Integrated Risk Management Part 6: Monitor Risk

You've identified your risk. You've taken a big picture view of risk in context of the enterprise. You've calculated the residual risk and communicated your findings to management. What's next? Monitor your risks! Some risk you monitor for remediation, other risks you monitor because management has accepted the risk and you need to make sure the risk profile doesn't change. In the previous weeks I wrote about KRI's and their importance in the Integrated Risk Management framework. While the risk exists, the risk should be tied to a KRI and your KRI should be considered an "early warning" system tipping you off if the risk environment begins to change. In more established Risk Management functions that report to the Board of Directors, this method of tracking will give you a nice platform to start the conversation about risk and risks that your team has mitigated. Here's some help if you are looking to get started developing Key Risk Indicators (KRI's): https://subscriber.riskbusiness.com/InterestingReading/42-47.pdf

Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Integrated Risk Management Part 6: Monitor Risk

Related Posts

Latest Pwned episodes