Acceptable Risk? Or Acceptable Risk!

Acceptable Risk – a term that should be at the foundation of your corporate risk program. When it comes to organizational risk management it should be foundational that a clear and singular definition of acceptable risk has been established that can be used to evaluate risk to the business.
Too many companies operate with multiple definitions and blind spots in the identification of critical risks. Each enterprise must seek to have a unified definition that can be used to compare risk and facilitate the prioritization of risks and mitigation.
There are three common challenges we will explore:

First, the absence of a single encompassing definition of acceptable risk. Second, the tendency to focus on physical assets over other risk assets. Risk can present itself in many forms to include supply chain, processes, service providers, software, and even specific individuals or roles. Third is the energy that is spent collecting an inventory of critical assets that are not linked to risk mitigation actions.

We will take a deeper dive into these three common challenges. Some tools we will look at include:
• Governance principles
• Understanding your critical assets
• Risk management principles and strategies
• Importance of a risk register supported by the business, without silos – updated regularly, communicated and reviewed
• Data protection impact assessment
• Postmortem reviews and lessons learned – when is a lesson really learned?

This session will discuss how addressing these challenges and implementing these tools and principles will enable organizations to enhance their ability to better identify and achieve Acceptable Risk for their critical assets, and foster a culture of governance, compliance, awareness and management.
The presenter will work with DRI to identify a company wanting to discuss a current issue in acceptable risk and utilize a portion of this interactive session as a workshop to identify potential risk mitigations.