Complete Loss Risk Management - 360inControl® - Internes Kontrollsystem für das Digitale Zeitalter

360inControl® - Blog | Heike Klaus/23. November 2023/Governance Risk & Compliance, Risk Management

COMPLETE LOSS RISK MANAGEMENT - The only successful approach! is equal to Zero Trust for Cybersecurity!

Complete Loss Risk Management (CLRM) is for risk management the same as Zero Trust is for Cybersecurity! Both approaches are ingeniously simple and, at the same time, game changers toward a more secure and sustainable, and resilient business environment.

ZERO TRUST

What you read about «Zero Trust» is that it is a model or framework based on the decision to deny all access by default. Each access of users, services, applications, etc., is granted on a conscious decision and restricted as much as possible. What most experts forget to mention is that regular review/reapproval is crucial to the success of the concept. Simple to understand, maybe not so simple to implement.

COMPLETE LOSS RISK MANAGEMENT (CLRM)

CLRM assumes that you can lose any business-relevant asset (tangible and non-tangible) at any time to the full extent. The benefit of this Risk Management approach is that you cover Business Continuity preparation in the same thought. Also, a simple concept, right?

The Subject Matter Experts are the main difficulty in implementing this concept. They will give you thousands of reasons why it’s not that easy, and so far, everything has always worked out.

Lets us give you an example of how CLRM could have worked:

If the EU countries had acted according to the CLRM, they would have been better prepared for the loss of Russian gas. CLRM would have asked before signing the contract and in regular intervals: “what happens if this supplier does not deliver tomorrow? How to minimize my loss? In the finance sector, this is known as «hedging».

CLRM IMPLEMENTATION

The implementation is based on further basic principles that are not only relevant for safety and worst-case scenarios, but also make economic sense.

INVENTORY
All assets are inventoried
RESPONSIBILITY

Each asset has a responsible person
CLASSIFICATION

Each asset is classified according to its business relevance
DEPENDENCIES

The dependencies and the relationships of assets are known
REVIEW & PROTECT

Regular review of effective protection vs. protection needs according to classification
RISK MANAGEMENT

Management of protective measures/risk minimization
PLAN DO CHECK ACT (PDCA)

Regular monitoring of these principles

A risk manager once told us, «I can’t go to the Board of Directors with every risk as a total loss.» Our answer: You don’t have to, only with those for which there is no adequate plan B, no alternative, no workaround.

These are the essential information the board wants and needs to know.

We are more than happy to support you!

Interested in more information?

Book a Demo