First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

So what if the risk is high?

Most organizations cannot afford to reduce every single risk to what some practitioners would deem acceptable. Providing actionable information about all the things that might happen, not by using terms like High, Medium, or Low, but in specific business terms will help evaluate which risks to take.

 

, , , , ,

Are you managing risk or are you managing the organization?

Stop managing risk – manage the business. Stop talking about accepting or managing risk and start talking about taking the right risks through informed and intelligent decisions.

 

, , , , ,

The board and enterprise culture

This article looks at the Board’s involvement in managing enterprise culture. In the corporate context, culture is a system of values, beliefs and behaviors that shape how things get done within the organization.

 

, , , , , , ,

New GRC guidance from OCEG might be missing a crucial point

GRC is “the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity”. A new Guide from OCEG, A Practical Guide About GRC Metrics and Measurement, says, a major part of GRC is about “break[ing] down silos between governance, strategy, performance management, risk management, compliance management, internal audit and other departments”.

 

, , , , ,

When liability waivers are upheld

This case illustrates that waivers can be a complete bar to the right to sue and that participants being provided a waiver have the option to opt out of the activity if they are not comfortable with solely bearing the risk associated with it.

 

, , , , ,

Reporting on risk to the board

Those charged with reporting on risk to the board and to the executive team should understand what they are trying to achieve, what information they need to be successful and how they can help.

 

, , , , , , ,

An idea to help drive effective risk management

We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment. What if the quality of decision-making was a significant factor in assessing performance? Thus affecting compensation and career progression. This idea could help drive effective risk management.

 

, , , , , , , ,

The updated ISO risk management standard merits our attention

Neither the ISO nor the COSO updates will, in my opinion, move the understanding and practice of ‘risk management’ to where they need to be. The updates are small steps when leaps were required.

 

, , , , ,

Risk visualization

Risk visualization can help executives make decisions not only to manage risks but to optimize outcomes and achieve objectives. I have to agree with the author of Are we witnessing the demise of the risk register (and the rise of risk visualisation)? He says, “I loathe risk registers”. So do, but for different reasons. He […]

 

, ,

How should you assess the effectiveness of risk management?

If an organization seeks to perform at world-class levels, it needs to have highly effective processes and practices for managing what might happen – risk.

 

, ,

Liability waivers: If in doubt, get a new one

There is a need for entities wishing to rely on liability waivers to ensure that the waivers are expertly drafted, that the purpose and limitations of liability waiver are understood by such entities and that such entities routinely review their waivers to ensure that they apply to all activities that might be engaged in by the parties executing such waivers.

 

, ,

Collaboration between the business risk and IT security teams

Take each of your business objectives and plans. Now, figure out what might result from a technology-related failure (noting that ‘technology’ extends beyond the IT function). Then, what are you going to do about it?

 

, , , , , ,

The worst audit report I have seen

I have seen a few candidates for this title, but one stands out. This is how I described it in my best-selling book, World-Class Internal Audit: Tales from my Journey:

 

, , , , ,

An example of game theory in risk management

One of the risks identified by many organizations as significant and included in the risk disclosures required in corporate filings, such as the annual and quarterly filings with the U.S. Securities and Exchange Commission, is the loss of key personnel.

 

, , ,

Previous Posts