First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more

Linking risk management to results

The value that is created by an effective risk management is the confidence of the board and decision-makers in the information they use to make decisions.

 

, , ,

Six principles for effective risk management

In World-Class Risk Management, I review the eleven principles in the ISO 31000:2009 global risk management standard and condense them to just six.

 

, , , , , , ,

PwC confuses boards on risk oversight

The report from PwC has a useful discussion about whether the organization’s disclosures about risk are complete and sufficient to satisfy investors.

 

, ,

Two words to transform discussions of risk management: risk to objectives

I have written extensively about the disconnect between risk practitioners and executives when it comes to risk management.

 

, , , , , , , ,

Positioning risk management to succeed

Jim DeLoach of Protiviti is an old friend. We enjoy discussing risk management over a meal, finding that we agree on far more than we disagree. Where we do disagree, it may be more by way of expressing ourselves, or due to our different positions and perspectives. His work always, in my experience, merits our careful attention and reflection. Jim recently wrote Positioning Independent Risk Management to Succeed: 6 Ways to Support the CRO.

 

, , ,

Internal audit and ERM accused of failing to hit the mark

The consulting firm CEB (now part of Gartner) published a piece in 2014, Executive Guidance: Reducing Risk Management’s Organizational Drag. It has been used recently to support an argument by a critic that both internal audit and ERM are failing.

 

, , , ,

What does your risk management activity seek to achieve?

It is essential to understand what an organization needs and how critical the management of risk is before settling on a design, let alone trying to implement or upgrade risk management.

 

, , , , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

The future of risk management

The Institute of Risk Management has a great feature where they have asked people around the world, including a number of luminaries, about the future of risk management.

 

, , , ,

Trusted advisors and world-class internal auditors

I was recently privileged to receive a signed copy of Richard Chambers’ latest book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Richard is the President and CEO of The Institute of Internal Auditors, a veteran of internal audit at the highest level, a friend, and an individual with whom I love to debate the practices of internal auditing and risk management. (I hope I am influencing his views on the imminent update of the COSO ERM Framework.)

 

, , , , ,

Always-on risk and strategy management

Always-on strategy complements the annual [strategy] process by giving senior leadership a regular forum in which to monitor and discuss issues that warrant continual attention, including those identified during the annual process and during the course of the year.

 

, , , , ,

PwC does better on risk management

If you don’t focus on the achievement of objectives, but instead manage individual risks, how do you know whether you are likely to achieve them – or the possibility of exceeding them?

 

, , , , , ,

Deloitte on internal audit and the path forward

Nine areas of focus have come out of the results of Deloitte’s latest survey of chief audit executives (CAEs) with recommendations for action. The survey, which has been widely reported, indicated that in the opinion of the responding CAEs only 28% of them “believe their functions have strong impact and influence in their organizations, while 16 percent felt that Internal Audit has little to no impact and influence”.

 

, , ,

How do we make decisions? Where does ERM fit?

How do you make decisions in your personal life? How do you decide where to live, which car to buy, and where to go for lunch? For many of us, the last is the most difficult decision to make in a day! Consider your current situation and determine whether the decision is acceptable or not in the circumstances. Risk practitioners are often the voice of gloom in the decision-making process, pointing out what could go wrong. Balancing that with the positive outcomes can lead to effective decision-making.

 

, , , ,

Risk appetite in practice

From time to time, I am asked about the best risk management activity I have seen. Perhaps the best overall ERM was at SAP. I wouldn’t say it was perfect but it did include not only periodic reviews but the careful consideration of risk in every revenue transaction (including contracting) and development activity.

 

, , ,

Previous Posts Next posts