Skip to Main Content


Aligning Resources to Address the Risk Behind the Curtain


As companies go down the path of working on identifying and managing risks within their organizations, it’s hugely important to take the opportunity to make critical resource allocation decisions based on what is uncovered to mitigate that risk. 

Identifying risk and mitigating it is a fairly simple concept.  For example, you suspect Mrs. Gulch is really the Wicked Witch, and once you’ve confirmed that fact, that bucket of water sure does come in handy mitigating that particular risk.  But what if you don’t have a source for the water and bucket to haul it in? 

While corporate initiatives to identify and manage risk are critical in making informed decisions about risk mitigation resource investment, the line of business leaders are the ones tasked with the resource load planning that reduces exposure to risk.  In turn, IT budgets are heavily influenced based on the assumption that money spent here will help to protect against corporate risk.

Once the key strategic issues are identified and mitigated throughout the organization, what remains is the day-do-day preventable operational risk where each instance of risk needs to be identified in the context of operational processes, and specific mitigation needs to be applied.  It is in this process context that resource decisions about controlling and mitigating risk gets to the heart of the issue.  It is at this level that audits pass or fail based on these resource allocation decisions.

So in the context of these operational processes, there are 4 key components in gaining the necessary transparency so resource investments can be allocated appropriately to mitigate risk:

  1. Identify risk instances on activities that may encounter them and consider using forward looking KRIs (Key Risk Indicators) on these instances to accurately assess likelihood and impact.
  2. Aggregate risk to the process level based on risk instances at the activity level to better handle the ongoing change to these business processes and the corresponding impact on risk assessment.
  3. Apply control instances to risk instances and use KCIs (Key Control Indicators) to assess effectiveness of control instances.  These KCIs might include consideration of process automation or manual test metrics on controlling processes. 
  4. Rollup and/or report on KCI values in conjunction with risk criticality to highlight hotspots and opportunities for resource investment to improve risk mitigation effectivity at the exact spots in your processes.  This will make the greatest impact and provide positive audit outcomes.

Understanding risk in the context of your operational business processes is key to effective and demonstrable risk mitigation.  This kind of transparency is critical for organizational alignment and solid business decisions around resource allocation.

Learn more about Risk Management

Related Posts

5 Questions with Ed – BPM Sustainability – Part 2

  • clock 10. August 2021
  • author-icon Robert Thacker

In part 1 of iGrafx Chief Evangelist Ed Maddock interview with the PEX Network, he spoke about the  how the past year has shaped current...

Read More

Business Modeling During & After Major Disruptions

  • clock 26. February 2021
  • author-icon Ed Maddock

When it comes to business modeling during and after major disruptions, you can safely assume new regulations are going to come into play. We can...

Read More

Can Technology Help with Risk Management?

  • clock 24. February 2021
  • author-icon Ed Maddock

Can technology such as process mining help with Risk Management? The answer is both Yes and No. Process Mining Process Mining is a fantastic tool...

Read More

Leave a Reply

Your email address will not be published.