Tuesday, June 22, 2010

Just for old times sake.......the Top 10 mistakes in Risk Management - Part 2

If the first three reasons sounded familiar........read on!
4. Employing external providers whose impartiality is impaired.

Asking your insurance agent to assess your risks and then sell you products and insurance policies to mitigate those risks creates a conflict of interest. How objective can someone be if they are paid as a result of sales of products and insurance policies, rather than by what you save? The best advice comes from independent sources, not tied to product suppliers, who are paid to make sure your risks are mitigated at the lowest possible cost.

5. Not understanding the overall costs of risk or how to reduce these costs.

Right now you may be spending 35 percent more than necessary on risk management. If you lack a clear overview of all the products and services that you are employing across your enterprise, then you are most likely duplicating efforts. Or, even if you have centralized control, you are paying unnecessarily exorbitant costs for a customized risk management information system (RMIS).

6. Allowing risk to be assessed and managed by the resources that create the risk.

Was your IT security policy created by your own IT staff? Lack of external oversight leaves open the possibility for internal attacks on your network and intellectual property. This is just one of several ways that managing risks at source can increase your vulnerabilities.

7. Not managing risk as a focused and centralized discipline.

Your systems administrator undoubtedly performs a series of actions to ensure the integrity of your network, protecting you from viruses, hackers, and crashes. But, while these measures in themselves may be effective, each can only function properly in a secure environment. This requires application of solutions and policies that are outside your system administrator’s core competencies or control. Your IT administrator’s actions are useless if you lack comprehensive internal security policies, detailed disaster recovery and business continuity planning, and ultimately the employment of effective risk transfer and insurance mechanisms.

No comments:

Post a Comment