization by being labeled 'confidential'. Initiatives to address the risks were developed by the 'owners' of the initiative, often without counsel or consideration by other members of the organization, despite the impact of the initiative across the organization. Stated in other terms, a decision that had a horizontal impact on the organization was made in a vertical organizational environment.

Integrated risk management is the consideration of all risks to the organization and, more importantly, the development of responses to identified risks that consider the entire organization before they are implemented.

For instance, a risk identified within the finance or information technology department is not 'owned' by that department. Instead, it is seen as a risk to the entire company. Integrated risk management brings exposures identified in one department to the management team for an 'enterprise-wide exploration of alternatives'. The primary function of the integrated risk manager is the facilitation of this process.

Risk management has come a long way since the Civil War when hazard analysis was something insurance companies did to reduce exposure to large claims and help customers select appropriate coverage and limits. Today, integrated risk management helps protect investors and stakeholders from financial loss and government compliance breaches; predicts and protects against crimes such as IT security breaches, fraud, employee theft and terrorism; and prepares a company for the effects of the unpredictable, such as natural disaster, supply chain interruption and even sudden political upheaval.

Site by