Threat Exposure Management: Risk | Resilience | Change
Enterprise risk management (ERM), as conceptualized by the COSO and ISO 31000 frameworks, is the 'gold standard' for organizations wishing to aggressively management internal as well as external threats. However, even advanced ERM practices tend to focus, primarily, on risks that exhibit mathematically-estimable properties, which tend to effectively narrow their assessment scope to known, recurring risks. Furthermore, business organizations tend to rely on multiple planning, control and response mechanisms, which operate as stand alone, self-focused business functions. To that end, most larger firms have formal ‘risk management’ function, many have formal ‘business continuity’ and ‘emergency management’ capabilities, and some even have somewhat formalized ‘change management’ capabilities – however, in almost no cases are those functions tied together by a single total threat abatement control and coEnterprise Risk Management (ERM) is one of the most talked about topics in risk management, yet surprisingly little of that buzz has turned into reality. Why? Simply because for the vast majority of organizations this conceptually appealing idea is not operationally feasible.ordination system. All considered, ERM, in spite of its name is not truly enterprise-wide in scope, which means that a new, broader framework is needed.
Threat Exposure Management: Risk, Resilience, Change presents a broad framework which amalgamates the 'traditional' risk management practices, organizational resilience (itself is a newly-crystalized discipline combining emergency management, inclusive of disaster risk reduction), business continuity planning, and change management. Based on three foundations of knowledge, agility and communication, the Threat Exposure Management (TEM) framework conceptualizes the currently stand-alone disciplines of risk management, organizational resilience, business continuity planning, and change management as integrated parts of a singular threat abatement organizational management infrastructure. The framework casts risk management as a 'shield' the goal of which is to deflect risks, while it depicts organizational resilience as a 'buffer', the goal of which is to absorb those threats that the 'risk management shield' cannot deflect. Lastly, the TEM framework conceptualizes change management quite differently - although in principle, self-imposed organizational change can certainly be a source of risk, the TEM framework views it as a source of growth. An updated revision of the earlier released Total Exposure Management, Threat Exposure Management combines a summary of established thinking, primarily in the areas of risk management and organizational resilience, with some new theoretical constructs and computational approaches, primarily in the area of change management.
Copyright 2017, Erudite Analytics, Paperback, 288 pages. $49.95.