First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

enterprise objectives

Making intelligent decisions that consider cyber risk

Should the paradigm be changed from managing a list of cyber risks to helping the organization’s leaders take the right level of risk and manage the business for success?

 

, , ,

New COSO ERM Guidance for ESG

It is essential to provide leaders with actionable information. Simply rating a risk as high or valuing it at $250,000 is meaningless. Leaders need to be able to make decisions between addressing one risk vs another, and going forward with a project given all the uncertainties related to its success. For that they need clear, detailed information, not a simple risk rating.

 

, , ,

An idea to help drive effective risk management

We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment. What if the quality of decision-making was a significant factor in assessing performance? Thus affecting compensation and career progression. This idea could help drive effective risk management.

 

, , , , , , , ,

The state of information or cyber security today

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

 

, , , , , , , , , ,

Two words to transform discussions of risk management: risk to objectives

I have written extensively about the disconnect between risk practitioners and executives when it comes to risk management.

 

, , , , , , , ,