Posted by: Scot Petersen
CIO, risk management
Final Four bracket pools are not just for basketball fans anymore.
In an unusual risk management analysis methodology, payroll and human resource services provider Paychex breaks down its risk factors into four regions and pits them against one another.
Frank Fiorille, director of risk management for Paychex, presented an overview of the company’s risk analysis process at the 18th Edition SOX Compliance & Evolution to GRC conference in Boston on May 17.
In this version of March Madness, the Final Four is comprised of financial risks, hazard risks, strategic risks and operational risks. In the example Fiorille presented, each region is assigned 16 risks, which then compete against each other in live votes among the company’s leaders, to determine the risk champions in each region.
The brackets are whittled down to a Sweet 16, four in each region, before being put through more rigorous tests, vetting and quantitative analysis, and then ranked again on heat maps.
“Risk management is part art and part science,” Fiorille said, “but the business units know their risks the best.”