No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Intentional Control Design: Pillar 2 of the CRF for Cybersecurity and ERM

Minimizing Risk Through Design

by James Bone
October 29, 2019
in Featured, Risk
blue print image of bridge with five supports

Cognitive governance is the first of five pillars making up the cognitive risk framework; the second is intentional control design. James Bone discusses chief considerations around intentional design.

The five pillars of a cognitive risk framework are designed to provide a three-dimensional view of enterprise risks. In the last installment, cognitive governance (CogGov) was introduced as the first pillar. Its five disciplines reimagine risk governance as a path toward enhanced assurance through a more rigorous view of the dual roles of risk assessment and risk management.

Cognitive governance is the driver of the other four pillars through a continuous process of exploration of risk behavior and uncertainty. Think of CogGov as a formalized Kaizen approach to improving risk governance:

  1. CogGov is structured to clarify the roles of risk governance and recognize that new processes are needed to reconcile inherently different perceptions of risk.
  2. The new insights that emerge from this approach inform the other four pillars in ways that are dynamic, simple and based around the human element.
  3. CogGov is responsible for developing templates for sustainable solutions to complexity in operations, people and technology risks using a multidisciplinary lens on blind spots that lead to errors in judgment.

The next four pillars are additional levers of risk governance.

<<CRF pillars image>>

The worst kept secret in many organizations is the lack of forward-looking investment in back office operations. Legacy infrastructure, manual risk processes, layers of confusing policies and procedures and changing demands from management make operations less nimble and resilient over time, requiring a series of “break-fix” maintenance actions simply to maintain the status quo.

Unfortunately, organizations become accustomed to workarounds, building them into operational preparedness as opposed to evaluating the net impact to long-term performance. Intentional control design (ICD) is a cognitive risk governance lever to build nimble and resilient operational excellence into risk management.

A Fundamental Approach to Reduce Risk

Intentional design (ID) is not a branch of design research, which originated out of a need for new methodologies to solve increasingly complex problems in organizational design. Intentional design is a more fundamental approach that involves reducing risks by relieving cognitive load, streamlining processes and enhancing situational awareness in business performance.

Emerging research in design highlights the opportunity as summarized by Bruce Archer, “the most fundamental challenge to conventional ideas on design has been the growing advocacy of systematic methods of problem-solving, borrowed from computer techniques and management theory, for the assessment of design problems and the development of design solutions.[i]

Archer’s challenge is no less daunting today. As organizations seek to integrate competing mandates that streamline security, enhance human decision-making and reduce operational complexity, good design becomes critical. The good news is, advanced technology is evolving to achieve breakthroughs in smart design to empower employees with situational awareness, risk management tools and straight-through processing workflows.

Intentional design, like any creative process, requires a clear vision of strategic objectives, which will be different for all organizations. Why position strategic objectives as key outcomes? Because when organizations fail to direct the right level of energy to achieving strategic objectives, outcomes become less certain over time.

The purpose of this paper is to provide a multidimensional approach to risk management and move away from one-dimensional solutions driven purely either by data analytics or qualitative evaluations of risk. Combining the two views of risk assessment is not sufficient. Risk professionals must become designers of risk solutions that facilitate risk awareness in each layer of the organization. Designing situational awareness into business operations reduces risk through insights into data with tools that anticipate and respond to emerging and present threats.

I offer an example of resiliency not as a standard, but to present a model for thinking about defining outcomes. Resiliency is one of many attributes used in considering intentional design.

Achieving Resiliency

Resiliency is developed through a consistent focus on the following elements:

(Quo Vadis)

  1. Clear goals and objectives that optimize performance
  2. Investment in people
  3. Nimble operations
  4. Financial agility
  5. Smart IT/cybersecurity
  6. Appropriate and balanced risk-taking/management
  7. Risk management tools
  8. Stable and robust relationships (customers/stakeholders)
  9. Strategic analysis
  10. Ethical behavior

The design of elements in an intentional design model should be formed through a rigorous process of collaboration within the organization. Each element is a design project and will require scope development. In the process of developing a scope strategy the following steps should be considered:

  • What are the synergies among all elements?
  • What are the bottlenecks to building synergy among elements?
  • What conflicts exist among or between the elements?
  • Which element(s) impact resiliency – positively or negatively?
  • What are the considerations around a full or partial implementation of each element?
  • Which element depends on support from one or more other elements?

Pay attention to and leverage each intersection between the key elements.

Intentional design represents a range of solutions designed to manage risks writ large and small.  Intentional design begins with a clear set of strategic objectives, leverages empirical risk-based data, then clarifies optimal outcomes. Simplicity in design is the guiding principle in intentional design.

I earlier referred to cognitive load and situational awareness as outcomes to intentional design. Very few will be familiar with the term cognitive load, but if I mentioned the impact of stress on performance, you would understand the concept that developed out of a study of problem-solving (Sweller, J June 1988).

Stress is created by situations requiring task completion under tight or shortened timelines in which the consequences are significant, resulting in either peak performance or failure. Stress factors increase the risk of failure when normal operating procedures must be discarded and improvisation is required. However, lessons can be learned – from design solutions to situational stress – to improve performance when the real thing occurs. In other words, performance is a product of good design.

More current research is needed on the impact of job performance and the design of the work environment. Studies have, however, found correlations between job performance and satisfaction and poor design of work processes. Most of these studies have focused on workplace ergonomics, health impacts and insurance costs, yet missed opportunities to evaluate how good workplace design contributes to better efficiency and work performance overall.

The synergy between the five principles of cognitive governance and intentional design become even more powerful when taking work design into account. A simple example may help clarify the point. For the first time in history, the medical industry is transforming to a digital environment. Medical data is revolutionizing how doctors diagnose patient care and monitor patients remotely. Patients are also benefiting by being empowered with medical devices, reducing visits to the doctor for routine checkups.

As data continues to be democratized across industries, workers will be empowered to manage risks in real time with access to a range of data to support better decision-making about risks and performance. Collectively, these processes improve situational awareness of risks and responses to risks much more proactively. The synergies must, however, be designed specifically to address risks that matter by creating tools to respond in kind.

The same types of models can and should be deployed to provide stakeholders – from front-line managers to the board of directors – with the same level of situational awareness to address threats in organizational fields of operation.


Tags: Enterprise Risk Management (ERM)
Previous Post

NAVEX Global Announces Upgrade to Lockpath Risk Management Platform

Next Post

AI and HR: Will AI Chatbots Replace the Employee Handbook?

James Bone

James Bone

James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors. James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective. James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.  

Related Posts

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

news roundup

1 in 3 US Workers Report Feeling Excluded or Marginalized

by Staff and Wire Reports
March 13, 2025

AI adoption surges in internal audit; few companies see themselves as disruptors

chess pieces

10 Questions That Separate Strategic Leaders From Spectators

by Jim DeLoach
February 19, 2025

From pattern recognition to emotional intelligence, key indicators reveal true boardroom influence

news roundup new

More Than Half of Companies Admit to Bending on Compliance in the Face of Business Pressure

by Staff and Wire Reports
November 1, 2024

Leaders struggling with AI governance, board risk oversight, employee concerns and geopolitical challenges

Next Post
AI and HR: Will AI Chatbots Replace the Employee Handbook?

AI and HR: Will AI Chatbots Replace the Employee Handbook?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights