First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Key principles of successful risk management

the five key principles of successful risk management according to Jim DeLoach are presented and discussed in this article.

successful risk managementFirst, let’s congratulate Jim DeLoach for his recent recognition by the National Association of Corporate Directors. He received their Directorship 100 award this week.

Now, let’s look at his latest risk management post.

His 5 Key Principles of Successful Risk Management are:

  1. Integrity to the discipline of risk management
  2. Constructive board engagement
  3. Effective risk positioning
  4. Strong risk culture
  5. Appropriate incentives


Each is important.

But are they the key to successful risk management?

Are they half as good as the principles in ISO 31000:2009 or in World-Class Risk Management? The latter are:

  1. Risk management enables management to make intelligent decisions when setting strategy, planning, making decisions, and in the daily management of the organization. It provides reasonable assurance that performance will be optimized, objectives achieved, and desired levels of value delivered to stakeholders.
  2. Risk management provides decision-makers with reliable, current, timely, and actionable information about the uncertainty that might affect the achievement of objectives.
  3. Risk management is dynamic, iterative and responsive to change.
  4. Risk management is systematic and structured.
  5. Risk management is tailored to the needs of the organization and updated/upgraded as needed. This takes into account the culture of the organization, including how decisions are made, and the need to monitor the program itself and continually improve it.
  6. Risk management takes human factors (that may present the possibility of failures to properly identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance they are overcome.

How about these?

  1. Focus on enabling success rather than avoiding failure
  2. Help everybody make informed and intelligent decisions, understanding what might happen and acting accordingly
  3. Obtain reasonable assurance that people are making quality decisions and taking the right risks

The rest is detail.

Somehow, we need to move the practice away from a periodic review of a list of risks (which Jim refers to as enterprise list management) and to increasing the likelihood and extent of success.

I welcome your thoughts and commentary.

Follow me

Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more
Follow me

Latest posts by Norman D. Marks, CPA, CRMA (see all)

, , , ,

Comments are currently closed.