What is Risk?
The possibility of any unlikely event to occur is called risk.
Risk Management
Risk Management is the identification, assessment, and prioritization of risks followed by economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
Where Risks can come from?
Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.
What should Risk management do?
• Risk management should create value.
• Risk management should be an integral part of organizational processes.
• Risk management should be part of decision making.
• Risk management should explicitly address uncertainty.
• Risk management should be systematic and structured.
• Risk management should be based on the best available information.
• Risk management should be tailored.
• Risk management should take into account human factors.
• Risk management should be transparent and inclusive.
• Risk management should be dynamic, iterative and responsive to change.
• Risk management should be capable of continual improvement and enhancement.
Types of Risk management:
Some of the Risk management types are:
• credit risk management
• financial risk management
• information risk management
• operational risk management
• Technology risk management
Tuesday, May 26, 2009
Sunday, September 21, 2008
Software Plus Services strategy for GRC
Governance, Risk, and Compliance or "GRC" is an increasingly recognized term that reflects a new way in which organizations can adopt an integrated approach to manage these three areas. The term is often positioned as a single business activity, when in fact, it includes multiple overlapping and related activities within an organization, e.g. internal audit, compliance, board oversight, enterprise risk management (ERM), operational risk management and incident management or whistle blowing.
Governance is the responsibility of senior executive management and focuses on creating organizational transparency by defining the mechanisms an organization uses to ensure that its constituents follow established processes and policies. A proper governance strategy implements systems to monitor and record current business activity, takes steps to ensure compliance with agreed policies, and provides for corrective action in cases where the rules have been ignored or misconstrued.
Risk Management is the process by which an organization sets the risk appetite, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives. Risk Management leverages internal controls to manage and mitigate risk throughout the organization.
Compliance is the process that records and monitors the policies, procedures and controls needed to enable compliance with legislative or industry mandates as well as internal policies
Software Plus Services:
While there are several On-Premise GRC solutions available in the market from vendors like Favored Solutions, Paisley, OpenPages, TeamMate etc., it could be an expensive proposition for SMEs to implement On-Premise solutions. One emerging GRC implementation strategy for SMEs is to go for an ‘On-demand’ solution complemented by the GRC and IT implementation and professional services provided by the same vendor, I call it ‘Software plus Services’ strategy. This could save SMEs lot of upfront effort and money (low TCO) and will allow them to focus more on their core business. infact this strategy is equally beneficial large corporations as well. Software plus Services describes the idea of combining hosted services with capabilities that are best achieved with locally running software. Software as a Service (SaaS) today is an established delivery mechanism for enterprise applications and im my software plus services strategy is complemented by professional services(both IT and GRC) offered by the same vendor to expedite the GRC implementation.
On-Demand GRC Solutions:
Some On-Demand GRC application providers that can help implement GRC-Software Plus Services strategy include:
1, Axentis
2, Favored Solutions
3, Paisley
While Axentise and Paisley cater more to large corporations and global 2000 customers, Favored Solutions is working closley with SMEs globally to help them implement their GRC strategy.
Software-as-a-Service (SaaS)
With the increasing use of internet and due to heavy maintenance cost the latest trend is On-demand software, often referred to as ‘Software-as-a-Service’ (SaaS), is rapidly gaining attention of not only SMEs but large corporations as well and some of the benefits of ‘Saas’ model are:
1. Anytime, anywhere access
2. Subscription based
3. Cost effective
4. Easy to maintain
5. Automatic, off-site backups
6. Secure
Governance is the responsibility of senior executive management and focuses on creating organizational transparency by defining the mechanisms an organization uses to ensure that its constituents follow established processes and policies. A proper governance strategy implements systems to monitor and record current business activity, takes steps to ensure compliance with agreed policies, and provides for corrective action in cases where the rules have been ignored or misconstrued.
Risk Management is the process by which an organization sets the risk appetite, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives. Risk Management leverages internal controls to manage and mitigate risk throughout the organization.
Compliance is the process that records and monitors the policies, procedures and controls needed to enable compliance with legislative or industry mandates as well as internal policies
Software Plus Services:
While there are several On-Premise GRC solutions available in the market from vendors like Favored Solutions, Paisley, OpenPages, TeamMate etc., it could be an expensive proposition for SMEs to implement On-Premise solutions. One emerging GRC implementation strategy for SMEs is to go for an ‘On-demand’ solution complemented by the GRC and IT implementation and professional services provided by the same vendor, I call it ‘Software plus Services’ strategy. This could save SMEs lot of upfront effort and money (low TCO) and will allow them to focus more on their core business. infact this strategy is equally beneficial large corporations as well. Software plus Services describes the idea of combining hosted services with capabilities that are best achieved with locally running software. Software as a Service (SaaS) today is an established delivery mechanism for enterprise applications and im my software plus services strategy is complemented by professional services(both IT and GRC) offered by the same vendor to expedite the GRC implementation.
On-Demand GRC Solutions:
Some On-Demand GRC application providers that can help implement GRC-Software Plus Services strategy include:
1, Axentis
2, Favored Solutions
3, Paisley
While Axentise and Paisley cater more to large corporations and global 2000 customers, Favored Solutions is working closley with SMEs globally to help them implement their GRC strategy.
Software-as-a-Service (SaaS)
With the increasing use of internet and due to heavy maintenance cost the latest trend is On-demand software, often referred to as ‘Software-as-a-Service’ (SaaS), is rapidly gaining attention of not only SMEs but large corporations as well and some of the benefits of ‘Saas’ model are:
1. Anytime, anywhere access
2. Subscription based
3. Cost effective
4. Easy to maintain
5. Automatic, off-site backups
6. Secure
Subscribe to:
Posts (Atom)