Effective Risk Management


Dr. David Marlett, the Managing Director of the Brantley Risk and Insurance Center in Appalachian State University’s Walker College of Business, has seen and analyzed the importance of risk management closely. Dr. Marlett while growing up in Florida, has observed firsthand the severe impact of hurricanes on communities and the economy. Hence, Dr. Marlett made it his single focus to manage the catastrophic risk, which now he has made it his teaching and research niche. He is among the many Appalachian faculties who create life-changing experiences in the classroom and beyond. Talking to Appalachian Today, an online publication of Appalachian State University Dr. Marlett emphasized on the importance of effective risk management.

According to Dr. Marlett, there is a tremendous amount of ambiguity in the society at this time with an impact of workplace violence, climate change, harassment cases and cyber risk, which are few of the many that are affecting the society. Risk management is about safeguarding people and enhancing their quality of living. Successful risk management and a health insurance market can lead to a more flexible society and quicker recovery from adversity. If we do our jobs well, it will assist individuals to live more dynamic and contented lives. It will also facilitate businesses and communities to become more maintainable and able to circumvent and survive adverse events.

Need for Risk Management

One can say that risk management facilitates management to make intelligent and sharp decisions when planning, setting policy, making arrangements, and in the daily administration of the organization. It offers a reasonable guarantee that performance will be developed, objectives attained and preferred levels of value delivered to stakeholders.

Risk management also offers decision-makers with consistent, current, appropriate, and actionable information about the indecision that might influence the achievement of objectives. Risk management is progressive, iterative and sensitive to change and has been termed as systematic and structured. It is structured according to the requirements of the organization and updated/upgraded as desirable. This takes into account the culture of the organization, including how decisions are made, and the need to observe the program itself and recurrently improve it.

Risk management also considers human factors that may offer the possibility of failures to appropriately recognize, analyze, assess or treat risks into consideration and gives a reasonable assurance they are to overcome.

Effective Measures

The moment any organization talks about risk management, they need to know what exactly the term means. As per Gartner, numerous organizations are incoherent in the use and purpose of the word. So it’s no shocker that risk management often ends up being siloed into different functional areas such as security, business continuity, and privacy.

According to Gartner’s description, “A Risk Hierarchy for Enterprise and IT Risk Managers,” highlights the need for a complete view of risk. According to experts, an organization that wants to understand correctly and manage the uncertainties to which it is presented should begin with enterprise-specific risk definitions and an organizational risk authority to which all risk-related professionals can align. Although no particular description will work for all businesses, it is necessary to start from a conventional, overarching structure to eliminate overhang, avoid gaps in coverage and guarantee good governance.

To make risk management more productive in any IT organization, Gartner proposes seven steps:

  1. Execute a framework for risk evaluation and mapping.
  2. Describe the responsibilities of risk managers with their domains.
  3. Recognize and define the risks to which the company is exposed and how to plan incidents.
  4. Ascertain the threat level and concentrate on the likelihood that has the most critical potential to transform enterprise performance.
  5. Build standards of restrictions for processes corresponding with the apparent threat.
  6. Register and retain risk occurrence and near-miss information.
  7. Carry out a periodic risk assessment to ascertain changes in the company’s risk portrait and assess administration.