First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

objectives

Which comes first, risk or control?

Can you assess the overall system of internal controls without considering risk management? I don’t think so, and neither does COSO. That is why there is a risk component in their internal control framework.

 

, , ,

Risk and the lemonade stand: how it matters in the simplest settings

This is a ‘risk management’ challenge. What are the parents’ objectives and how would you go about assessing whether the likelihood of achieving them is acceptable and, if not, what actions to take?

 

, , ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

Those lists of greatest risks all miss the BIG one

When something goes wrong, 99.999999% of the time it’s because somebody made a poor decision (at least in hindsight). The risks associated with a poor decision could have major ramifications.

 

, , ,

Two words to transform discussions of risk management: risk to objectives

I have written extensively about the disconnect between risk practitioners and executives when it comes to risk management.

 

, , , , , , , ,