Risk management can be an intimidating and
complex undertaking, but as a company leader you
can’t just ignore your company’s
vulnerabilities. Save yourself some sleepless
nights by avoiding these common mistakes:
Failing to understand the consequences
and long-term business impact of risk.
Half of all businesses that suffer a
catastrophe close within a year. If this was more
widely understood, companies would be better
prepared. Unfortunately, too many businesses
believe they will be able to weather a storm.
Believing that risk management means
only buying insurance. I
nsurance policies certainly are a component of
what you need to protect your company, but it
doesn’t stop there. You need an employee to
oversee risk and a host of tools and services to
manage risk, including disaster recovery plans,
antivirus software, intrusion detection and
Not understanding the overall costs of
risk, or how to reduce them. You
may be spending 35% more than necessary on risk
management. If you lack a clear overview of all
the products and services you are employing across
your enterprise, you are most likely duplicating
efforts. Even if you have centralized control, you
may be paying unnecessarily exorbitant costs for a
customized risk management information system
Allowing risk to be assessed and managed
by the resources that create the risk.
Was your IT security policy created
by your own IT staff? Lack of external oversight
leaves open the possibility for internal attacks
on your network and intellectual property.
Not managing risk as a focused and
centralized discipline. Your
system administrator undoubtedly performs a series
of actions to ensure the integrity of your
network, protecting you from viruses, hackers and
crashes. While these measures in themselves may be
effective, each can function properly only in a
secure environment. This requires application of
solutions and policies that are outside your
system administrator’s core competencies or
Failing to maintain continuous and
measurable risk management initiatives.
Be sure your disaster
recovery plan is up to date. Risks are always
evolving and new vulnerabilities emerge every day.
You need updated, ongoing, real-time overviews of
your risk mitigation activities in a format that
doesn’t bog you down.
Inefficiently allocating resources to
deal with risk. Once you have
completed your risk assessment, you are faced with
the often paralyzing task of figuring out what to
do next. There are hierarchies of risk, and a good
risk manager can help you systematically tackle
the most pressing needs first.
Not properly preparing and educating
your employees for emergencies.
If your employees are not properly
trained to implement your contingency plans and
security policies, your risk management efforts
will be wasted. Although it might seem impossible
to allocate time to educate your staff on what to
do when the server crashes or the phones go down
or the office floods, when disaster strikes, you
will be relieved you did.
from “The Top Ten Mistakes in Risk Management” by
Peter Teuten, chief development officer for
Business Risk Management Solutions (BRMS),