Why Read This
Enterprise risk management (ERM) programs are helping to break down organizational silos so that executives can gain insight on the risks that may affect all aspects of their business. Unfortunately, this trend is taking a toll on risk managers. It's becoming impossible for them to wield subject matter expertise across a growing number of risk domains, so instead they must be masters of procedural guidance. In the second core step of the risk management process, which the ISO 31000 standard labels "identify the risks," this means developing a comprehensive risk taxonomy, establishing a recurring set of risk assessment techniques, and guiding the documentation of risks in a way that will direct future decisions during the risk analysis and risk evaluation steps.