Although in ISO 31000 monitoring risk is another of its key tenets, I again see little monitoring in most risk management systems. Periodic review, dashboards, heat maps, and KRI reports are all Review (a different ISO 31000 tenet) not monitoring. IoT technology can deliver real-time monitoring of risk for more than just physical environmental metrics.
Enterprise Compliance Today
The failed Risk Management practice of the ubiquitous risk matrix will finally be laid to rest in the 2020s. Vague subjective estimation of likelihoods and consequences will be replaced with Predictive Analytics objective predictions, based historical patterns and current trends, leading to informed risk based decision making.
Regardless of the hype surrounding Predictive Analytics, and even the fact there are some excellent and relatively inexpensive tools available, not only has its implementation been weak, but a 2017 Gartner survey found in many areas investment is going backwards.