No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

A Robust Risk Assessment Needs a Shared Vocabulary, a Seat at the Table and the Right Tools

Thinking Creatively About the Language of Risk

by Matt Kunkel
March 12, 2021
in Featured, Risk
A rock balances on top of an egg in front of a blue background.

Many professionals outside of compliance teams are not fluent in the language of risk. That may be hurting the impact of your risk assessment – or even the greater well-being of your business.

GRC professionals believe risk and compliance should be an executive priority as they can drive revenue and inform business decision-making. But they can lose their payoff if other teams are unfamiliar with “risk speak” and the necessary tools and processes are not enacted to help translate those insights into actions.

Making risk a revenue driver comes down to adopting a quantitative approach to risk while putting the right management solutions in place. When this happens, it’s easier to translate risk and generate better, more informed decisions throughout the entire business. This is done by creating a common taxonomy, giving risk and compliance leaders a seat at the “mission-critical table” and thinking creatively about leveraging common control frameworks.

A Common Taxonomy Helps Drive Collaboration and Efficiency

A well-defined taxonomy structure is a useful tool for translating risk language between teams and departments. In order for the entire business to look at risk as a business driver, the identification and naming structure needs to be customized for a specific organization. When an organization has a taxonomy as a functional reference, it allows for easier aggregated reporting and decision-making across the business.

This will help team members avoid using the “weasel words” that all risk professionals like to use; these are phrases that leave room for ambiguity. Businesses need to leverage quantitative insights, data and reporting in order for a common taxonomy to be turned into revenue generation. Risk discussions should never include words and phrases like “decent,” “could happen,” “maybe” or “it’s a possibility.” Be exact and quantitative with reporting, because nobody really knows what someone means when they say those weasel words. For example, what does it mean if someone says, “there’s a fair chance of a data breach?” It can mean something different to everyone.

Additionally, if a common cross-department vocabulary isn’t already in place, technology adoption will be extremely low. In most cases, it will become shelf-wear. A GRC solution is a force multiplier for businesses, especially those that incorporate automation capabilities. If unpolished processes are multiplied before an updated taxonomy is put in place, it’ll only slow down GRC professionals and confuse the entire organization, including the board and C-suite executives.

A Seat for GRC Leaders at the “Mission-Critical Table”

GRC leaders need a seat at the table with the other mission-critical business stakeholders, like the CFO and the CEO. Risk professionals, because of their underlying knowledge of risk processes and language, truly understand business drivers of risk. This goes beyond just knowing the technical controls and necessary data pieces and functions. Having GRC leaders at the table results in risk language becoming more commonplace among an organization’s leadership circle, creating more valuable and meaningful risk-driven conversations.

When finding common language of risk among departmental and business-critical leaders, it’s easier to showcase the value of GRC processes and the impact of risk’s quantitative insights in everyday conversation. And, simply put, when a department’s leader establishes and enacts the agreed-upon language, the vocabulary better falls into place throughout all levels. A consistent structure is put into place to optimize processes, reporting and decision-making in all business areas.

When GRC leaders are at the mission-critical table, they also create a more collaborative environment. With cross-departmental control and intervention, they can connect and bring employees into the risk conversation, better explain core technology concepts and translate operational processes into easily digestible control points. All core business functions are then easily tested, monitored and assessed.

Translating Between Teams and Departments

Technology and sound processes enhance the conversation for risk as a business driver. It can be done without complexity or excessive nuance.

A valuable tool to enable cross-team communication is a risk-rating matrix. Oftentimes, before the introduction of GRC solutions, risk is weighted using an unscientific high, medium or low scale. But, when organizations start to enact common business language to further define those rating scales, they help increase the value of those parameters. The goal, then, is taking your rating scale and making sure you’re capturing financial and operational impact.

The risk-rating matrix must incorporate reputational influence based on local, national or global market dynamics. It must also account for strategic components that come into every department’s processes. It helps your business’ stakeholders and partners throughout the entire organization truly understand how those ratings come together. When an organization has clear reference points for the risk-rating assignments, the rating and information a business gets out of that process are even more valuable.

When a risk-rating matrix incorporates all of those business areas and is accepted and used across departments, the entire organization now has a common point of reference for recent resource allocation, decision-making and risk commonality. GRC and risk solutions that can provide ratings with common business-speak and break it down in terms of dollars and cents have a significant amount of value for an organization.

In the compliance and risk space, everyone needs to think creatively about how we’re leveraging common control frameworks and how we’re leveraging translation tools and reading structures. To turn GRC and risk into a business driver, organizations need to make sure they’re using them consistently and applying them thoughtfully across different areas of work. And, in order to truly bring all of those distinct pieces and requirements together in a thoughtful and effective way, it requires GRC leaders removing spreadsheet-, email- and SharePoint-based processes and leveraging the right technology to highlight insights and the established language of risk.


Tags: AutomationRisk Assessment
Previous Post

In Focus

Next Post

Board Members and Executives Identify the Top Risks for 2021

Matt Kunkel

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

cute robot looking at financial volumes

AI’s Dual Role in FinServ Risk Management

by Nalini Priya Uppari
March 28, 2025

As technology evolves, so do the tools that help banks and investment firms maintain stability amid uncertainty

mineral mining operation

Why Critical Minerals Demand a Compliance Revolution

by Rebeca Vergara Gaona
February 11, 2025

Corporate compliance lessons could help strengthen intergovernmental mineral agreements before problems arise

Next Post
figure of man standing at ladder stretched across gap in bridge

Board Members and Executives Identify the Top Risks for 2021

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights