Many CROs are struggling to implement a Risk management framework. Strong compliance requirements from stakeholders, law or ethics are putting the heat on Risk management. A number of different practices and recommendations have emerged such as COSO, ISO 31000 or COBIT.

The focus has expanded from traditional insurable values such as buildings and infrastructure to other intangible values that are critical for the business. The challenge is to control these critical assets and monitor events that can affect the business in many ways:

• What if the Logistic system is down?
• What if our Key account manager quits?
• What if a Key supplier gets into financial difficulty?
• What if there is a political decision increasing the emission tax? etc.

There are so many What if's that a systematic approach is essential.

The responsibility of Risk management is to define the Risk management process, provide appropriate tools and implement it in the organization.

To be able to control and monitor all organizational risk, Risk management needs to be integrated in all corporate activities. This means collecting data from many different sources, for example Project management, IS/IT, Environment, Strategies, Incident and Event reporting, Quality management etc.

Here is a challenge - will these areas invite the CRO into the processes?

Another important - and helpful - player to cooperate with is internal audit. Risk management defines the Risk management process - Internal audit controls to which extent it is implemented.

In the iFACTS Concept and Software all these different activities and roles are working in the same systematic approach, and in the same database giving powerful control and reporting.

And for the CRO it is not longer about being invited to all business activities, it is about logging on.