This entry is part 2 of 9 in the series CEO-to-CEO

CEO-to-CEO – Top 5 Questions CEOs Should Ask Themselves & Board About Risk Management

Governance is usually defined as a system of processes and controls that ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-upon enterprise objectives to be achieved; setting direction through prioritization and decision making; and, monitoring performance and compliance against agreed-upon direction and objectives.

Risk Management Governance

Risk Management Governance is a strategic business practice area that is part of overall governance and ensures that:

  • Risk management activities align with the enterprise’s opportunity and loss capacity and leadership’s subjective tolerance of it; and,
  • The risk management strategy is aligned with the overall business strategy

In this brief post in my CEO-to-CEO series, I invite CEOs to raise and discuss these five important questions in their next board meeting:

  1. To what extent of has the board issued guidance for risk management?
  2. To what degree is there awareness of external requirements for risk management in the organization?
  3. To what extent do senior executives held responsible to consider all aspects of risk in their decisions?
  4. To what degree is there recognition of the need to actively manage risk in the organization?
  5. To what degree has the Board defined the organization’s risk appetite and risk tolerance across the risk universe?

Most directors recognize that risk management governance is a critical responsibility of the board. This involves ensuring that management has a process in place for identifying key risks and an approach to mitigate these risks to an acceptable level. If these risks are not properly identified and managed, there can be significant ramifications, affecting the company’s brand, bottom line, and ultimately, shareholder value.

In this current climate, it’s an absolute necessity that CEOs and their Boards become actively involved in business risk management in general and information risk management in particular.  The questions above provide a good starting point for discussion.

HIPAA Privacy, Security and Compliance Risk Management Resources Available to You

Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Series Navigation<< CEO-to-CEO – Top 5 Questions CEOs Should Ask About Information Risk ManagementCEO-to-CEO – 3 Privacy, Security & Compliance Risk Management Items of Interest >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.