Insider Business Club: managing risk

How can organisations best manage risk?

Jonathan Forshaw, BI sales director, UK region, Oracle

There are three things: there is the definition of policies; there is the
enforcement of them; and then there is the monitoring of them to make sure
people comply.

What we are seeing is people are looking a lot more at having technology to
help define the policies and make sure people adhere to them before they then
start tracking them to see if they are actually being adhered to.

There might be a procedure in place on setting budgets, but what are the
actual documented policies around setting budgets and making changes to them?

Then how will that, for instance, drive the individual’s behaviour towards
achieving those budgets and are we doing it in the right way or the wrong way?

Now that we can put technology in place to support those management
processes, then we can really look at how the risks start earlier on in the
organisation and how you can start mitigating risk in areas like planning and
budgeting, the policy making, setting goals for the organisation, so that you
are not trying to do something that is inherently risky. You can address those
risks much earlier on in the cycle, by addressing them in the management

Where do you start in drafting or improving a risk management

Roger Southgate, past president ISACA – London

There are some fantastic free resources out there online for everybody to
look at to help them get started on all this stuff. Yet nobody seems to be using

The World Economic Forum publishes a global risk report every January, and
the 2008 report is very good as it shows a way of approaching risk and looking
at how to evaluate risk for those who have little experience and the 2009 one
really pulls together inter-dependencies of risks.

From the technology side, it has an even richer resource in that it publishes
a global information technology readiness report every year. For the first time
this year, you can download that for free.

One danger is that most organisations still have an approach to their
policies that are driven by calendars rather than compasses. Most organisations
now are driven by what happens around them, rather than what is happening inside
them. Everyone needs to have that sort of sensitivity and recognise they may
need to revise this to move forward.

Where do businesses most commonly fail?

David Jones, director Paragon Consulting

Resources are tight at the moment, so resources may be taken away from
programmes that are trying to introduce broader and more sensible constant
levels of risk management and process monitoring.

There are still too many businesses spending too long processing actual
transactions, doing all the routine stuff and not getting the right information
out quickly.

Organisations need to be much better at the predictive side. It is a skilled
area where accountants have not been good, so we have to figure out how to get
predictive capability into finance people so that forecasting, planning,
strategic planning and planning around risks, become more effective.

How do you ensure employees stay on the right side of the line?

Lisa Osofsky, financial services adviser, corporate investigations,
Control Risks

The primary task for a successful business is hiring the right people and
that means getting the information before you hire them. You have got to make
sure you have the kinds of people that you really want and you don’t shy away
from learning potentially unpleasant truths about those people.

You have also got to have the right reward and punishment system. We have got
to reward people for complying with the rules. Don’t just reward the executive
who brings in the billion-dollar deal but also reward the compliance officer who
made sure the deal wasn’t done in a climate that was improper.

Sadly, it is not just having the right regulations in place, it is punishing
severely and publicly people who run foul of the regulation that gets you

Chaired by Damian Wild

Watch the events and sign up at

Related reading