An enterprise risk management program is designed to provide a holistic view of risk across an organization, but the resources involved in establishing an ERM program is too much for many corporations to bear. But as longtime compliance executive Jisha Dymond argues, ERM isn’t the only option for creating a comprehensive view of risk.
You’re presenting your compliance risk assessment to the board. You’ve outlined the top compliance risks, mitigation strategies and key action items. You even have a heat map. Then, a board member raises their hand: “How does this relate to the risk presentation that the CISO just gave? Where do these risks sit in relation to what she presented?” Another board member says: “I’d also like to know how these risks impact our company strategy.”
You pause. While you know your risks inside and out, you know that each function has been presenting risks in isolation, leaving leadership with a fragmented view. You also know there are certain risk areas that are not covered by any teams. But creating an enterprise risk management (ERM) program is a challenge for a variety of reasons. So what do you do? This is exactly the problem that combined assurance seeks to solve.
Combined assurance is an approach that takes balance into account — balancing the need to…
