Connect with Us

About Us

The Decision Factor offers insightful comments and observations on analytics—from views on new technology approaches and market dynamics to the latest industry trends driving demand for faster, smarter information analysis. This blog contains personal views, thoughts, and opinions from SAP employees, mentors, and friends working in the area of analytics. It’s not endorsed by SAP nor does it constitute an official communication of SAP.


Myths in Risk Management — You Don’t Need to Start with a Risk

Myths in Risk Management -- You Don't Need to Start with a Risk

Recently I was perusing a relatively unknown corner of ISO 31000 Risk Management —Principles and Guidelines— and long dormant memories flooded back.

The ISO section I was reading, Monitoring and Review (s 5.6), deals with the sorts of metrics that should be monitored to ensure the risk management system’s working. For example, it suggests monitoring indicators of control effectiveness, incidents (near misses), issues, key risk indicators, loss events, and other relevant variables important to the risk management process.

Years ago, I was appointed manager of accounting for what was then a mid-sized oil and gas company with operations …

Myths in Risk Management — Exposing the Flaws of Risk Heat Maps

Risk Heat Map

Recently, I ran a round table discussion on the topic of enterprise risk management (ERM). The participants were all experienced risk managers in the private and public sectors. During a break, I overheard one participant sharing her experience in presenting a heat map to her board of directors as part of her ERM report. In her mind, the presentation was a disaster, and she decided to never again include a risk heat map as part of her presentation.

So what went wrong? Heat maps, like the one below, have been a staple of the risk management profession for years. For …

What’s Wrong with Risk?


Regardless of our school of thought (e.g. COSO ERM, ISO 3100 or others), for those of us who follow the progress of enterprise risk management (ERM), there’s little to encourage us. One recent study published by the ERM initiative at North Carolina State University, “Current State of Enterprise Risk Oversight,” is a case in point. Organizations continue to be caught off guard by unexpected risks. While the number of companies professing to have complete ERM processes has increased since 2009 (from 9 to 24 percent), 40 percent of all …

Why Are Risk Managers and Consultants Consumed By The Negative?

Reading documents

The Canadian Institute of Chartered Accountants has produced a variety of excellent board guidance on risk management and other topics. Their latest effort, written by John Caldwell, is A Framework for Board Oversight of Enterprise Risk. It does not meet, in my opinion, the CICA’s normal standard.

I am concerned that Mr. Caldwell has defined risk purely from the downside and failed to consider the ability to seize opportunities to achieve or surpass objectives. Does this concern you as much as it does me?

Last week, I …

Downsizing Enterprise Risk Management

Moving day at our house is approaching quickly. The the long-awaited downsizing has arrived. Decisions need to be made. What to keep, what to let go. Perfectly good, well-maintained clothing, furniture, and equipment that have served us well for years are finding a new home. We’re examining the contents of every closet, scruitinizing the contents of every drawer—basing our keep-or-toss decisions on three simple questions:

Is it really important? Will we use it? Do we need it?

It’s difficult and sometimes tedious work, but it’s having a surprising impact. Life is looking a lot …