Navigating risk management is an essential part of an organization, but the path can be a tricky one if you don’t have the right road map. When reporting to the CFO, Dr. Mike Lloyd suggests you avoid the cheerful “everything’s fine!” approach. Don’t minimize the importance of risk management, but also avoid the gloom and doom philosophy as it gets old fast and tends to lose its effect. Instead, showcase the ways you are managing different issues. Management is something the CFO understands and will recognize as important.
Lloyd points to security assessment system iPost as a groundbreaking version of risk management. This system was developed in 2008 by the Director of Federal Network Resilience at the Department of Homeland Security, John Streufert. The reason iPost works so well is it measures every branch of IT security by the same yardstick. It strives, above all, to be fair, and to measure each team in a way that they will respect.
Finding the risks and communicating them to others is paramount in risk management. Once, accomplished, it can lead to better understanding within the organization and a stronger front to the rest of the world.