Benefits of ERM Online Training – eLearning

risk-management-online-coursesOnline Training is a Business Necessity
Online training — also known as eLearning or distributed learning — is now a business necessity from several standpoints. Cuts in travel budgets, of course, immediately come to mind. But other benefits of a coordinated eLearning program, from a corporate point of view, are significant.

Businesses and organizations with training needs of all kinds should look to eLearning as part of a wider and more appealing HR recruitment, retention and professional development program, corresponding to people’s expectations and habits that are tranforming the world of work. Management practices that incorporate flexible schedules and tele-commuting are attractive; eLearning is a natural fit. The ways that eLearning might hook up with many different communications technologies, including social media, blogs and Twitter, and the spin-off effects, really boggle the mind. Rather than ad hoc course selection, a planned approach where specific competencies and certificate programs are targeted, and aligned with organizational goals, is definitely an innovation worth investigating. Read the rest of this entry »

Read More

Managing IT Risk and Cyber Threats: Online Course

it-cyber-risk management online courseI have a new risk management online course soon to be posted at the Risk and Insurance Management Society (RIMS – New York) professional education web page. It is called Managing IT Risk and Cyber Threats – What Risk Professionals Need to Know.  The content was created by IT professional Michael Fong. Risk managers often struggle with how to approach and work with the IT department, which, after all, has its own methods and frameworks, a specialized vocabulary, and a distinct view of risk. This course aims to give risk managers the grounding they need to understand and help build the IT risk management framework.

Several years ago, Michael and I worked together in the area of electronic service delivery for government. I approached him last year with the idea for this course, and I was thrilled when he agreed to take on the job. We put together a pilot survey to learn the requirements among IT-focused risk managers, and subsequently had long discussions in coffee shops, sorting out how the two disciplines of IT and risk management should best be integrated.

The course makes the IT risk management process comprehensible, because it shows well-defined contexts within which to identify risk associated with information technology and information management.

MODULE 1: The first part focuses on understanding the relationship between the IT framework; i.e.,  the enterprise architecture (there are several types), and the risk management regime. Also within module 1 is a discussion of IT lifecycles.

MODULE 2: The next section treats cyber risks themselves, and helps you understand their attributes.

MODULE 3: This looks at risks that originate from within the organization.

MODULE 4:  Michael discusses the hot topic of the risks of social media, and does a fine-grained analysis of the problems that Facebook, Twitter, and the like pose to the organization.

MODULE 5: The last module addresses the selection of commercial cyber insurance to cover residual risk. Specific advice on loss control and cooperation between IT and risk management personnel is threaded into the discussion.

In support of narrated slide presentations, Michael presents pdf downloads of transcripts, diagrams to help the participant apply the concepts in the workplace, as well as self-tests and supplementary reading. His understanding of and passion for the material comes through.

Read More

Special Case Studies in Risk Management: Online Course

case-studies-risk-managementThe new Risk and Insurance Management Society online course I promised earlier this year is now up and running. It is called Special Case Studies in Risk Management.  In this course, I give full length presentations on important aspects of running Enterprise Risk Management.

This online course offers fresh perspectives on the risk manager’s role in implementing and applying risk methods in organizational settings. Detailed investigation and case studies will allow participants to hone their skills.

There are two key objectives: One is to alleviate the frustration that comes with having theoretical knowledge while being unsure how to implement. The second is to add to one’s repertoire of risk methods to address different situations. This course continues our mission to provide professional development online courses to risk managers who must think outside of the conventions and take on an enterprise role, whether in the public or private sector.

Benefits: become the process leader to accomplish the following:

  • prepare for emerging risks;
  • test the organization’s long-term strategy and  resilience;
  • expand and enrich the planning discussion;
  • create a successful ERM implementation plan;
  • understand and apply change management and motivation principles;
  • apply attention to detail in the risk matrix/risk register;
  • maintain the quality and rigor of the risk ID/assessment process
  • craft innovative win-win contract terms in major projects;
  • use model solutions to select the best policy option, implement multiple risk assessments, and resolve contradictory stakeholder agendas.

Who Should take this Course?

  • chief risk officers and risk managers
  • analysts and program leads responsible for conducting risk assessment
  • strategic and program planners
  • those charged with establishing or improving the ERM program
  • public and private sectors (principles are transferable)


Program Outline
The program is presented in 5 modules; the course takes 10-15 hours to complete. Each module consists of:

  1. introductory video;
  2. narrated slide presentation in two parts;
  3. case study article illustrating the principles, with audio/pdf commentary;
  4. tool/template download to help you apply the concepts;
  5. online multiple choice test.

Includes a master references file. Materials are made available in pdf and mp3 formats.

Module 1: Future Scenarios Planning
Gives risk managers a method to help them identify emerging risks, and prepare for the advent of low-frequency/catastrophic impact events – Black Swan risks. Walks through a city agency’s planning example. Future scenarios planning is a highly imaginative, yet structured methodology to identify significant risk in the long view.

Scenarios project a range of possible outcomes and enable people to think about the future in different ways.
~P. le Roux, case study article

Module 2: How to Overcome ERM Resistance
Change initiatives crucial to organizational success fail 70% of the time (Miller, 2002, Journal of Change Management). Risk managers’ common difficulties include: where to start a risk assessment of the organization, and how to overcome ERM implementation challenges at operational level. Understand the bureaucratic side vs. the realistic side of your ERM program. Seize upon the factors that motivate people to ensure the take-up and sustainability of the ERM program. Detailed 40-minute narrated presentation.

Module 3: Review of Risk Registers and Risk Templates
Investigate details of solutions for risk matrix design and usage. Attention to detail to
maintain quality of risk methodology. Review the risk register, risk categories, risk ranking matrix and descriptors, and consequence frameworks. Includes 5 sample template pdf downloads. Case study article discusses pitfalls of compliance.

Module 4 Creative Contracts Case Study
This is a non-legalistic study of contract risk management. Walk through a detailed case study of a major project in the health care sector. Presenting a novel solution in the realm of public-private partnerships, the story tells of replicable methods to allocate risk appropriately, craft unique provisions in uncharted territory – and paper the deal. Supplementary articles present both sides of the P3 issue.

Module 5 Complex Contexts
Risk assessments never follow neat patterns. Gives participants practice in interpreting and mapping out the administrative mess, even to begin a risk ID. Uses models abstracted from real life situations in order to: repair defects in planning; select the best policy option; resolve contradictory agendas; harmonize multiple delivery channels, etc. Detailed presentation of 6+ complex contexts and their solutions.

Read More

ERM – Tool for Implementation

2010-06-24 / How to Implement ERM / 0 Comments

In the previous post ERM Implementation – Platitudes? I drew a distinction between the bureaucratic or formalistic side and the practical value side of any program or initiative. I thought I would post an ERM pdf – Implementation Tool focusing on just this aspect of enterprise risk management implementation. It is a diagnostic tool containing criteria that you will be able to apply to your organization.

Avoid confusion: people should recognize enterprise risk management as distinct from enterprise resource management. For example, resource management at, a cloud computing technology leader, offers an application to help ensure the efficient allocation of resources within the organization. The roll out of cloud computing applications is discussed in the online course Managing IT/Cyber Risk. [Disclosure: ERTechnical receives an affiliate fee for NetSuite link.]

Here is a preview of some of the elements from each of the two sides of ERM methodology, with editorial comments in each category:


Selection of Risk Management Standard:
[Select an appropriate risk management standard in order to give uniformity to language and definitions. The standards more or less converge on similar concepts and order of steps. However, it will require interpretation in order to make it meaningful in the context of your work. You can’t rely on it as an implementation guide as it stands.]

Documented Corporate Policy:
[This is the outline of the application of the standard to your organization. The danger here is that it is much too long, with too much extraneous theory and especially advice that has been written in advance of practical trials.]


Investigation and Trials of Risk Identification Methods: at the Operational Level:
[These criteria are at the heart of the matter. An effective risk ID and assessment process, both at the strategic and operational level, is essential to successful enterprise risk management. This will ensure value and engaged participation. These points are covered in detail in the risk management online training course: How to Conduct High Quality Risk Assessment.]

Risk ID Methods Developed to Target Specific Work Functions:
[It is unlikely that a rigid and uniform risk methodology will work across all departments. Involving staff to develop and refine the methods, while observing compatibility across the organization, is a good way to make risk ID useful to them.]

The last part of the ERM tool is the assessment: to compare the formal and practical sides. The idea is not to discard the formal aspects altogether, but determine whether they are being used excessively. Perhaps you agree that it is better to lead with the second list; the practical work elements.

Rather than lead with too many formal aspects, you can develop them incrementally to support the proven practical work. This results in higher utility, sustainability and credibility of your ERM framework implementation.

Those wishing to study further the principles of program implementation, as applied to ERM, may be interested in a new Risk & Insurance Management Society online course to be launched later this year. It is called Special Case Studies in Risk Management. It includes a module called Overcoming ERM Resistance, with a 40-minute presentation, case study, and a more elaborate implementation tool with 24 criteria. I will post an announcement.

Read More

Risk Assessment: Manufacturing and Credit Risk

2010-06-10 / How to do Risk Assessment / 0 Comments

How should risk assessment in business be conducted? We might differentiate risk identification as an exercise in exposure analysis, using conventional categories of loss, from a more comprehensive concept of risk ID called for in Enterprise Risk Management.

An expanded idea of risk ID and assessment is useful in complex contexts.

In recent weeks I’ve been corresponding with a loss control expert based in Dubai who took my online course (How to Conduct High Quality Risk Assessment). We were trading notes on how risk assessment in business is done. He has particular challenges in risk assessment: construction and manufacturing firms are his specialty. He described credit risk analysis for manufacturing concerns:

“The most important factor is the collateral back up shown to the credit manager at the time of availing the credit, and the projected revenues after (supposed) infusion of the borrowed funds.”

He went on to say that the analyst has to check the deployment of the borrowed funds, using his/her knowledge of the manufacturing process, inputs and associated costs. The next task: “root cause analysis of failure (if the venture is on the red side ) and of the activity to generate the required revenues”, using both financial and technical engineering expertise.

I suggested: It seems to me that just here might be the right stage at which to conduct a comprehensive risk identification and assessment session, or a series of them, using a round table of experts. As long as the sessions are carefully prepared by establishing context, and the right visual and discussion aids are used, it is possible to identify risk reasonably comprehensively along several lines of inquiry in a systematic fashion:

  • strategic concept: macro-economic risk and market conditions;
  • cash flows and financial model: examine assumptions and probability estimates;
  • business continuity and resiliency;
  • manufacturing process flows and technical infrastructure;
  • management and HR; organizational culture;
  • supply chain: sole/single source and third party suppliers;

and so on, depending on the scope of the project and time available to conduct the analysis. As a rule, in past projects, I’ve been able to complete sessions with 6 to 8 participants on a particular risk context in 2 or 3 sessions of 3 hours each, assuming adequate preparation and follow-up by email.

This idea seemed to strike a chord with my correspondent:

“Yes, the 4th para of your second mail [multi-disciplinary risk ID session] is a good solution. The finance professional alone holding responsibility for the risk management of any organisation is definitely a misconstrued idea… Statistical data, models, assumptions and precedents can help to some extent only. A correct and responsible study of the risk exposures and arriving at mitigation is the correct and useful method. Many times the collateral is not properly and professionally assessed and is commonly over-stated /over-valued to satisfy the lender.”

Read More