In this episode of ByteWise Podcast, Daniela, Brian, and Glen chat with Jeff Owen, Chief Operating Officer at Rochdale, a credit union services organization (CUSO) specializing in enterprise risk management (ERM). They delve into the often misunderstood concepts of risk appetite and risk tolerance, emphasizing their importance in the information security and technology space. Jeff shares his insights on defining ERM, establishing risk appetite statements, and integrating them into strategic decision-making. He also discusses the challenges of gaining buy-in for risk management initiatives and provides actionable advice for incorporating risk appetite statements into cybersecurity strategies.
Key Takeaways:
- Defining ERM: Jeff emphasizes the importance of understanding ERM's objectives before jumping into discussions, highlighting the need for a holistic approach that considers the biggest risks tied to organizational objectives.
- Risk Appetite vs. Risk Tolerance: Jeff differentiates between risk appetite (broad, qualitative view of acceptable risk) and risk tolerance (detailed, quantitative boundaries on specific risks).
- Establishing Risk Appetite Statements: Jeff outlines a step-by-step process involving dialogue between the board and executive team, incorporating risk categories and objectives, and creating hypothetical scenarios to gauge risk tolerance.
- Communicating Risk Appetite Statements: Jeff stresses the importance of communicating risk appetite statements to decision-makers across the organization, ensuring they understand and can leverage them in their roles.
- Cyber Risk Appetite: Jeff acknowledges the increased focus on cyber risk from regulators and boards and discusses incorporating cyber risk as a separate risk category in risk appetite statements.
- Integrating Risk Appetite with Strategy: Jeff highlights the value of integrating risk appetite conversations into strategic planning to proactively address risks and opportunities.
- Following Up on Risk Appetite Statements: Jeff suggests identifying measurable risk tolerances, tracking adherence to them, and establishing processes to address breaches.
- Example Risk Appetite Statement: Jeff shares an example risk appetite statement that balances an aggressive strategic plan for partnering with innovative technology providers with the importance of protecting member data and maintaining member confidence.
Guest Information:
Jeff Owen, Chief Operating Officer at Rochdale
- LinkedIn: Jeff Owen
- Email: jowen@rochdaleparagon.com
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.