Post Executive Education Series, “Identify, Plan, Protect: Using Cyber to Your Advantage”

On April 19,2017,  The Risk Institute at The Ohio State University, Fisher College of Business held an engaging conversation, as part of its Executive Education series, on the topic, “identify, Plan Protect: Using Cyber to your Advantage”.

As we see on an almost daily basis, Cyber Risk and Crime has become a part of our lives. During the first few weeks of 2017, we witnessed a large restaurant chain’s register payment systems impacted and a large business services firm’s marketing database with over 33 million corporate contacts shared across the web. Without much difficulty multiple other examples are found that cross any number of industries.

We were fortunate to have had Ohio Attorney General Mike DeWine introduce the topic to our audience of executives. AG DeWine is passionate about Cyber Crime and Cyber Risk and its impact upon the citizens of Ohio.

The session focused on raising the conversation of the obvious current situation with regard to Cyber Risk and Crime, but also considered risk mitigants that businesses can take.  The speed at which crisis communication and Public Relations plans are treated and managed are certainly at the forefront of dealing with Cyber challenges within business.  So much so, that the phrase “Fiasco Vortex” has been coined (see Glass Jaw by Eric Dezenhall). In the 21st Century, communication never sleeps. We live in a 24/7 news cycle that demands a much different treatment to Cyber Risk and Cyber business continuity planning.

An organizations business continuity plans will need to be tested to respond to geographic specific exposure that could have wider impact upon the business and it customers. Our speakers highlighted, from their diverse experiences and backgrounds, how companies can take a proactive approach to Cyber Risk and Crime.

Session leaders, Helen Patton, CISO, The Ohio State University; Jim Trainor, SVP, Aon Cyber Solutions and former FBI head of the FBI Cyber Division, Washington, DC; David White, CIO, Battelle Memorial Institute; David Lyon, Senior Manager, The Crumpton Group, LLC, collaborated to provide insight into:

  • Cyber a View from the CISO Trench
  • Cyber Threat Landscape 2017 and Beyond
  • Cyber Security’s Impact on IT Operations
  • The Role of Intelligence in Cyber Attacks: Offense vs. Defense

The session emphasized how to proactively use risk management to balance the risks related to Cyber Risk in order to meet business goals and enhance business performance.

The session did an excellent job of creating thought provoking ideas and advancing The Risk Institute’s unique role in uniting industry thought leaders, academics and highly respected practitioners. This is an ongoing dialog to advance the understanding and evolution of risk management in our world today. The Risk Institute’s conversation about risk management is open and collaborative with its relevance across all industries and its potential for competitiveness and growth.

Identify, Plan, Protect: Using Cyber to Your Advantage

On April 19,2017, The Risk Institute at The Ohio State University, Fisher School of Business will be presenting as part of its 2017 Executive Education series, the topic “identify, Plan Protect: Using Cyber to your Advantage”.

As we see, almost on a daily basis, Cyber Risk and Crime have become part of our lives. During the first few weeks of 2017, we have seen a large restaurant chain’s register payment systems impacted and a large business services firm’s marketing database with over 33 million corporate contacts shared across the web. Without difficulty, multiple other examples are found that cross any number of industries.

We are fortunate to have Ohio Attorney General Mike DeWine introduce the topic to our audience. AG DeWine is passionate about Cyber Crime and Cyber Risk and its impact on the citizens of Ohio.

The session will look to raise conversation on the obvious current situation with regard to Cyber Risk and Crime, and will consider risk mitigants that businesses can take. The speed at which crisis communication and Public Relations plans are treated and managed are certainly at the forefront of dealing with Cyber challenges within business. So much so, that the phrase “Fiasco Vortex” has been coined (see Glass Jaw by Eric Dezenhall). In the 21st Century, communication never sleeps. We live in a 24/7 news cycle that demands a much different treatment to Cyber Risk and Cyber business continuity planning.

An organization’s business continuity plans will need to be tested to respond to geographic specific exposure that could have a wider impact upon the business and it customers. Our speakers will highlight, from their diverse experience and background, how companies can take a proactive approach.

Session leaders, Helen Patton CISO, The Ohio State University; Jim Trainor SVP Aon Cyber Solutions and former FBI head of the FBI Cyber Division, Washington, DC; David White CIO Battelle Memorial Institute; and David Lyon, Senior Manager Crumpton Group, LLC will collaborate to provide insight into:

  • Cyber a View from the CISO Trench
  • Cyber Threat Landscape 2017 and Beyond
  • Cyber Security’s Impact on IT Operations
  • The Role of Intelligence in Cyber Attacks: Offense vs. Defense

The session will emphasize how to proactively use risk management to balance the risks related to Cyber Risk in order to meet business goals and enhance business performance.

The session will provide thought provoking ideas advancing The Risk Institute’s unique role in uniting industry thought leaders, academics and highly respected practitioners in an ongoing dialog to advance the understanding and evolution of risk management. The Risk Institute’s conversation about risk management is open and collaborative with its relevance across all industries and its potential for competitiveness and growth.

Intellectual Property: Defense is the Best Offense

Intellectual property is worth a good strategy for risk management.Identifying a company’s intellectual property can sometimes be a fuzzy exercise, but it’s clear that failing to do so and not having a risk management strategy to safeguard a business’ “secret sauce” can lead to dire consequences. That’s especially true for startups whose only real asset may be the big idea that got them going in the first place.

Still, intellectual property and risk management consultants say companies may not be doing as much as they can to protect their IP assets, which can include everything from product formulas to customer lists.

Risk Institute Portraits Fisher Hall - Third Floor Feb-02-2016 Photo by Jay LaPrete ©2016 Jay LaPrete

Philip Renaud, executive director of the Risk Institute at Ohio State University’s Fisher College of Business

“I wonder if inside the doors people are having enough robust conversations about what their intellectual property is and what needs to happen to manage the risk,” says Steve Snethkamp, a partner in the Columbus office of EY. His consulting practice covers a variety of industries with a focus on information technology.

The stakes are high, he says, pointing to incidents in which the technology behind a new product has been stolen and implemented by overseas competitors even before the IP owners can get that product to market. And it’s not easy to manage that risk, especially with all the data that can be shared—and exposed—through the ever-increasing use of mobile technology and interconnected devices.

“There is no silver bullet,” Snethkamp says, “but the first thing (for companies) is to create a cultural awareness that security is important and IP is the lifeblood of the organization. That needs to be the mantra of every person in the company from the janitor to the CEO.”

Then businesses need to clearly define their intellectual property, identify where it is located, make an inventory of it and put in place controls, processes and procedures to protect it appropriately.

“It’s hard stuff to do,” Snethkamp says.

But it’s also essential given the findings of a 2013 study by the independent Commission on the Theft of American Intellectual Property. It estimated that international thefts of intellectual property have an impact of more than $300 billion annually on the US economy, costing the country millions of jobs and dragging down economic growth and investments in research and development.

Risk managers historically were focused on hard assets—buildings, equipment and inventory—but that has shifted to intellectual property and intangible assets such as copyrights, patents, technical processes, trade secrets, customer lists and distribution networks, says Philip Renaud, executive director of the Risk Institute at Ohio State University’s Fisher College of Business. He has worked in the risk management field since the early 1980s, including stints with L Brands, Kmart, Exel and Deutsche Post.

“It’s much more difficult to value an intangible asset and protect it,” Renaud says. “I can’t put a sprinkler system and firewall around a copyright.”

In his opinion, IP risk management in many cases becomes a defense strategy in which companies must educate team members about the importance of protecting the brand. That is particularly the case of detailing the risks when employees are working online and sharing data.

Such preventative steps are especially important, Renaud says, because of the difficulty and expense of stopping an IP infringement after the fact.

“That’s the greatest challenge,” he says. “If the company that has infringed on you is exposed, the only way to get there is through legal proceedings. That costs a lot of money.”

There is also the thorny issue of taking legal action when an IP infringement occurs overseas. “How do you get enforcement in China?” Renaud asks.

His best advice for companies is to make sure they understand their intangible assets—how they are used, their value to the business and how they are being protected.

When looking to protect intellectual property, companies should consider registering their rights with patents, trademarks and copyright, says Susan Rector, an attorney at the Columbus office of Ice Miller LLP. She represents companies in all aspects of IP ownership and information technology transactions.

“Inherently, taking the steps to register the rights to your intellectual property gives you a leg up,” Rector says. “That’s important from a defensive standpoint. It can also be used offensively against people who come too close to your (IP) rights.”

She works with a lot of startup companies that are building their business model around a proprietary product that is far and away their most valuable asset.

“Often it’s two guys, a laptop and an idea,” Rector says. “A lot of them will get big valuations (from investors), but people will only back them if no one else has done it. … They need to think about an intellectual property strategy early. If they don’t, they can lose their ability to protect that product or device.”

Intellectual property presents some specific challenges for risk managers, says Nicholas Kaufman, head risk manager at Battelle in Columbus.

First, it can be difficult to place a value on IP assets because they can be hard to measure, especially compared to property risks or auto liability. Second, Kaufman says there really is no insurance market for intellectual property because mature insurers tend to organize around areas they understand and know the likelihood of payouts on policies. That’s not the case with IP because of the difficulties in placing a value on the assets and calculating the risks to them.

Despite those issues, companies still need to have a risk management program in place for their intellectual property assets because the stakes can be so high. Kaufman says Battelle’s program takes an enterprise-wide approach in managing the IP risks for its range of products, services and research it conducts.

“We look at it holistically,” he says. “It’s not just about defending our intellectual property but making it as easy as possible for our scientists to create IP.”

Kaufman says intellectual property best practices start with an understanding of your organization and how IP brings value. Then it becomes a matter of aligning resources to protect that value.

The sooner that companies think about protecting new intellectual property the better, says Ari Zytcer, a Vorys, Sater, Seymour and Pease LLP attorney who has worked in the IP field for more than 10 years. But he also recognizes that can be easier said than done.

“In identifying intellectual property,” he says, “you’re starting in the dark. Is this going to be a commercially successful product or an intermediary that leads to something down the road that you would like to protect and stake a claim? You don’t know what aspects you’d like to protect (with a patent) … so we see broad coverage at the beginning. As development continues, you home in on what is commercially viable and blocking other companies from getting into that space.”

Zytcer also says there is no one-size-fits-all approach for IP risk management.

Small companies, for instance, have to consider whether it is best to spend limited resources on patent procurement versus funding research and development and breaking into a market. Large companies generally take a more holistic view with IP committees drawn from the business side—risk management, legal, finance and marketing for example—and R&D side of the enterprise. They track new inventions and make the call on the allocation of resources for patents, trademarks and other IP safeguards.

“Having a cohesive policy for the company is crucial,” Zytcer says. “It’s almost like a marriage. The right hand needs to know what the left hand is doing.”

Jeff Bell is a freelance writer.

3 things you need to know to succeed in risk

Panelists from the Women. Fast forward panel at this year's annual conference

Panelists from the Women. Fast forward panel at this year’s annual conference

Disruption and gender diversity are two of the biggest topics facing business leaders today. Both issues are critical to the future of every industry. And they’re closely connected.

The best way to navigate disruption is to harness the power of diverse thinking by enabling people with different experiences, ideas and knowledge to come together in an inclusive culture. Gender diversity is a critical part of the equation. Not only this, gender diverse leadership is proven to increase the skills businesses need to navigate the disruptive trends transforming their industry.

So what does this mean?

If a person, or company, wants to succeed in mitigating risk, they must embrace gender diversity at every level.

In short, everyone benefits from thinking like a woman.

  • “You need to get comfortable being uncomfortable” — Jessica Jung, Director, Oswald Companies

Achieving success isn’t something that just happens to a person. It requires a lot of hard work, tough choices, and generally being willing to put yourself out there— trying something new.

  • Have an entrepreneurial spirit

No matter if you’re the intern grabbing Starbucks for your department or a C-suite executive, don’t be afraid to think outside the box. When approaching any situation, don’t come to the meeting and just point out the risks — offer real solutions.

  • Communicate. Communicate. Communicate.

Every panelist punched this point home — communicate with everyone, from your spouse to your organization and boss. By being an open communicator, you project to others that you are confident, open to compromise, and available.

Each year, The Risk Institute at The Ohio State University Fisher College of Business hosts an annual conference that brings together thought leaders, industry experts, and academics to engage in a dialogue about the latest trends in risk management. This year the conversation focused around governance, culture, and the vital role women play in the field.

One of the Institute’s founding member’s, EY, cosponsored a panel spring-boarding their Women. Fast forward initiative, which aims to accelerate the achievement of gender parity in business.

The Risk Institute will continue this conversation and others through this year’s Risk Series.

Governance and culture take center stage at The Risk Institute’s Annual Conference

Conversation surrounding governance and culture recently took center stage at The Ohio State University Fisher College of Business, as The Risk Institute explored the impacts of the two key aspects of business at its Annual Conference. The two-day conference brought together Risk Institute members, business leaders, experts and faculty thought leaders from Fisher for an in-depth examination of the risk management and strategic implications of governance and culture.

Phil Renaud and Jeni Britton Bauer of Jeni's Splendid Ice Creams discuss maintaining culture through crisis.

Phil Renaud and Jeni Britton Bauer of Jeni’s Splendid Ice Creams discuss maintaining culture through crisis.

Considering the various sides of governance and culture is critical to understanding how to leverage risk management to create value for an organization. The conference featured four keynote speakers, Gordon Bethune, former CEO of Continental Airlines; Cameron Mitchell, founder and CEO of Cameron Mitchell Restaurants; Randall Kroszner, former Governor of the Federal Reserve System; and David Gebler, author of best-selling book The 3 Power Values.

Bethune opened the conference and focused on his experience turning around Continental Airlines over a decade, which is detailed in his book, From Worst to First. He emphasized the importance of building accountability between employees and the organization saying, “What gets measured and rewarded, gets done.”

Mitchell is a self-described serial entrepreneur who understands that taking risks is necessary to be successful in business saying, “I may shoot myself in the foot and walk with a limp, but I’ll never shoot myself in the head and make a fatal mistake.”

Academic Director Isil Erel speaking at Annual Conference 2016.

Academic Director Isil Erel speaking at Annual Conference 2016.

During his time with the Federal Reserve System and as a professor of economics at the University of Chicago, Kroszner never imagined he would be helping guide America’s economy through the worst financial crisis since the Great Depression. He discussed the potential ramifications of the Fed keeping interests rates at historic lows since 2008 saying, “When your short-run policy becomes a long-run policy, you will always run into unintended consequences.”

Named one of America’s top Thought Leaders in Trustworthy Business Behavior, Gebler is an innovator of new approaches that integrate culture, ethics, values and performance. His talk detailed how to know if your organization’s culture is a risk factor utilizing the three power values— integrity, transparency and commitment.

In addition to the keynotes, the third-annual conference brought together business leaders and experts for a series of RISKx presentations and panel discussions on women in risk, governance and culture related to business. The culture discussion explored  employees’ attitudes toward risk, mergers and acquisitions, maintaining culture through crisis, and emerging risks in the energy industry.

The Risk Institute’s Executive Education Series will resume November 15 with a discussion on Political Risk.

 

Building responsible and resilient supply chains

Supply chains have become global and highly complex. Building and maintaining a resilient supply chain is a key success factor for businesses operating in a fast-changing world.connected-globe-rgb-international

EY Climate Change and Sustainability Services (CCaSS) collaborated with the UN Global Compact on the study in an effort to better understand how companies are managing their supply chains in ways that support the objectives of the United Nations 2030 Agenda and Sustainable Development Goals (SDGs).  The UN Global Compact is the world’s largest sustainability initiative and EY has been a participant since 2009.

The report draws on business inputs across geographies, sectors and business models. CCaSS and Advisory Supply Chain and Operations professionals interviewed 70 clients globally to explore how they are embedding sustainability in their supply chains by managing risks and adopting new commitments around human rights, the environment and the well-being of communities in which they operate.

Overall, the study indicates that by improving environmental, social and governance (ESG) performance throughout the supply chain, companies can enhance processes, reduce costs, increase productivity, innovate, differentiate and improve societal outcomes.

Conclusions explored in the report include:

  • Companies are on a continuum from managing risks through creating shared value with stakeholders to achieving differentiation for their products or services;
  • Leaders are achieving competitive advantage in the supply chain through increased collaboration, technology innovation, greater efficiency and supplier diversity;
  • Mature supply chain models integrate buying and sourcing practices with product design and development to enhance sustainability results tied to their manufacturing and service delivery;
  • Currently, only a small percentage of companies have achieved leadership maturity levels that can lead to shared value with suppliers, enable suppliers to operate as an extension of the business and engage in meaningful, collaborative dialogue.

Based on interviews we identified several actions companies can take to further embed sustainability in their supply chains:

  • Assess materiality, to focus on the most pressing issues, taking UN Global Compact principles into consideration
  • Align resources, structures and processes to focus on supply chain sustainability across the organization
  • Train management and suppliers on market practices
  • Invest in diverse and inclusive supply chain partners
  • Stretch existing sustainability goals beyond direct operations, to include tiers of the supply chain
  • Deploy technology to increase accountability and transparency
  • Leverage buying power and influence to trigger shifts toward supply chain sustainability
  • Disclose supply chain information, beyond stand-alone sustainability reporting mechanisms

This post was written and published by EY, one The Risk Institute’s founding members, in August 2016. To view the original article or download detailed study findings, click here. 

Leveraging Cross Sector Collaboration for Enhanced Risk Management

Keith Goad

By  Keith Goad
Associate Vice President, Office of Corporate Strategy
Nationwide

 


In the 21st century global economy, continuing education is critical for the professional that deals with risk in order to maintain an effective leadership position. In some fields, for example accounting, you are required to take ongoing education so as to keep a current CPA license. You could make the argument that accounting changes very little over time and is very episodic when it does. For a risk practitioner it is the opposite: the landscape is constantly changing for organizations.

Because of this ever-changing risk landscape and the evolving approaches to risk management Nationwide took great interest in supporting the formation of The Risk Institute at The Ohio State University Fisher College of Business.

Daily, Nationwide helps our members manage and mitigate the diverse risks they face. When you look at risks businesses face, there is a tendency to focus solely on the traditional risk of their industry sector. Increasingly we are seeing that risk is evolving and that there are commonalities of risk among different business sectors. For example, all organizations face risks related to cyber security, reputation, catastrophic disruption, and some form of supply chain disruption.

IMG_4692crop

Digital Disruption – January 2016

Among this myriad of risks facing organizations, The Risk Institute provides opportunities through executive education sessions and conferences for business professionals to think through risk and bounce ideas off one another. What makes The Risk Institute’s approach unique is that they focus on current and emerging risks from the perspective of different industries and backgrounds. The diversity of the types of businesses that are involved in this venture as well as their size allows for a richness of perspective through the exchange of ideas and information.

If, as an organization, you are stuck in a silo of where your company operates, you may totally miss new or emerging risks that another company may have already dealt with or on which there is already a perspective. They may not be a business or sector competitor, and may in fact be from a different industry, but their experience can help you gain an advantage by seeing how they would handle a similar situation and allow you to adopt proven best practices.

In terms of continuing education in the area of risk management, it may be difficult to find training courses for the practitioner or the leader of a company. The Risk Institute is filling this critical void.

IMG_4931crop

Risk Modeling: The Past & The Future – March 2016

The differentiator is that The Risk Institute isn’t entirely focused on providing insight to the C-suite where the knowledge goes back to the company and might stay at that level. It is important that you have practitioners at different levels in a company who have the same opportunity to learn and understand along these dimensions, which truly embeds this approach and understanding within the culture of the organization. For the C-suite executive, events like the annual conference offer a comprehensive exchange of ideas. The Risk Executive Education Series is focused on those more on the front lines of managing the risk, and provides insight on emerging risks and proven strategies.

For any company that seeks to learn about and respond to our changing business landscape, the opportunity to take advantage of The Risk Institute is a gift.


The Risk Institute thanks Nationwide, a founding member, for their ongoing support.  To find out more about programs and events at The Risk Institute (including executive education), or how your company can become involved, visit The Risk Institute website.

Can New Technologies Undermine Your Company’s Brand? The Employee and Customer Experience

minton bernadette 130x195By Professor Bernadette A. Minton
Academic Director and Interim Executive Director, The Risk Institute
Arthur E. Shepard Endowed Professor in Insurance
Professor of Finance
The Ohio State University Fisher College of Business


It’s almost 2016 (or it is already, depending on when you’re reading this). Everything is digital, and so you took the plunge and developed a mobile app for your customers. The launch of your new mobile app was supposed to streamline and enhance the customer experience, but since it was released it seems as if your customers and your employees rue the day the app appeared. Is it possible that this app has actually been detrimental to your business? Have you found yourself thinking, why haven’t my customers and my employees embraced this new technology?

From Apple to Zillow, digital disruption – the impact of new technologies on the existing consumer brand experience – challenges consumer business. The first thought that comes to mind is that digital disruptions continue to raise consumer expectations about the brand and their online and in-store experiences.

Yet, there is another side. One that is not often considered, but equally important: the digital expectations of the company’s employees. The employees who are charged with innovating the brand and enhancing customers’ brand experiences are also savvy digital users themselves with their own increasingly elevated digital expectations. Senior executives need to consider how digital disruptions also are influencing and modifying their employees’ behaviors and expectations.

At our upcoming Risk Series, Digital Disruption: Brand, Strategy and Technology, taking place on January 21, 2016, our session leaders Deborah Mitchell, Clinical Professor of Marketing, with The Ohio State University Fisher College of Business, and Keith Strier, Principal, with EY Advisory Strategy and Practice and Founder of IDEAS (Innovation, Digital Enterprise & Agile Strategy) collaborate to discuss applications of current research on consumer behavior to digital engagement with customers and employees to understand your organization’s digital vulnerabilities and opportunities.

I invite you to join us and other executives in this interactive session as we engage in conversations about the leading strategies to understand customers’ and employees’ digital experiences as well as discuss the current challenges firms face in today’s digital environment. You will gain insights into how you can develop an enterprisewide digital strategy aligned with your firm’s corporate strategy and brand vision. You will also be in the position of leveraging, and not just mitigating, digital disruptions with your employees and with your customers.


The Risk Institute Executive Education Series will continue on January 21, 2016 with Digital Disruption: Brand, Strategy and Technology, a half-day course for executives. For more information, or to sign up for the session, visit FISHER.OSU.EDU/RISK


Not If, But When – Facing Cyber Risk in the Digital Age

minton bernadette 130x195By Professor Bernadette A. Minton
Academic Director, The Risk Institute
Arthur E. Shepard Endowed Professor in Insurance
The Ohio State University Fisher College of Business 

 


When the World Wide Web was invented nearly thirty years ago, the concept of what today’s cyber landscape would look like was little more than science fiction. Rapid advances in technology coupled with the growth of the Internet have revolutionized the way businesses and individuals interact. Integrated networks are allowing organizations to access, analyze, use and share information more easily than ever before. The composition of firms in the global economy is changing from organizations producing primarily material goods to those creating intangible assets relying on technology and intellectual property.

Yet, as the global economy becomes increasingly Internet-connected,  organizations, while reaping the potential benefits, are simultaneously exposed Internet_map_1024_-_transparent,_invertedto an increasing array of known and unknown cyber threats. Not a day goes by without the news of another cyber attack taking place at another organization. The conventional wisdom is not “if a cyber breach will happen” but “when will it happen.”

In the upcoming Risk Institute Executive Education Risk Series, we kick off the 2015-16 academic year with a discussion on the evolving environment of cyber threats.  Our session leaders from Battelle, EY and Aon will collaborate to provide executives with insights into how to:

  • Embrace a systematic approach to understanding the evolving cyber landscape and assess the various cyber threats facing the organization
  • Develop an integrated and enterprise-wide approach to consistently assess the organization’s vulnerabilities to cyber threats
  • Proactively quantify their organization’s cyber exposure and apply potential risk management and insurance solutions to help insulate the exposure
  • Apply current findings of research on cyber vulnerability to the products and services

Overall, the half-day session will emphasize the importance of balancing the power of cyber ecosystems with the associated risks to create organizational value.


To learn more or to register, please visit the Risk Series page.


A Snapshot of Risk Management in 2015

minton bernadette 130x195By Professor Bernadette A. Minton
Academic Director, The Risk Institute
Arthur E. Shepard Endowed Professor in Insurance
The Ohio State University Fisher College of Business 

 


As published on Columbus CEO’s CEO Live blog on May 20, 2015

In recent years, risk management has evolved into a more comprehensive and integrated practice.  Risk management was once viewed as only being done to meet regulatory requirements and to protect the firm against the negative effects of volatility in their business environment.  While those aspects remain leading catalysts for firms who increased risk management efforts over the last three years, a fraction of firms recognize risk management to be a source of growth.

Over the same three-year period, senior executives and the board of directors have become more involved in risk management processes. This integrated approach leverages collaboration across an organization to identify and evaluate risks and to proactively manage those risks to achieve corporate objectives and enhance shareholder value.

One of the primary goals for The Risk Institute at The Ohio State University Fisher College of Business is to create a greater understanding of how organizations can proactively leverage risk management to create value.  Given the varied roles that risk management plays in different organizations, it is important to hear from senior executives from both financial and nonfinancial industries about how they view risk management’s role in their organization. It’s also critical to understand how executives, if at all, integrate risk management into business decisions as well as structure their risk management function to support its role in the firm.

Organizations are increasingly impacted by risks that are more interconnected and ever changing. This means that the conversation about risk and risk management must continue to evolve and grow. It is with this goal in mind that The Risk Institute developed a comprehensive research initiative to survey senior risk management executives. The survey is designed to deepen the understanding of how U.S. companies structure their risk management practices.

The annual Risk Management Survey is one example of how The Risk Institute and its founding partners are committed to moving this conversation forward. In this inaugural survey, we provide a snapshot of risk management practices among a large and diverse set of U.S. firms.

As The Risk Institute unveils the findings from its inaugural 2014 Risk Institute Survey on Integrated Risk Management several things are clear.

 1) In order for firms to transition to a more integrated risk management approach, which views risk management as a source of value enhancing opportunities, it is important to choose a leader of the risk management functions who embraces this view and who does not see risk management as merely a defensive strategy. Equally important is choosing a leader who can effectively collaborate with other C-suite executives to leverage risk to enhance shareholder value.  Finally, the Board committee responsible for risk management also should share this view.

2) For firms wanting a more integrated risk management approach, it is important to include more business units/functions in the processes and not only rely on those functions related to finances and meeting mandated requirements. Aligning risk management with key organizational strategies will aid an organization to successfully develop a fully integrated risk management function that can leverage risk to achieve corporate objectives and enhance growth and shareholder value.

3) For firms to fully reap the benefits of an integrated approach, not only do they need to recognize a business process and analyze the risks of that process, they must also increase their efforts to have their analysis feeding back into the risk management of the firm itself. This “looping” process will allow firms to proactively manage the risks impacting their organizations and identify emerging risks to be leveraged or mitigated.

4) Given the changing nature of risks impacting firms, firms must continue to use a variety of techniques like best case/worse case and extreme scenario analyses, which can effectively evaluate these risks by including proprietary models and simulations.

5) As firms move from viewing risk management as a defensive strategy to a more fully integrated approach, senior executives and the Board must develop mechanisms to set the scope of risk-taking that are consistent with this latter view of risk management.

These findings afford some great insights and will enable us to investigate and address challenges in the practice of risk management so to advance the adoption of leading integrated risk management strategies.


To learn more and access the complete 2014 Survey on Integrated Risk management, visit: go.osu.edu/2014RiskSurvey