Leadership Solutions


Security Barometer - Centralized Risk Repository

A centralized repository of risks provides a robust foundation for an effective risk management program. The Security Executive Council, the premier provider of services to the top tier of security and risk management practitioners globally, has performed extensive research around generating business value from risk management. This latest Security Executive Council quick poll covering centralized risk repositories shares some enlightening results.

It turns out that although 90% of respondents felt a risk repository was worth the effort only 44% currently had one. In addition, the reasons why 44% have not been able to get a repository up and running yet appear to be mostly due to lack of resources and/or executive support.

Have you created a centralized repository of identified risks to you organization?

Your peers provided some very interesting and worthwhile advice regarding risk repositories. While there were too many responses to list them all, here is a summary of a selected few...

  • A centralized risk repository enables stronger relationships with your internal customers. It serves as the focus of meetings to address risk issues. These meetings help get the business to collaborate in the planning of improvements as well as help security to understand and talk the language of business.
  • Out of the process of analyzing the repository comes the development of a strategy.
  • "Interdependence and a systemic view becomes clearer."
  • [From the risk repository] "I have obtained incredible insights in terms of decision support and analyzing new trends."
  • Although creating a risk repository on a shoestring budget is still worthwhile, after starting out using an Excel spreadsheet one respondent suggested that a database would have been a better for storing the collected information.

While it is clear that the organization benefits from a risk repository, your personal career can also be enhanced through the necessary interaction with various business groups. Take the time during this process to learn and understand the business. Further insight will be gained from the analysis and utilization of the contents of the repository. The best way to create the repository is to get IT, Safety, Audit and the rest of the business to contribute to and collaborate on the work. If done well, your leadership will come to see the value you and your security and risk management team brings to the organization.

As a resource of expert experienced advice, the Security Executive Council is the number one provider of products and services to security and risk mitigation executives. If you are looking for ways to increase the value your team provides to your organization please contact us.

Click here for more information about the Security Executive Council.