First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

enterprise objectives

Insight into effective risk management

I need to draw your attention to a provocative piece by his firm (presumably by him): The risks of risk management. (My thanks go to Tim Leech for tweeting about it.)

 

, , , , ,

Time (again and still) for the IIA Standards to be correct

Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.

 

, , , , , , , , ,

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

Making intelligent decisions that consider cyber risk

Should the paradigm be changed from managing a list of cyber risks to helping the organization’s leaders take the right level of risk and manage the business for success?

 

, , ,

New COSO ERM Guidance for ESG

It is essential to provide leaders with actionable information. Simply rating a risk as high or valuing it at $250,000 is meaningless. Leaders need to be able to make decisions between addressing one risk vs another, and going forward with a project given all the uncertainties related to its success. For that they need clear, detailed information, not a simple risk rating.

 

, , ,

An idea to help drive effective risk management

We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment. What if the quality of decision-making was a significant factor in assessing performance? Thus affecting compensation and career progression. This idea could help drive effective risk management.

 

, , , , , , , ,

The state of information or cyber security today

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

 

, , , , , , , , , ,

Two words to transform discussions of risk management: risk to objectives

I have written extensively about the disconnect between risk practitioners and executives when it comes to risk management.

 

, , , , , , , ,