First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Risk management in review

riskPwC’s latest Risk In Review study makes some very interesting points. It carries the title of “Managing risk from the front line” and I recommend downloading and reading it.

I like how it begins (with emphasis added):

Today a collaborative approach to risk management with risk accountability sitting squarely in the first line of defence can be the key to greater organisational resiliency and growth. That means an engaged first line that makes risk decisions in alignment with strategy. It means a proactive second line that influences decision making through effective challenge and timely consultation and collaboration. And it means a diligent, independent third line focused on its core missions of protecting the organisation and delivering value.

This recognizes that risk is being taken every hour of every day by decision–makers across the extended organization.

This is emphasized in a quote:

Melissa Lea, SAP AG chief global compliance officer, says that at her organisation, that direct connection is paramount. “We’re very first–line heavy. The more we can get risk responsibility out into the field—first into management’s hands and then to employees to make sure they’re armed with the right expectations to make the right decisions—the more successful we’ll be. We try to get people—either on the ground, in-country, or with the best lines of sight into how a particular risk might materialise—to really own that mitigation approach.”

Is the report perfect? No. For example, they still seem to believe that a risk appetite statement can drive the business decisions that take risk at all levels of the organization. I don’t.

They also don’t emphasize reporting to top management and the board the likelihood of achieving each and all enterprise objectives (i.e., the aggregate effect of risk, positive and negative in terms of the likelihood of success).

But let’s give them some credit for the pieces they got right and hope the emphasis on decision–making extends to the update of the COSO ERM Framework.

I welcome your thoughts.

Follow me

Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more
Follow me

Latest posts by Norman D. Marks, CPA, CRMA (see all)

Send to Kindle

, , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.