Enterprise risk takes many forms: hackers, human error, financial miscalculations. But other recent man-made and natural disasters such as the Gulf of Mexico oil spill, the global financial crisis and the 2011 Japanese tsunami have taken their toll on far-reaching and unsuspecting businesses.
When it comes to ERM, what are the standards? I don't think we have that yet. I think that creates gaps in ERM.
Laura Langone, director of risk management, Juniper Networks
Incidents such as these may have low probability, but can have a devastating effect on organizations when they do happen. Speakers at the upcoming 6th Annual Enterprise Risk Management Conference, scheduled for March 19-20 in Chicago and sponsored by Chicago-based business conference producing firm Marcus Evans, say attendees will leave with strategies for preparing for these unexpected events, as well as tips for strengthening their everyday enterprise risk management strategy in the process.
"Attendees will have a better understanding of the increased exposure to both inadvertent error and also cyberattacks," said Dennis Chookaszian, director of the Chicago Mercantile Exchange board of directors, and one of the conference's speakers. He added that those attending the conference "will also develop a better understanding of the increasing importance of ERM and the evaluation of the unthinkable events that have been occurring with increasing frequency."
The conference isn't a trade show or a vendor-driven conference -- rather, it's designed to bring together key leaders to exchange the latest ideas in enterprise risk management strategy and to provide a cross-industry perspective of ERM benchmarking and strategic planning.
Conference organizers noted that the increased focus on risk management forces an organization's c-suite and executive leaders to pay attention -- especially when it comes to relatively new technology. For example, although the cloud and social media create business advantages such as reduced costs, it's important for business leaders to remember they still pose a huge threat to data security.
"New technologies create more opportunities for error and add more points of connection, which increases the opportunity for abuse," Chookaszian said. "The board has an oversight responsibility for enterprise risk management, and they need to be current on the newest technologies so they can properly review the ERM program of the company."
Cybersecurity is another big risk management concern for 21st century businesses -- and company leaders, according to Laura Langone, a conference speaker and director of risk management at Juniper Networks.
"Cybersecurity is a big risk for companies regardless of industry -- protecting sensitive information and one's infrastructure from global attacks is critical for the private and public sector," Langone said.
The conference will also spotlight senior-level executives sharing their own enterprise risk management strategy models, as well as new strategies and analytical techniques to predict long-term risk. Organizers say that conference attendees will also learn:
- How to adopt a simplified yet quantifiable approach to ERM within their company;
- Methods for supporting and sustaining a risk culture that promotes clear and consistent communication between the board and risk managers;
- How to quantify risk buckets to foster reliability on ERM processes, including IT, data security and supply chain risks;
- How to realign ERM strategies for greater dexterity and avoid common pitfalls in the identification and reporting of enterprise-wide risks.
Companies need all the help they can get, Langone emphasized, especially due to the lack of risk management certification or standards that outline exactly what a company needs to do to protect itself.
"When it comes to ERM, there are multiple standards and yet no one recommended standard per se," Langone said. "Also, [if] many risk management professionals do not operate or implement one standard or another, this could create gaps or potential misunderstanding in standards."
More on enterprise risk management strategy
Proper preparation necessary to avoid cloud security risk
As consumerization continues, mobile security a top priority
Keeping up to date on the latest enterprise risk management strategies and how to consolidate them to reduce duplicate efforts are also key efforts for the modern organizations, conference organizers said. The current economic challenges, coupled with spending money trying to adhere to necessary regulations, create a huge budget crunch. It also creates a need for metrics to prove ROI and ensure your enterprise risk management efforts are working.
For example, companies trying to adhere to Sarbanes Oxley Act and Dodd-Frank Act regulations need to interpret how much more money and resources to dedicate to compliance, as well as their everyday risk management processes.
"I think the regulatory environment is very difficult right now, and it seems to be getting worse," Langone said. "They put such a burden on the business operations -- every year there are greater challenges that we have to adhere to and figure out. It really does take away from the business."