With expanding regulatory requirements, increasingly active shareholders, and general economic uncertainty, risk seems to taunt the corporation from every direction these days. As a result, executives at a lot of organizations are becoming more focused on identifying risks, measuring them and then managing their exposure, reports Pam Baker at CIOUpdate.

Traditionally, risk management software focused on credit and market risks, but as Baker notes, this approach didn't prove entirely successful,  to say the least.

"It is now generally accepted and understood that the models used pre-2008 often incorporated oversimplified and/or inaccurate ways to represent risk and uncertainty," said Randy Heffernan, vice president of risk analysis firm Palisade. "Ranges of values may have been used to represent risk and return, but the models often ignored 'the tails,' or the more extreme possible outcomes. Historical market data existed which, if properly analyzed, contradicted many of the assumptions that were being used during 'the bubble.' It turns out the rare, extreme events weren't quite so rare after all."

The risk management model has been expanded and modified in the last few years, and the new financial risk model takes into account liquidity risk and the need to protect companies during tough economic conditions. However, enterprise risk is no longer solely about financial risk, and it is no longer just the finance side of the house that is involved in managing it. Companies have discovered that risks overlap, and IT is called on to handle an expanding convergence of risks, including operational, financial, insurance, technology, distribution, storage and more.

"Risk cannot always be divided into separate categories," Heffernan said. "All risks are interrelated, and so too must an organization's risk modeling. It's unrealistic to assume that what goes on in the credit risk department is not going to affect what happens in operations risk, for example."

Spreadsheets are no longer the heart and soul of risk management, as companies gain a better sense of how various risks throughout the organization affect each other. IT groups are having to provide more sophisticated tools to unite the risks from among the organization's silos.

For more:
- see Pam Baker's article at CIOUpdate

Related Articles:
How to really know your security risks
Are chief risk officers encroaching on your job?
Financial liability is one risk of cloud-based services