First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management

Emerging risks: who is watching?

Who should be alert and watching for emerging risks: things that might happen (a better expression than the ‘R’ word, ‘risk’, because of its negative impression) that might affect the achievement of enterprise objectives?

 

, ,

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

New COSO ERM Guidance for ESG

It is essential to provide leaders with actionable information. Simply rating a risk as high or valuing it at $250,000 is meaningless. Leaders need to be able to make decisions between addressing one risk vs another, and going forward with a project given all the uncertainties related to its success. For that they need clear, detailed information, not a simple risk rating.

 

, , ,

Is your ERM program as useful as a GPS?

An ERM program. like a GPS, helps with making informed and (hopefully) intelligent decisions so that objectives can be reached safely and on time.

 

, , ,

Why do we need risk management?

Risk management is about helping an organization achieve its objectives in the face of uncertainty.

 

, ,

An ounce of preparation

There is no need to reinvent the wheel in this crisis management initiative. There are many resources online and common-sense articles, checklists and manuals about crisis management.

 

, , , , , , , , , ,

Reporting on risk to the board

Those charged with reporting on risk to the board and to the executive team should understand what they are trying to achieve, what information they need to be successful and how they can help.

 

, , , , , , ,

The updated ISO risk management standard merits our attention

Neither the ISO nor the COSO updates will, in my opinion, move the understanding and practice of ‘risk management’ to where they need to be. The updates are small steps when leaps were required.

 

, , , , ,

One objective but multiple risks

Some organizations and consultants are wedded to the idea that the level of risk can be quantified and calculated as the magnitude of a potential effect (or consequence) multiplied by its likelihood.

 

, , ,

Risk visualization

Risk visualization can help executives make decisions not only to manage risks but to optimize outcomes and achieve objectives. I have to agree with the author of Are we witnessing the demise of the risk register (and the rise of risk visualisation)? He says, “I loathe risk registers”. So do, but for different reasons. He […]

 

, ,

It’s not about risk management – it’s about the achievement of objectives

I have said many times that it’s not about managing risks: it’s about managing the achievement of objectives. It’s about being successful. Success is measured through the achievement of specified objectives. We improve the likelihood and extent of success if we understand what might happen, both good and bad, as we strive to achieve our […]

 

, , ,

How should you assess the effectiveness of risk management?

If an organization seeks to perform at world-class levels, it needs to have highly effective processes and practices for managing what might happen – risk.

 

, ,

New initiatives to hold companies accountable for human rights violations abroad

On January 17, 2018, the federal government announced two new initiatives to hold Canadian companies doing business and operating abroad accountable for human rights violations abroad.

 

, , , , , , , , , , , ,

An example of game theory in risk management

One of the risks identified by many organizations as significant and included in the risk disclosures required in corporate filings, such as the annual and quarterly filings with the U.S. Securities and Exchange Commission, is the loss of key personnel.

 

, , ,

Identifying, assessing, and evaluating risk is the easy part

COSO ERM 2017 talks about strategy selection, which is a very important decision, and how you need to assess each option. The selection process includes understanding what might happen under each option (risks and opportunities in their language), weighing all the pros and cons, and then choosing the one that makes the most business sense.

 

, , , , , , ,

Previous Posts