First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management

How do we make decisions? Where does ERM fit?

How do you make decisions in your personal life? How do you decide where to live, which car to buy, and where to go for lunch? For many of us, the last is the most difficult decision to make in a day! Consider your current situation and determine whether the decision is acceptable or not in the circumstances. Risk practitioners are often the voice of gloom in the decision-making process, pointing out what could go wrong. Balancing that with the positive outcomes can lead to effective decision-making.

 

, , , ,

Risk appetite in practice

From time to time, I am asked about the best risk management activity I have seen. Perhaps the best overall ERM was at SAP. I wouldn’t say it was perfect but it did include not only periodic reviews but the careful consideration of risk in every revenue transaction (including contracting) and development activity.

 

, , ,

Risk management in review

PwC’s latest Risk In Review study makes some very interesting points. It carries the title of “Managing risk from the front line” and I recommend downloading and reading it.

 

, , , , ,

The state of the internal audit profession

I don’t believe internal audit is “losing prestige”. My belief is that internal audit can and should do more to deliver the value that our stakeholders need. Unfortunately, internal audit at many if not most organizations does not have a lot of prestige and the argument should be about increasing rather than losing it.

 

, , ,

The current state of risk oversight: Useful or useless?

All the surveys, including this one, report that executives do not believe risk management practices at their organization are making a significant contribution to the development and execution of their strategies.

 

, , , , , , ,

How to mess up your risk management program

Does your risk management activity ‘check the box’, or does it help the organization succeed by making more intelligent and informed decisions?

 

, , , , ,

The current state of risk management

But here is the key question. If the leaders of the organization are not persuaded that risk management is adding value by enabling success, and believe that there are better ways to invest scarce resources, why should we surprised that the risk management activity is under–funded?

 

, , , , ,

The value of a risk register

A risk register makes you feel good. It makes you feel you have accomplished something, a list of risks that might cause harm to the organization. It makes the executive team and the board feel that they can check the box: “do you have a risk management program? Yes.” But, does that risk register help people formulate and then execute the right strategies for the organization to deliver optimal value?

 

, , , ,

Risk in the fourth dimension

The word, a magic word with amazing power, is “why”. Let’s think of the power of this word when it comes to risk and risk management.

 

, ,

New guidance on operational risk

When an organization is focused on avoiding failure, it is very hard to be successful. Operational risk is basically about the things that can go wrong in day–to–day processes that can trip you up. It is impossible to eliminate such risk. The best you can hope for is to take a level of risk that is appropriate given the business and what it takes to be successful.

 

, , ,

How much cyber risk should an organization take?

I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.

 

, , , , , , , ,

Views on the future of risk management

James Lam has an impressive resume: Chief Risk Officer for major financial institutions, author of a respected book on ERM, consultant, and board member. Recently, he wrote a white paper that is available through RIMS or Workiva, Next Frontier: Performance-Based Continuous ERM. I think it is fair to say that James and I agree on many points but disagree on others.

 

, , , , ,

Competition law issues for HR Professionals in Canada

Competition law

A company’s HR functions, such as recruitment and compensation, are not typically regarded as antitrust “hot spots” (as opposed to sales and marketing). Recent cases in the United States, however, highlight how hiring practices can create the risk of competition law violations for companies and their HR personnel. Since Canadian competition law is similar to U.S. antitrust law in these respects, it is important that Canadian HR professionals be aware of these risks and protect themselves and their companies from exposure.

 

, , , , , , , , , , , , , , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Previous Posts