Conference Presentations by James Bone
Society of Risk Analysis, 2021
Enterprise risk management frameworks (such as, COSO ERM, ISO 31000, and NIST's Cybersecurity gui... more Enterprise risk management frameworks (such as, COSO ERM, ISO 31000, and NIST's Cybersecurity guidance) have one thing in common. Each of the traditional risk frameworks are based on guidance for establishing rudimentary foundations for the development of risk management programs. Along the way, the term "guidance" has been confused or substituted with "standard(s)" of risk practice and in many cases (especially for early adopters) is assumed to be the summation of a mature risk management program. The challenge traditional risk frameworks face is that the "E" in enterprise risk management is no longer applicable as the world transitions to Industry 4.0 and hybrid models of business and military operations. Technology has extended the walls of the enterprise to the cloud and a variety of third-party and tertiary vendors who do not maintain the same standards as self-contained organizations. Secondarily, but more importantly, none of the traditional risk frameworks include scientific rigor found in Prospect Theory, Decision Science, Behavioral Science, Cognitive Science, or the lesser sciences of Human Factor Analysis. The existing gaps in traditional risk frameworks expose organizations to greater risks at the same time of increasing technological complexity, higher rates of cyber threats and advancements in artificial intelligence which creates an inflection point in corporate governance writ large. This article proposes the need for additional rigor in traditional risk guidance or wholesale revisions to the concept of risk management practice in corporate governance.
Uploads
Conference Presentations by James Bone