But here is the key question. If the leaders of the organization are not persuaded that risk management is adding value by enabling success, and believe that there are better ways to invest scarce resources, why should we surprised that the risk management activity is under–funded?
Even though both COSO ERM and ISO 31000:2009 are evolving, moving to a greater emphasis on decision-–making and the setting and execution of strategy, the practice of managing risk continues to lag. I have written in my blogs and spoken in person to thought leaders involved in both COSO ERM and ISO 31000 updates about the need to take a huge leap forward. When the practice is seen as failing to contribute to success, and limited to a compliance function, something dramatic has to happen.
How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?
The King Code of Corporate Governance has been a fine source of principles and practice for governance, including risk, assurance, and compliance, ever since its initial release. In this post, I want to talk about two areas I find interesting in the draft Code.
Ultimately, a Shareholders’ Agreement is a method of managing risk and establishing mechanisms to resolve problems before they arise.
Anti-fraud controls mainly apply to the general area of accounting (purchasing, revenue, payroll, banking and treasury, inventory, assets, etc.), but they will also involve many specific areas of operations, such as sales, payments, expenses, receivables, travel, suppliers, taxes, promotions and much more.
Over the past half century, a great deal of literature has appeared in Canada and the United States about how to design, document and assess internal controls. First Reference has built upon the most current internal control authorities to provide organizations with practical tools for designing and evaluating controls.
I have the privilege of offering our readers information on a diverse range of important topics that few people really want to talk about, like tax risk.