When I inform individuals that I am a Risk Manager, I receive three different follow-up comments from the inquiring party. Typically, that question is whether I am involved in financial risk issues, insurance or security. Why is that?

There is no specific contemporary definition of risk management in business organizations throughout the world. While it began in the insurance industry after the Civil War, it evolved into financial risk issues and, as security evolved into the business organizations, the definition applies in some security initiatives.

The Risk Analysis Group is promoting what I believe to be the appropriate application of the risk management principle within an organization, and to focus that application of this initiative the term 'Integrated Risk Management' has been developed. So, what is it?

The risks to an organization are many and varied. The risks identified and addressed in an insurance evaluation are often different than those considered by the finance experts and are certainly different than those identified by conventional security risk assessments. Traditionally, the identified risks were not shared with other elements of the organization and in many instances were protected from publication throughout the organization as 'confidential'. Initiatives to address the identified risks were developed by the 'owners' of the initiative, often without counsel or consideration by other members of the organization, despite the impact of the initiative across the organization. Stated in other terms, a decision made in a vertical organizational environment that has a horizontal impact to the organization.

Integrated Risk Management is the consideration of all risks to the organization and, more importantly, the development of responses to identified risks that consider the entire organization before it is implemented. The success of this discipline is dependent upon the direct support of the Chief Executive Office and the person that the CEO selects as the Integrated Risk Manager, or, as being promoted by the Risk Analysis Group, the Chief Security Officer (CSO), or the senior security executive. I do not recommend the expansion of the role of the CIO into this role.

Any decision that addresses an issue of potential harm to the organization must be a business decision, devoid of specific department politics and turf issues, with all of the stakeholders participating in its development. The CSO, reporting to the CEO, is the facilitator of this process, a process of enterprise-wide integrated risk management.

"I have been a member of ASIS since 1990 and have attended numerous security seminars in which they typically tell you about what has happened in the past.

Risk Analysis Group taught me about what is happening now, and what I need to be aware of for the future. RAG also understands that one person cant know it all - and they have brought in several different speakers who are experts on different areas of security.

Now that I know how valuable Risk Analysis Group's course is, I am going to recommend my company's executive and HR team attend as well."

Jonathan McBride, Security and Safety Director, Innotrac (Reno, NV)

*Mention the Risk Analysis Group and receive $100 on your EasyLobby purchase