*I received an email a few years ago from someone just getting started in risk management asking if I had any thoughts or advice on the risk management skills they needed. The response quickly became several pages long and I thought it was worth turning it into a blog piece that others might benefit from. So here are 10 considerations for new risk managers (although this could also be titled ‘Letter to a 30-year old me’ or a 40-year old me.) * ...

Becoming a risk manager can seem to be more art than science. There’s not a clear pathway from degree to junior risk manager to senior risk manager to CRO (Chief Risk Officer) in the same way that you can chart the progress from freshly minted CPA (Certified Public Accountant) to head of Ernst & Young. (Financial risk management is the exception here as there is usually a clear path there.) ...

Googling ‘what is a risk manager?’ will get you variations on ‘it’s the person who manages that organization’s risks,’ which is a pretty weak answer. It’s certainly not enough to help anyone who’s just starting in the role to understand what they’re supposed to do. Similarly, if someone’s thinking about this as a career, we need a bit more. 🎧 Listen to a recording of this post 🎧 So here’s a more detailed answer. ...

Security is a guiding principle for DCDR, and protecting user data has been baked in from the start. However, there’s more to data security than restricting access and managing user permissions. I’ve used the INFOSEC abbreviation CIA – confidentiality, integrity, and availability – as a guide to help determine the steps required to protect your data while also ensuring that the system does what it’s supposed to. Overall, the intent is to ensure: ...

Big news! (And it’s not just that I have new glasses!) DCDR.io now allows you to have custom categories for risks and incidents. Switching your existing risk management system to DCDR is now easier than ever with: Custom logo ✅ Custom categories ✅ Custom dashboards 🔜 Email me if you want to learn more chat@dcdr.io (But yes, I also have new glasses….)

It’s as easy as 1, 2, 3 with DCDR

This is a very short post which should work because it’s a very simple idea. Obviously, I’m a fan of simple (this is KISS risk management after all) but, as with lots of simple ideas, the trick is sticking to the idea and seeing it through without getting distracted. 🎧 Listen to a recording of this post 🎧 The idea is that you use the Pareto principle, or 80 / 20 rule, when you’re thinking about your risk management system. In short, the principle or rule is: ...

Happy New Year. Sorry this is a grim (stern?) start to the year but this idea bears repeating “Let’s wait and see…” ..actually, let’s not. Let’s do something about [fill in the risk here] right now. The sooner we start to act, the earlier we’ll understand the situation, the faster we’ll be able to mobilize resources, and we’ll start limiting the damage that will only worsen with time. This speed is essential when there’s a lagging indicator. By the time the metrics show things are getting worse, it’s already bad. ...

Don’t worry, that’s not a typo. Nor does it mean that you’ve missed a whole year (although we probably all feel like we could have done with a little less 2020). But I want you to imagine for a second that it’s almost January 2022. Why? Well, although we’re all going to probably feel a lot better psychologically in a few weeks time, the fact is that the situation on January 1 2021 will look a lot like the situation in late December, 2020. ...

There’s a lot in risk management where success is achieved by breaking something very large and complex (say, a risk assessment of a whole organization) into bite-sized pieces and risk governance is no different. I’ve written about risk governance in more detail here but I’m aware that the schedule of activities can become a bit overwhelming. So I spent a bit of time in my calendar and Asana, a project management app, the other day, looking at how to set this up once and then let automation do its thing. I estimate this will take about 30 minutes to get things set up. Then all you need to do is follow the schedule, saving you lots of time scheduling individual meetings and, best of all, avoid things getting out of sequence and gumming up your risk governance structure. ...