First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management

What does your risk management activity seek to achieve?

It is essential to understand what an organization needs and how critical the management of risk is before settling on a design, let alone trying to implement or upgrade risk management.

 

, , , , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

The future of risk management

The Institute of Risk Management has a great feature where they have asked people around the world, including a number of luminaries, about the future of risk management.

 

, , , ,

Trusted advisors and world-class internal auditors

I was recently privileged to receive a signed copy of Richard Chambers’ latest book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Richard is the President and CEO of The Institute of Internal Auditors, a veteran of internal audit at the highest level, a friend, and an individual with whom I love to debate the practices of internal auditing and risk management. (I hope I am influencing his views on the imminent update of the COSO ERM Framework.)

 

, , , , ,

Can marketing and compliance share a playbook?

I recently read an article in the Winter 2017 MIT Sloan Management Review, Mastering the Market Intelligence Challenge (Chari, Luce & Thukral). In this work, the authors address how “many multinationals simply import their domestic models into emerging markets.” And whilst this work is directed towards those who deal with market intelligence in emerging markets, the conclusions drawn are equally applicable to those who face compliance challenges in such frontier regions.

 

, , , , , , , , , ,

Always-on risk and strategy management

Always-on strategy complements the annual [strategy] process by giving senior leadership a regular forum in which to monitor and discuss issues that warrant continual attention, including those identified during the annual process and during the course of the year.

 

, , , , ,

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

PwC does better on risk management

If you don’t focus on the achievement of objectives, but instead manage individual risks, how do you know whether you are likely to achieve them – or the possibility of exceeding them?

 

, , , , , ,

How do we make decisions? Where does ERM fit?

How do you make decisions in your personal life? How do you decide where to live, which car to buy, and where to go for lunch? For many of us, the last is the most difficult decision to make in a day! Consider your current situation and determine whether the decision is acceptable or not in the circumstances. Risk practitioners are often the voice of gloom in the decision-making process, pointing out what could go wrong. Balancing that with the positive outcomes can lead to effective decision-making.

 

, , , ,

Risk appetite in practice

From time to time, I am asked about the best risk management activity I have seen. Perhaps the best overall ERM was at SAP. I wouldn’t say it was perfect but it did include not only periodic reviews but the careful consideration of risk in every revenue transaction (including contracting) and development activity.

 

, , ,

Risk management in review

PwC’s latest Risk In Review study makes some very interesting points. It carries the title of “Managing risk from the front line” and I recommend downloading and reading it.

 

, , , , ,

The state of the internal audit profession

I don’t believe internal audit is “losing prestige”. My belief is that internal audit can and should do more to deliver the value that our stakeholders need. Unfortunately, internal audit at many if not most organizations does not have a lot of prestige and the argument should be about increasing rather than losing it.

 

, , ,

The current state of risk oversight: Useful or useless?

All the surveys, including this one, report that executives do not believe risk management practices at their organization are making a significant contribution to the development and execution of their strategies.

 

, , , , , , ,

How to mess up your risk management program

Does your risk management activity ‘check the box’, or does it help the organization succeed by making more intelligent and informed decisions?

 

, , , , ,

The current state of risk management

But here is the key question. If the leaders of the organization are not persuaded that risk management is adding value by enabling success, and believe that there are better ways to invest scarce resources, why should we surprised that the risk management activity is under–funded?

 

, , , , ,

Previous Posts