Wednesday, April 14, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

A Robust Risk Assessment Needs a Shared Vocabulary, a Seat at the Table and the Right Tools

Thinking Creatively About the Language of Risk

by Matt Kunkel
March 12, 2021
in Featured, Risk
A rock balances on top of an egg in front of a blue background.

Many professionals outside of compliance teams are not fluent in the language of risk. That may be hurting the impact of your risk assessment – or even the greater well-being of your business.

GRC professionals believe risk and compliance should be an executive priority as they can drive revenue and inform business decision-making. But they can lose their payoff if other teams are unfamiliar with “risk speak” and the necessary tools and processes are not enacted to help translate those insights into actions.

Making risk a revenue driver comes down to adopting a quantitative approach to risk while putting the right management solutions in place. When this happens, it’s easier to translate risk and generate better, more informed decisions throughout the entire business. This is done by creating a common taxonomy, giving risk and compliance leaders a seat at the “mission-critical table” and thinking creatively about leveraging common control frameworks.

A Common Taxonomy Helps Drive Collaboration and Efficiency

A well-defined taxonomy structure is a useful tool for translating risk language between teams and departments. In order for the entire business to look at risk as a business driver, the identification and naming structure needs to be customized for a specific organization. When an organization has a taxonomy as a functional reference, it allows for easier aggregated reporting and decision-making across the business.

This will help team members avoid using the “weasel words” that all risk professionals like to use; these are phrases that leave room for ambiguity. Businesses need to leverage quantitative insights, data and reporting in order for a common taxonomy to be turned into revenue generation. Risk discussions should never include words and phrases like “decent,” “could happen,” “maybe” or “it’s a possibility.” Be exact and quantitative with reporting, because nobody really knows what someone means when they say those weasel words. For example, what does it mean if someone says, “there’s a fair chance of a data breach?” It can mean something different to everyone.

Additionally, if a common cross-department vocabulary isn’t already in place, technology adoption will be extremely low. In most cases, it will become shelf-wear. A GRC solution is a force multiplier for businesses, especially those that incorporate automation capabilities. If unpolished processes are multiplied before an updated taxonomy is put in place, it’ll only slow down GRC professionals and confuse the entire organization, including the board and C-suite executives.

A Seat for GRC Leaders at the “Mission-Critical Table”

GRC leaders need a seat at the table with the other mission-critical business stakeholders, like the CFO and the CEO. Risk professionals, because of their underlying knowledge of risk processes and language, truly understand business drivers of risk. This goes beyond just knowing the technical controls and necessary data pieces and functions. Having GRC leaders at the table results in risk language becoming more commonplace among an organization’s leadership circle, creating more valuable and meaningful risk-driven conversations.

When finding common language of risk among departmental and business-critical leaders, it’s easier to showcase the value of GRC processes and the impact of risk’s quantitative insights in everyday conversation. And, simply put, when a department’s leader establishes and enacts the agreed-upon language, the vocabulary better falls into place throughout all levels. A consistent structure is put into place to optimize processes, reporting and decision-making in all business areas.

When GRC leaders are at the mission-critical table, they also create a more collaborative environment. With cross-departmental control and intervention, they can connect and bring employees into the risk conversation, better explain core technology concepts and translate operational processes into easily digestible control points. All core business functions are then easily tested, monitored and assessed.

Translating Between Teams and Departments

Technology and sound processes enhance the conversation for risk as a business driver. It can be done without complexity or excessive nuance.

A valuable tool to enable cross-team communication is a risk-rating matrix. Oftentimes, before the introduction of GRC solutions, risk is weighted using an unscientific high, medium or low scale. But, when organizations start to enact common business language to further define those rating scales, they help increase the value of those parameters. The goal, then, is taking your rating scale and making sure you’re capturing financial and operational impact.

The risk-rating matrix must incorporate reputational influence based on local, national or global market dynamics. It must also account for strategic components that come into every department’s processes. It helps your business’ stakeholders and partners throughout the entire organization truly understand how those ratings come together. When an organization has clear reference points for the risk-rating assignments, the rating and information a business gets out of that process are even more valuable.

When a risk-rating matrix incorporates all of those business areas and is accepted and used across departments, the entire organization now has a common point of reference for recent resource allocation, decision-making and risk commonality. GRC and risk solutions that can provide ratings with common business-speak and break it down in terms of dollars and cents have a significant amount of value for an organization.

In the compliance and risk space, everyone needs to think creatively about how we’re leveraging common control frameworks and how we’re leveraging translation tools and reading structures. To turn GRC and risk into a business driver, organizations need to make sure they’re using them consistently and applying them thoughtfully across different areas of work. And, in order to truly bring all of those distinct pieces and requirements together in a thoughtful and effective way, it requires GRC leaders removing spreadsheet-, email- and SharePoint-based processes and leveraging the right technology to highlight insights and the established language of risk.


Tags: automationGRCrisk assessment
Previous Post

In Focus

Next Post

Board Members and Executives Identify the Top Risks for 2021

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

allustration of a man looking at a moon through a telescope

Periodic Reporting for Public Companies in 2021: What Lies Ahead

April 14, 2021
A view of the Veriff mobile app

Estonian Identity Verification Service Veriff Raises $69M in Series B Led by IVP and Accel

April 13, 2021
President Joe Biden.

The Biden Administration Is Ramping Up Numerous Cross-Border Enforcements. Compliance Teams Should Take Note.

April 13, 2021
Illustration of a handshake

Why Can’t We All Just Get Along? The Untapped Potential of Collaboration Between Compliance and In-House Counsel

April 8, 2021
Next Post
figure of man standing at ladder stretched across gap in bridge

Board Members and Executives Identify the Top Risks for 2021

2Behavox and CCI webinar: Power of Ai in F
OneTrust offers download to demonstrate privacy management leadership
Top 10 Risk and Compliance Trends

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2021 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe

© 2021 Corporate Compliance Insights