John Ritenour is a respected risk management expert and speaker. John has been in the industry for over 20 years, and his company’s mission is to help organizations identify, assess, manage and control risks that impact their business. In this post, he explains what risk management systems are all about, how they work with your company’s various departments to keep things safe from fraudsters, hackers, and other types of corporate criminals.
Risk management according to John Ritenour is the process of identifying, assessing, and dealing with possible causes of harm to your business. Everything from identity theft to office location can serve as a risk to your firm.
But managing risks starts at the top. The first responsibility falls on leadership who must make sure that proper security controls are put in place to protect people and identify any risks that may impact an organization.
It’s also important to distinguish between what we call “risk” and “insurance.” Risk identifies the potential for harm, while insurance covers expenses when something bad does happen as mentioned by John Ritenour. Insurance does not eliminate risk; instead, it transfers it from your company to an independent provider. But in the end, you still need to manage risk.
Risk management starts with identifying vulnerabilities, threats, and exposures. These are the possible causes of risk. Exposure is a situation where something can go wrong that can cause harm to your company or its assets. A threat is how that exposure might be exploited by someone – whether real or potential – determined to exploit it. And lastly, a vulnerability is the weakness in your company’s defenses to protect against a threat.
Identifying the risks will give you a prioritized list of things that can go wrong. The most important items on this list are often linked to your business’ value chain. This is why high-value organizations like banks, healthcare firms, and government agencies spend millions on risk management research, analytics, and mitigation strategies.