6 Ways to Improve Risk Management

Here are 6 ways to improve your risk management program.

  1. Define what unacceptable risk is for your organization.
  2. Communicate the risk limits.
  3. Identify priorities.
  4. Communicate your priorities.
  5. Have a plan for improvement.
  6. Communicate that plan of improvement.

You may disagree with me, but I believe these are also some of the most common areas where risk management programs fail.

We think we have defined unacceptable risk but if pressed you can’t actually find it in writing, can you? How did you define it? If it’s not defined by specific measures it’s also not communicated effectively. If it’s not defined or communicated what are your chances of actually managing it?

We think we have identified and communicated priorities. If you’ve done it right, your cyber priorities are aligned with the business goals and objectives. But let me ask you, who is in charge of prioritizing remediation in the organization? Is it Operations? Let me guess, they prioritize by the criticality level of the vulnerability, right? See what I mean?

Another word for an improvement plan is a strategy. If you have one, pull it out and tell me how detailed the steps (if any are provided) are for achieving the goal of the strategy? Too often the strategy or improvement plan has high-level statements and lacks the detailed steps to actually guarantee the strategy will work. Where do your improvement plan and strategy fit in this description? High-level or detailed?

If any of these resonate with you as an area you’d like to improve why not give me a quick call to discuss. Schedule a 20-minute call here

New Managing Risk Paper