Frank Romeike | RiskNET – The Risk Management Network
“If the ship is on the wrong course, it is not enough to change the captain – you have to change the course.” The scenario described by the Czech writer Pavel Kosorin is a reflection for many companies. To put it casually, it could also mean: If the business is not running, the managing director has to go. That’s the deal.
What companies and their supervisory bodies neglect, however, is usually a fundamental change of strategy in the overall organisation. But in our times this would be quite appropriate – especially in view of the risk map of many companies.
If you open up this map, it becomes large, bigger and at the same time more unwieldy to use. It is therefore only of limited use for risk orientation. Among other things, this illustrates the range of risks – from geopolitics to advancing climate change to crisis-ridden economies.
For business leaders, this is reason enough to better prepare their own organisations for stormy times. After all, lifeboats should not be built in the storm. But to do so, the change of course in the direction of modern risk management is imperative in order not to sail straight into the biggest storm with open eyes.
GBTEC had already integrated a simulation engine into its own risk management software BIC GRC Solutions in 2019. The holistic GRC software enables different GRC use cases to be mapped integratively. The advantage according to GBTEC: “Medium to large corporate and group structures benefit from a noticeably reduced workload with optimised GRC processes at the same time.” The company’s already more than 15 years of experience in dealing with complex GRC implementations from practical experience, including in very large corporate groups, is an advantage. Brandstätter explains the simulation engine: “We are trying to demystify simulation with it, because there are still too many risk managers who see the topic as too complex. To simplify the overall process, we design certain use cases that ultimately fulfil what IWD PS 340 requires.”
These existing best practice use cases make the introduction of quantitative risk assessment according to IDW PS 340 much easier. On the one hand, large organizations with complex structures benefit, but on the other hand, smaller companies that find an easy start in the world of quantification with the out-of-the-box standard solutions that can be used quickly.
Especially with regard to complexity, risk managers of medium-sized companies have a lot of catching up to do, partly because they lack the capacities. “SMEs don’t have auditors or consultancies in-house in advance who develop concepts tailored to their needs and with which they come to us,” Brandstätter explains. Conversely, for GBTEC this means working with more standards in order to put medium-sized companies in the same position as large corporations. The keyword is best practice approaches. Brandstätter says: “These approaches should enable risk managers in medium-sized companies to achieve a result within a few days.” With its standard solution, GBTEC offers a ready-made kit for this purpose – from enterprise risk management to data protection to business continuity.
Brandstätter sees this as a starting point. And yet GBTEC is thinking ahead, i.e. it has set the compass to the future. For medium-sized companies are enabled to expand the solution in the future with the help of the GBTEC solution. “Companies can expand the respective solution step by step and ultimately increase the level of maturity in the entire risk management process,” Brandstätter sums up. This allows companies to change course – while maintaining full control over their own “ship” and setting sail for the future. And that means discovering the terra incognita in the form of opportunities and modern risk management.
Discover the effective way to aggregate and simulate risks with BIC Enterprise Risk. (webinar in german)
Request webinar recording