+1 (888) 982-9248

Archive for category: Risk Assessment


5 Basic Steps to Get Started in Enterprise Risk Management

If you are an innovative firm, then managing risk is an essential part of doing business. There are no standard enterprise risk management (ERM) plans that fit every technology firm. Each innovative firm is different and an Enterprise Risk Management program has to be designed to fit the specific needs on an individual business.

But there are five basic steps that a technology firm can take when starting their Enterprise Risk Management program. The ERM program should reflect the company’s culture and particular structure.

1. Personnel – The first step to developing an effective ERM plan is to involve key company personal. A team has to be assembled that will be responsible for overseeing the creation of the ERM plan as well as its implementation. Who are the key people in your organization that will be involved in establishing your enterprise risk management program?

2. Preparation – ERM preparation requires a realistic approach. By now you should have taken the basic steps to identify the critical risks that your organization faces. The next step will be to better determine your level of acceptable risk retention. Implementing an ERM program can help you broaden your scope of methods for managing those risks.

3. Documentation – The research involved with creating a company’s ERM plan needs to be thoroughly documented. This may involve interviewing key managers as well as conducting risk surveys and more. Sharing such documents among key personal can provide valuable ideas and provide resolutions for better managing those risks. The ERM plan should now be put together and reviewed. But keep in mind, an ERM program is always a working document. As your organization grows and changes, your ERM program will need to adjust.

4. Implementation – Once the ERM plan is created and passes the approval process, it is time to put it into place. All people involved with the ERM plan must be know their responsibilities. The plan needs to have event identification, risk impact response as well as defined actions that will be taken. An ERM plan without any implementation is not helpful in moving your organization to a higher level.

5. Monitor – Once an ERM plan has been created and put in place, it’s important it also be supervised. This can involve periodic audits, reviews, assessments and more. Effective supervision might also involve third parties to make certain the ERM plan is current and meeting all designated goals. Regular ERM monitoring will need to be done for the long term.

It’s important for companies in the technology and life sciences industries to manage all of their organizational risks. To do this properly may require getting assistance from industry experts. The members of TechAssure Association have the knowledge and experience necessary to provide expert advice for effective risk management. Contact us today to learn more.


Cyberliability Costs Can Challenge Emerging Growth Firms

More and more focus has been put on cyberliability. Internet data breaches, denial of service attacks, and other cyber losses affect Fortune 500 companies as well as small businesses. Loss of customers, sales, costs of investigations, responding to losses, lawsuits and regulatory fines can be astounding. Ponemon Institute estimates that costs to remediate compromises caused by loss or breach can run as high as $200 per affected account. At that rate, it’s easy to imagine how costs can quickly run into the millions of dollars. Most media coverage goes to the big companies, but small companies also run the risk of cyberliability expenses. Big businesses can more easily absorb or has the means to stave off such costs. But emerging companies may be left bare.

Fortunately, there is some help from the insurance industry. In response to serious gaps left by typical liability coverage, companies continue to fine tune their insurance products for cyberliability exposures for emerging firms. Most old policies only covered physical losses such as damage to servers, laptops, or other hardware; the data itself wasn’t protected. The new cyberliablilty policies can be tailored to cover almost any loss, whether tangible or not. In this way, small businesses can protect themselves because of an error, theft, or malicious act against them.

As with any other type of insurance, coverage, rates and reimbursement policies vary from provider to provider. For more information and tips on protecting your corporation from cyberliability exposures, please give us a call and we will connect you with a TechAssure member.


Why Change our Risk Assessment Process?

There are cases where a technology company built a risk assessment process that worked well for a few years. But then a single event came along that made their risk assessment process less valuable. It may have been an M&A, a shift in business or growth in unforeseen areas. Unfortunately, it is sometimes too late once they discover that the risk assessment process that was being used was outdated.

The dynamics that affect the risks that technology firms take are always evolving. If your organization has experienced changes, it’s not too late to adjust your risk assessment process to be dynamic.

For more information about risk assessment for technology firms, please contact a TechAssure member.


The Role of Technology in Risk Assessments

The role of technology in your risk assessment process can make a big difference in how your organization uses data. The use of technology can make it easier to pin-point certain business units, risk challenges and analyze the resulting data.

But with anything, the use of technology is only as good as the processes your organization has in place. Using technology in the risk assessment process requires that people still validate and correctly interpret the results.

For more information about building a risk assessment using technology, please contact a TechAssure member


How Often Should Risk Assessments Occur?

Some technology companies conduct an annual risk assessment, while others have a more frequent assessment of their organizational risks. We often get the question about the frequency that risk assessments be conducted.

Most of the time, an annual risk assessment is not enough for technology firms. The risks that these organizations face are not “static”, they are “dynamic”. Many of the emerging firms experience a great deal of organizational change in a very short period of time. In addition, our experience has been that more investors and shareholders are asking “what if” questions that relate to risk and opportunity.

A solid, and regular, risk assessment process can help your organization make decisions and become a foundation for building a dynamic risk assessment process in your organization.

For more information about risk assessment for technology firms, please contact a TechAssure member.


What Should Your Risk Assessment Process Include?

Technology firms live in the “unknown” world. So it is not a surprise when we get responses from the technology industry that believe that the risk assessment process is something that is too focused on the unknown.

One of the most common questions we get from technology firms about risk assessment is how to adjust the process to address the unknown.

True, your risk assessment is a snapshot of your current environment. In order to adjust your risk assessment process to include the unknown, you should include monitoring activities. These monitoring activities should include a complete view of the threats and opportunities that your firm faces.

For more information about risk assessment for technology firms, please contact a TechAssure member.