(The latest in our new “GRC Best Practices” series is a contribution from Melissa Cohoe, Iceberg’s Director of Implementation & Integration. Here’s an excerpt from her article. You can sign up to our Risk Intelligence Newsletter for updates when new articles from this series are posted.)
We recently produced a webinar called “How to add more relevant financial context to your BCM program”. It was based on conversations that we often hear from customers about how they struggle to effectively communicate their risk or build a business case for investments in technology and resources to address gaps in their BCM programs.
We talked about how even a small amount of financial information can provide more meaning to senior management, by putting the story of risk and remediation in a business context. Often the language we use to talk about risk is vague and imprecise. (Think about how much room for interpretation there is for heat maps with “high/medium/low” risk levels.)
In this paper, I’ve outlined three approaches that you can take to start shifting your mindset: focus on outcomes, aim for understanding over precision, and shift to business-driven risk management.