Can't Enterprise Risk Management guarantee against failure?
It's like asking why there are still fires now that we've hired firefighters. ERM could use a good portion of expectation management. If someone believes that nothing could ever go wrong since we have an ERM function, they need a reality check.
Not all existing risk will be discovered.
Not all discovered risk will be mitigated.
Not all mitigated risk will be eliminated.
Be sure to equip your firefighters but don't go expecting miracles.
Read more about Risk Management Failures at Sonia Jaspal's RiskBoard.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)