Agile Risk Management | Norman Marks on Governance, Risk Management, and Audit


Peadar Duffy of Solux[1] has shared a marketing piece that contains some valuable content, although it is (IMHO) incomplete.

He explains the need for risk management to be agile – with which I totally agree. By the way, I recommend reading pieces by McKinsey on Agile Organizations. To quote their headline,

“New ways of working are needed to survive and thrive in a fast-moving, technology-driven world.”

These excerpts from the Solux piece, Agile Risk Management (ARM): Continuous & Dynamic Decision Support, help us understand the need:

  • …an environment where the speed of disruption across multiple fronts is on the increase demands of organisations that they similarly need a comparable speed in decision making.
  • 21st century levels of uncertainty mean that there is zero chance that decision makers can reasonably expect to consistently plan perfectly and predict the future accurately. For this reason, organisations need to be prepared to fail fast and learn quickly such that scarce resources can be preserved and re-directed to where lessons learned, and continuous improvements increase the chances of success as soon as possible.
  • Organisations clearly need to be more agile than resilient. Put simply resilient football teams don’t win championships as preparing and responding to opposing team tactics is a…
