Canadian Underwriter
News

Why risk managers need to go beyond heat maps


August 15, 2019   by Greg Meckbach


Print this page Share

Risk managers using colour-coded heat maps may be pressed by their bosses for more specific information on their exposures, a new risk management expert at KPMG Canada suggests.

Heat maps are a way for risk managers to report risks to stakeholders within the organization, Deloitte explains in a report.

With a heat map, a risk manager will often prioritize risks by designating them as very high, high, medium, or low.

But some risk managers are being asked to put an actual number on their risk, suggested Sree Kunnath, a partner with KPMG Canada, in an interview.

If CEOs or senior executives looks at a traditional heat map, they will know some risks are high, low or medium, said Kunnath. But senior executives are asking risk managers to put a number on how much money the organization would lose and how much it needs to invest in order to reduce the risk, he added.

Deloitte gave a hypothetical example of a heat map in an earlier report, titled Risk Assessment In Practice. In Deloitte’s example, a company identified 60 risks and assessed the impact of those risks and the likelihood the risks would materialize. That assessment was based on interviews, workshops and a survey.

After further analysis, the risks were plotted on a graph and 12 were considered very high. Among those 12 were supply chain disruption, shift in customer preferences, rising copper prices, work stoppage and exchange rate fluctuations.

Executives are increasingly looking to their risk managers to provide more than just a qualitative insight, said KPMG’s Kunnath.

Kunnath and his team joined KPMG from Sargon Solutions, where they focused on integrated governance risk and compliance services, KPMG Canada said in a release last month.

Kunnath recently spoke with Canadian Underwriter about major trends in governance, risk management and compliance.

Technology has been changing tremendously over the last three years, said Kunnath.

At many organizations, the number of end points on the IT network has increased. This includes mobile devices and cloud-enabled devices. The more connected devices an organization has, the greater the threat of a cyber breach.

Cyber security measures are sometimes overlooked, given the speed at which organizations are introducing new technologies, warned Kunnath.