Risk visualization can help executives make decisions not only to manage risks but to optimize outcomes and achieve objectives.
I have to agree with the author of Are we witnessing the demise of the risk register (and the rise of risk visualisation)?
He says, “I loathe risk registers”.
So do, but for different reasons.
He loathes them because “they are boring, one dimensional and poorly prioritised lists that lack context and often serve to satisfy a requirement rather than a purpose”.
Now that’s true.
But I loathe them because they are risk-centric and not objective-centric. They don’t help understand the likelihood of success: the achievement of objectives, the satisfactory completion of projects, and so on.
I do agree with him that staid reports can be replaced with far more interesting and useful visualizations.
I don’t know whether they still do this, but executives at SAP used to have a great visual depiction of the current level of performance and the status of risks on each of the revenue opportunities they were responsible for.
This is how I described it in World-Class Risk Management.
In my last year with SAP, one of the risk management leaders showed me an iPad app he was developing for the senior executive team. Each would be able to see, on a single screen, each of his or her objectives with an indicator as to whether everything was “green” (on target), “yellow” (potential issues), or “red” (serious issues). By clicking on the objective, the executive could drill down to the next level and see detailed information about its status. That information would include both performance and status information, presenting the information that the executive needed to understand and initiate appropriate actions.
This is risk information, integrated with performance information, that helps executives make decisions not only to manage risks but to optimize outcomes and achieve objectives.
I also saw a tablet app for information security managers. A network diagram indicated the level of attacks and the related level of risk (as defined by the CISO) at each point. If there was an attack that met defined criteria, an alert would appear on the screen.
If we want to help people make informed decisions, it is not enough to give them a report with the information.
It is essential that the information is highlighted for their immediate attention and presented in an actionable form.
I spent some time on the web looking for examples of visualization tools and graphics that would fit the bill; but while I found some articles and some links to books, my search was in vain.
Does your organization use graphics, charts, or other 21st century tools to provide decision-makers with the information they need – current performance and the state of the road ahead?
Is it better than what I have included in my book?
Please share. I also welcome your comments.
He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
Latest posts by Norman D. Marks, CPA, CRMA (see all)
- How effective are your systems of governance, risk, and control/compliance (GRC)? - October 19, 2021
- Delivering value from IT audit - September 22, 2021
- Selecting software for risk management - August 18, 2021