The Forrester Blog For Information & Knowledge Management Professionals had a nice post on The Growing Importance Of Enterprise Risk Management. One of the key points was this one:
2) They will focus on driving risk management into business decisions. Risk management is not new. Enterprises have internal auditors, Chief Risk Officers, and others responsible for risk identification and management. However most of those I spoke with noted they were not as effective at driving risk management into business decisions, performance metrics were not often compared with risk metrics.
This makes a couple of key points. Firstly it points out that risk management must be driven into every business decision – operationalized if you will. Secondly it correctly points out the importance of performance metrics and risk metrics.
Decision management is critical to managing risk given these two issues. Why?
- Decision management uses business rules management to automate operational decisions in Decision Services. This allows the rules (policies, regulations) that have been adopted to manage risk to be pushed into every operational decision in every business process.
- These Decision Services are the ideal leverage point for analytics, allowing predictive analytic models (of risk) and the results of data mining to be applied to these same operational decisions.
- Decisions can and should be mapped both to risk metrics and to performance metrics. Knowing which decisions impact which performance measures and which risk metrics is essential if you are to manage risk systematically across your business processes.
As organizations start thinking more holistically and systematically about risk they need to also think more systematically about decisions.
This whole issue of mapping decisions to performance measures is one I am going to blog on more.