In the introduction to this blog I mentioned two goals or criteria for "real" risk management: that it be more quantitative, and more holistic.
Having covered the quantification angle most recently, I want to post to some recent CSOonline coverage of the broad view.
These first two articles look at the connection between good operational risk controls (i.e. CSO work) and corporate insurance policies -- which is often the purview of a "risk management" function within a large enterprise.
TCOR is a benchmarking measure provided by RIMS, the Risk and Insurance Management Society. The second article is an interview with Greg Kaden, a bankruptcy lawyer and co-founder of consultancy Fort Hill Risk Management. I find both perspectives valuable.
How closely do you work with the folks who purchase/write your insurance policies? Do those policies accurately reflect your organization's risk appetite as well as the quality and focus of the internal control environment?
Also we have published several articles on a variety of risk management sub-disciplines. Three are related to business continuity:
and another looks at physical security and safety in the setting of crowded malls:
Lastly - a teaser - we have a great interview coming with one of the principle co-authors of the COSO ERM framework, so watch for that toward the end of this month.