Risk management continues to fall short of expectations. Surveys show boards and senior executives believe risk management is important, but also reflect an overwhelming dissatisfaction with the implementation initiatives.
Adopt a Value Driven Approach to Risk
Recently, in an attempt to make risk management more relevant and sustainable, I wrote a blog aimed at focusing risk management on value driving activities of the business (“Driving Value with Risk Management”). My belief is that too much risk management activity is spent on identifying and …
Real success for risk management can only come from creating value. Yet risk management practices have largely failed the value add test.
What drives value in your business? To find out, you need to learn how equity analysts make buy/sell recommendations. Value drivers may not be tangible and they may not be on the balance sheet, but they’re very real.
For example, in the mining and metals industry, proven mineral reserves drive value. In the airline industry, one equity analyst concluded that the quality of …
In my last blog, Redefining the Role of Internal Audit: Avoiding Redundancy, I outlined the dangers auditors face if they don’t innovate and adapt to today’s technological advances. I also proposed that internal auditors should respond with a paradigm shift—from being in the auditing business to being in the knowledge business.
What would this new role for internal auditors look like? Let me suggest another definition:
The role of Internal Auditors is to create, interpret, and disseminate as widely as possible …
When circumstances change dramatically, but you just don’t see how the changes impact you personally or professionally, it’s wise to stop and reflect. It could be a sign that something profound is happening and you’re missing it.
This October 1st is the 105th anniversary of the introduction of the Model T Ford in 1908. The development of the transportation industry at the beginning of this century, I believe, is comparable to the technology innovations of the last few years. And I suggest that the …
According to European Commission estimates, EU countries lose more than €1 trillion a year to tax evasion and avoidance. In the U.S, unreported income costs the U.S. Treasury alone $250 billion or more a year in lost taxes, and the IRS estimated that 17% of Americans are fudging on their filings. With these alarming figures, it should come to no surprise this is becoming more and more of a priority topic in every Government’s agenda.
The reality today …
A year ago, my team conducted some research into risk management. We wanted to assess the state of risk management adoption, the role of technology, and the evolution of risk management practices.
We combined our research with that of others and issued an infographic illustrating our conclusions. To summarize, everyone thinks risk management is important. But “good enough” practices and technologies rule. Things are changing slowly and not necessarily for the better, if at all.
In this blog I want to assess the state …
I was in a meeting this week discussing with some colleagues how clients build a business case for acquiring governance, risk, and compliance solutions.
Many GRC professionals accept the concept of GRC, but struggle to justify the initiative, the investment, and the cultural changes required.
My colleagues and I agreed that the fundamental arguments used by clients to justify the benefits of GRC were a reduction in cost and an increase in efficiency. Rarely was there any attempt …
The Securities and Exchange Commission (SEC) has recently announced that it will require some defendants to choose between admitting to wrongdoing as a condition of settling securities fraud charges (thereby opening themselves up to potential civil litigation), or fighting the charges in court. Will the possibility of going to court or making an admission of guilt in out-of-court settlements require an adjustment to how organizations look at the cost of compliance?
The SEC is a civil enforcement agency whose …
Last week, I wrote a blog about the qualifications for a director who is relied on by the board as a risk expert.
One of the comments I received is that the same or similar list could be used to define the necessary attributes of an effective chief risk officer (CRO).
I think that is right, with special emphasis added in three areas:
The CRO has to have an excellent understanding of the business, the organization structure and key players, how …
I recently criticized organizations’ focus on GRC, suggesting instead that they ensure the individual building blocks of risk management, compliance, strategy, and performance management are brought up to at least a moderate level of maturity.
But, there is true value in considering GRC within your organization – without taking away from the points I made in that earlier post.
GRC refers to “a capability to reliably achieve objectives (governance & performance) while addressing uncertainty …