The EFPR Group of Companies

For over 60 years, our knowledgeable and experienced team of CPAs and business consultants have been serving individuals and businesses in Western New York and around the nation.

The Importance of Risk Management

A robust enterprise risk management includes mitigating and planning to respond to risks identified in business continuity, disaster recovery, information/cyber security, physical security, emergency management, and other risk management areas.

Risk management is becoming increasing important in today’s age of business. The organizations that fail to allocate adequate resources to risk management not only leave themselves susceptible to impacts on business operations but also potentially causing irrevocable damage to the business reputation. Once an organization loses its reputation, it’s the start of the demise of the organization. Organizations must make risk management a high priority. Risk management is fundamentally an approach in which organizations explore, identify, analyze, and mitigate the risks that can affect an organization. Risk management is an integral part of any organization, which if managed efficiently leads to success.

Enterprise risk management is a vital component for corporate growth and development, especially in today’s constantly evolving business environment, and an influential detail among shareholders and potential investors.

Organizations have always had to contend with managing risks that could cause detrimental losses such as fires, thefts, and natural disasters. However, now in the digital age, cybercrime also factors into the equation rearing its very ugly head. Proper planning plays an essential role for successful risk management. Another key element in effective enterprise risk management is the inclusion of both positive and negative business risks. Obstacles associated with technology, company supply chains, and expansion are all analyzed and evaluated within an integrated plan that can affect overall organizational strategy and its daily operations.

Organizations should be prepared to face identified risks and also unknown risks. Not only do the right management systems need to be in place but they need to be tested and monitored accordingly with constant improvement as the goal. Risk management provides company leaders and stakeholders with peace of mind in a fast-evolving business climate.

In addition to best practice guidelines such as the Business Continuity Institute (BCI) and International Security Organization (ISO) standards are a great place to start in ensuring your enterprise risk management program is up to date.

 ISO 27001

Information Security Risks can affect an organization’s assets, information, and reputation.

 ISO 22301

Business continuity management helps an organization identify, mitigate, and recover from risks that can affect operations.

 ISO 31000

Risk management plays a key role in an organization’s performance. Organizations increasingly focus on identifying risks and managing them before they hamper business performance.

 ISO 55001

Asset management is defined as the “coordinated activity of an organization to realize value from assets,” therefore, it’s vital for companies because it influences the balancing of costs, opportunities, and risks against the desired performance of identified key assets.

 ISO 37001

An anti-bribery management system based on ISO 37001 helps companies prevent, detect and address bribery aiming for improved ethical business culture. A robust program is one of the keys to protecting an organization. Having an enterprise risk management steering committee made up of the various risk areas is another.

Michael C. Redmond, PhD, MBA, MBCP, FBCI, CEM, ISO certifications, is serving as lead strategic consultant on the IT consulting team at EFPR Group. She is a recognized international consultant, auditor, speaker, author, and trainer. Redmond is a former member of the DRJ Editorial Advisory Board.

 ** This article was reprinted with permission of Disaster Recovery Journal, 2016


For more information call