{"id":1828,"date":"2025-10-10T13:49:19","date_gmt":"2025-10-10T13:49:19","guid":{"rendered":"https:\/\/big-cic.org.uk\/blog\/?p=1828"},"modified":"2025-12-01T17:06:52","modified_gmt":"2025-12-01T17:06:52","slug":"from-risk-lists-to-certainty-how-big-and-ocrum-can-close-the-mission-critical-oversight-gap","status":"publish","type":"post","link":"https:\/\/big-cic.org.uk\/blog\/from-risk-lists-to-certainty-how-big-and-ocrum-can-close-the-mission-critical-oversight-gap\/","title":{"rendered":"From Risk Lists to Certainty: How BIG and OCRUM Can Close the Mission-Critical Oversight Gap"},"content":{"rendered":"\n<p><strong>\u201cDoes your board receive reliable information on risk linked to your Mission Critical Objectives?\u201d<\/strong><\/p>\n\n\n\n<p><strong>Some would argue that <span style=\"text-decoration: underline;\">Most<\/span> boards would struggle to answer \u201cyes.\u201d<\/strong><\/p>\n\n\n\n<p><strong>The reason? Most governance frameworks focus on compliance and controls, not the <em>objectives<\/em> that determine whether the organisation succeeds or fails.<\/strong><\/p>\n\n\n\n<p>Come to our session 3rd December 12.30pm UK to hear the discussion (book below)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The Root Cause: Don\u2019t Tell \/ Don\u2019t Ask Governance<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/in\/tim-leech-01950013\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong><span style=\"text-decoration: underline;\">Tim Leech<\/span><\/strong><\/a> calls it the <strong>\u201cDon\u2019t Tell \/ Don\u2019t Ask Governance Syndrome.\u201d<\/strong><br>Boards avoid asking probing questions about risk to mission-critical objectives; management avoids volunteering uncomfortable truths.<\/p>\n\n\n\n<p>The result: mutual avoidance, information asymmetry, and oversight blindness.<br>Boards discuss generic \u201cTop 10 Risks,\u201d while uncertainty around the most vital objectives \u2014 safety, reputation, resilience, profitability \u2014 goes unseen until it\u2019s too late.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>OCRUM: Managing Uncertainty Where It Matters Most<\/strong><\/h3>\n\n\n\n<p>Tim\u2019s <strong>Objective Centric Risk and Uncertainty Management (OCRUM)<\/strong> approach reframes risk management around ISO\u2019s definition of risk \u2014 <em>\u201cthe effect of uncertainty on objectives.\u201d<\/em><\/p>\n\n\n\n<p>OCRUM makes <strong>Mission Critical Objectives (MCOs)<\/strong> the anchor point of governance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Each MCO has an <strong>Objective Owner\/Sponsor<\/strong> accountable for achieving it.<\/li>\n\n\n\n<li>Risks and uncertainties are mapped to these objectives, not to abstract categories.<\/li>\n\n\n\n<li>\u201cUncertainty ratings\u201d express confidence levels in achieving each objective \u2014 clear, actionable, and measurable.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-text-align-center\"><strong>As Tim notes, this transforms risk and internal audit from <em>police<\/em> functions to <em>performance enablers<\/em> \u2014 linking their work directly to strategy and outcomes.<\/strong><\/h4>\n\n\n\n<p>His real-world examples are diverse and striking: from preventing post-surgical infections and ensuring nuclear safety to managing pandemic readiness and financial reliability. The message is the same: <strong>objectives first, uncertainty second, compliance last.<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading has-text-align-center\"><a href=\"https:\/\/riskoversightsolutions.com\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong><span style=\"text-decoration: underline;\">More about OCRUM here<\/span><\/strong><\/a><\/h4>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>BIG: The Governance Spine That Makes It Work<\/strong><\/h3>\n\n\n\n<p><strong>Business Integrated Governance (BIG)<\/strong> provides the complementary <em>governance architecture<\/em>..<\/p>\n\n\n\n<p>Developed by The BIG CIC and c 150 contributing volunteer colleagues, BIG integrates <strong>purpose, strategy, performance, risk, and assurance<\/strong> into a unified operating model.<\/p>\n\n\n\n<p>Where OCRUM focuses on <em>how<\/em> to assess and manage uncertainty around objectives, BIG defines <em>how<\/em> to structure accountability, reporting, and decision-making around them.<\/p>\n\n\n\n<p>Its principles of <strong>fair accountability<\/strong> and <strong>strategy-to-execution alignment<\/strong> ensure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Objectives are cascaded and owned throughout the organisation.<\/li>\n\n\n\n<li>Information flows to the board are timely, integrated, and relevant.<\/li>\n\n\n\n<li>Governance oversight is proactive and purpose-driven, not reactive and compliance-bound.<\/li>\n<\/ul>\n\n\n\n<p>Together, BIG and OCRUM create the foundation for true <strong>objective-centric governance<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-text-align-center\"><a href=\"https:\/\/big-cic.org.uk\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong><span style=\"text-decoration: underline;\">More about BIG here<\/span><\/strong><\/a><\/h4>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Why Regulators (and Insurers) Aren\u2019t Forcing the Issue<\/strong><\/h3>\n\n\n\n<p>Tim points out that regulators remain reluctant to require boards to oversee MCO-related risks \u2014 fearing they\u2019d expand director liability or expose gaps in existing frameworks like COSO and ISO.<\/p>\n\n\n\n<p>He even suggests that if <strong>D&amp;O insurers<\/strong> began asking one simple underwriting question \u2014<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cDoes your board receive reliable information on risk linked to Mission Critical Objectives?\u201d<br>\u2014 it could revolutionise corporate governance.<\/p>\n<\/blockquote>\n\n\n\n<p>But since most boards couldn\u2019t yet answer \u201cyes,\u201d change will likely come from within:<br>forward-looking boards adopting frameworks like BIG and OCRUM to strengthen oversight voluntarily.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>A Call for Professional Transformation<\/strong><\/h3>\n\n\n\n<p>In another post, Tim challenges every profession \u2014 from engineers and auditors to clinicians and credit managers \u2014 to teach members how to assess and report the <em>effect of uncertainty on objectives<\/em>.<\/p>\n\n\n\n<p>That, he argues, is how risk and assurance can finally improve decision-making rather than tick boxes.<\/p>\n\n\n\n<p>BIG and OCRUM provide the structure and methodology to make that shift tangible.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The Future of Governance Is Objective-Centric<\/strong><\/h3>\n\n\n\n<p>The combination of <strong>Business Integrated Governance<\/strong> and <strong>Objective Centric Risk and Uncertainty Management<\/strong> offers boards and executives a clear, practical path forward:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>BIG<\/strong><\/th><th><strong>OCRUM<\/strong><\/th><\/tr><\/thead><tbody><tr><td>The <em>governance system<\/em> connecting purpose, strategy, risk, and assurance.<\/td><td>The <em>risk and assurance method<\/em> focusing on achieving Mission Critical Objectives amid uncertainty.<\/td><\/tr><tr><td>Board-level integration and accountability.<\/td><td>Management-level clarity and measurable uncertainty.<\/td><\/tr><tr><td>Framework for sustained value creation and protection.<\/td><td>Engine for informed, objective-driven decision-making.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Together, they enable what current frameworks avoid:<br><strong>uncertainty-led governance<\/strong> \u2014 where boards oversee <strong>not just what could go wrong, but how confident the organisation really is about achieving what matters most.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary of Tim&#8217;s recent posts which inform this article<\/h2>\n\n\n\n<p>These links go to the <a href=\"https:\/\/www.linkedin.com\/groups\/13651399\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong><span style=\"text-decoration: underline;\">BIG CIC LinkedIn Group<\/span><\/strong><\/a> &#8211; you are welcome to join.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7381666986344210432?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAAC2Mm8BNnWRGhCDmv7ABSe2grEH3zRhzMc\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong><span style=\"text-decoration: underline;\">Post 1 \u2192 informs the opening framing, regulatory &amp; insurance context, and accountability gap.<\/span><\/strong><\/a><\/p>\n\n\n\n<p><strong><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7380946868413026305?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAAC2Mm8BNnWRGhCDmv7ABSe2grEH3zRhzMc\" target=\"_blank\" rel=\"noopener\" title=\"\">Post 2 \u2192 underpins OCRUM\u2019s methodology, real-world examples, and call for professional training.<\/a><\/span><\/strong><\/p>\n\n\n\n<p><strong><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7379146078346035200?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAAC2Mm8BNnWRGhCDmv7ABSe2grEH3zRhzMc\" target=\"_blank\" rel=\"noopener\" title=\"\">Post 3 \u2192 supplies the governance-culture critique (Don\u2019t Tell \/ Don\u2019t Ask Syndrome).<\/a><\/span><\/strong><\/p>\n\n\n\n<p><strong><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7378413076775084033?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAAC2Mm8BNnWRGhCDmv7ABSe2grEH3zRhzMc\" target=\"_blank\" rel=\"noopener\" title=\"\">Post 4 \u2192 provides the framework critique (COSO\/ISO) and rationale for the objective-centric reframing.<\/a><\/span><\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Join the Discussion<\/strong><\/h3>\n\n\n\n<p>Governance needs more than compliance reform \u2014 it needs integration and courage.<br>Join the conversation at the <strong>BIG CIC Conference on 3rd December 2025, 120.30 PM UK<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading has-text-align-center\"><a href=\"https:\/\/www.eventbrite.co.uk\/e\/can-ia-grc-professionals-be-inspired-into-a-role-in-strategy-delivery-tickets-1970540463572?aff=oddtdtcreator\" target=\"_blank\" rel=\"noopener\" title=\"\">Book onto the session here<\/a><\/h4>\n\n\n\n<p class=\"has-text-align-center\">(please note this includes a small donation to support our Social Enterprise)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/big-cic.org.uk\/conference\/\" target=\"_blank\" rel=\" noreferrer noopener\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"903\" height=\"199\" src=\"https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?resize=903%2C199&#038;ssl=1\" alt=\"\" class=\"wp-image-1806\" srcset=\"https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?w=903&amp;ssl=1 903w, https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?resize=300%2C66&amp;ssl=1 300w, https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?resize=768%2C169&amp;ssl=1 768w, https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?resize=150%2C33&amp;ssl=1 150w, https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/image.jpg?resize=480%2C106&amp;ssl=1 480w\" sizes=\"auto, (max-width:767px) 480px, (max-width:903px) 100vw, 903px\" \/><\/a><\/figure>\n\n\n\n<p>#Governance #OCRUM #BusinessIntegratedGovernance #BoardOversight #Assurance #RiskManagement #MissionCriticalObjectives #BIGCICConference<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cDoes your board receive reliable information on risk linked to your Mission Critical Objectives?\u201d Some would argue that Most boards would struggle to answer \u201cyes.\u201d The<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":6,"featured_media":1829,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28,17,15],"tags":[],"class_list":["post-1828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-conference","category-governance","category-news"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/big-cic.org.uk\/blog\/wp-content\/uploads\/2025\/10\/OCRUM.png?fit=979%2C724&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/comments?post=1828"}],"version-history":[{"count":4,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1828\/revisions"}],"predecessor-version":[{"id":2125,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1828\/revisions\/2125"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/media\/1829"}],"wp:attachment":[{"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/media?parent=1828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/categories?post=1828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/big-cic.org.uk\/blog\/wp-json\/wp\/v2\/tags?post=1828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}