Don't forget, it's all about the People...
One thing that we can all hopefully agree on, is that the Risk community is full of clever and agile people.
This is due to working within an ever shifting world of regulations and threats, which constantly challenge the businesses we support.
Any risk managers, regardless of discipline, who fail to evolve and develop can often get swept aside by these changes and will ultimately leave their clients unprotected.
Unnecessary risk exposure can prove extremely costly, both financially and through reputation damage - as companies currently gambling with GDPR compliance may prove in the very near future.
However, a need to constantly evolve risk processes and policies can cause risk specialists to forget that people are a vital component of risk mitigation. Utilus often sees policies, processes and systems which ignore business requirements whilst assuming that staff innately understand their obligations and will follow blindly.
Although the value of staff in risk mitigation is beginning to be understood more widely, if world password day 2018 and Nutella can teach us anything, it's:
'...no matter how technical or complex a risk management solution is, people are the foundation...'
Agreed, the use of 'Nutella' as a password work accounts is unlikely, but the principle still stands.
After all, can you really be sure that staff aren't undermining expensive risk processes in such basic ways?
All clients are unique and any risk programme which ignores the people applying it, and their working culture, will ultimately fail. This is true at an enterprise level and covers all risk disciplines including business continuity and resilience.
So maybe its time to dust off those policies, review your technical processes and honestly ask yourselves if they pass the 'people' test:
Are staff aware of their obligations and responsibilities?
Do staff do what they are supposed to mitigate risk?
If they don't then, like Sainsbury's media training programme, you are not protected and we urge you to go back to basics before it's too late!
Sainsbury Chief Executive Mike Coupe prior to his ASDA merger Interview