First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management

COSO ERM explains the flaw in risk appetite statements

Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.

 

, , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

 

, , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

How well did COSO address comments on the ERM draft?

My impression is that COSO only tinkered with the draft. But, have they done enough to move practices forward, in the right direction? Will this update change the percentage of executives answering the piercing question by Deloitte, “Does risk management support, at a high level, the ability to develop and execute business strategies”, up from 13% close to 80%?

 

, , , , , ,

Which are the best principles for effective risk management?

I will let you decide which is the best set of principles: which is clearer in setting expectations for the effective management of risk and which is better as a basis for assessing the maturity of risk management.

 

, , , ,

Is the COSO ERM update a success or failure?

Recently, COSO published an update to their 2004 ERM Framework. The product, retitled Enterprise Risk Management: Integrating with Strategy and Performance, is available from the AICPA or IIA.

 

, , , , ,

How good is your chief risk officer?

A chief risk officer requires certain characteristics to succeed at being the leader of risk management in any organization. This article provides a list of critical attributes for such a leader.

 

, , ,

A conversation about risk with a CEO

Leaving the word “risk” out of a risk discussion with an executive can prove to be a positive way forward when asking what can go right for a project rather than what might go wrong.

 

, , , ,

Linking risk management to results

The value that is created by an effective risk management is the confidence of the board and decision-makers in the information they use to make decisions.

 

, , ,

Six principles for effective risk management

In World-Class Risk Management, I review the eleven principles in the ISO 31000:2009 global risk management standard and condense them to just six.

 

, , , , , , ,

PwC confuses boards on risk oversight

The report from PwC has a useful discussion about whether the organization’s disclosures about risk are complete and sufficient to satisfy investors.

 

, ,

Two words to transform discussions of risk management: risk to objectives

I have written extensively about the disconnect between risk practitioners and executives when it comes to risk management.

 

, , , , , , , ,

Positioning risk management to succeed

Jim DeLoach of Protiviti is an old friend. We enjoy discussing risk management over a meal, finding that we agree on far more than we disagree. Where we do disagree, it may be more by way of expressing ourselves, or due to our different positions and perspectives. His work always, in my experience, merits our careful attention and reflection. Jim recently wrote Positioning Independent Risk Management to Succeed: 6 Ways to Support the CRO.

 

, , ,

Internal audit and ERM accused of failing to hit the mark

The consulting firm CEB (now part of Gartner) published a piece in 2014, Executive Guidance: Reducing Risk Management’s Organizational Drag. It has been used recently to support an argument by a critic that both internal audit and ERM are failing.

 

, , , ,

Previous Posts Next posts