Questions? Call (855) 670-8780 or email security@compliancepoint.com   Visit us on LinkedIN  

Risk Management is a Team Sport

 

June 26, 2014

 

 

Like millions around the globe, I've enjoyed watching the World Cup over the last few days. And I have to admit: I often feel bad for the goalie. For long, long stretches of the game, no one looks his way or pays attention to what he is doing. Then, in the blink of an eye, a fast break leads to perfectly timed kick and the crowd roars. All eyes turn to the goalie as he mutters disgustedly or simply hangs his head in shame.
For too many companies, the dynamic I just described also applies to their approach to risk management. For months, no one asks or looks or seems to care about the processes and protocols that keep them secure. Suddenly, in the midst of a breach, something goes wrong and all the attention focuses on a few poor souls.
The best soccer squads, like the best companies, play as team. While the goalie serves an important role, the entire team must work together to react both offensively and defensively. This takes the pressure off the goalie and shifts the focus to the team as a whole.

Savvy companies are no different. They are acutely aware that their internal risk management team needs to be properly equipped. When risk managers are included in budgeting and long-range planning, their efforts are closely monitored and the processes they implement are carried out across the company as part of the daily operations. This can protect the company from falling out of compliance or help prevent a breach.

For example: if a risk manager sets a rule that email passwords must be updated every 30 days, the organization as a whole must act to enforce the rule. If management overrides that rule at the individual or department level this undermines the efforts of the risk management team and corporate governance. It leaves the goalie alone, trying to defend the entire field.
Worse yet, these errors are often committed out of ignorance, not laziness. In most companies, the broad majority of the workforce simply does not see itself as being involved in compliance or security, nor do they understand the true implications of undermining the efforts to manage risk for the organization.

Risk management is a company-wide effort that is most successful with a team approach. While a group or an individual may hold the primary responsibility for managing risk, it’s critical to make compliance and security a part of the company’s culture and daily business operations. This requires companies create a program that is proactively managed and has ongoing monitoring of controls and compliance issues. This offensive approach is far better than sitting back and expecting the goalie to keep other team from scoring.



By Greg Sparrow, VP of Operations

Subscribe to Our Blog Via Email

Recent Posts