Since I started working in GRC software, and actually even some time before when working on audit topics, a recurring concept has been risk-based auditing or similar denomination.
The intent here is to focus the audit function on the riskiest parts of the company in order to ensure that all high-profile risks are reviewed regularly, correctly monitored, and so on to protect the business from operational surprises.
Nevertheless, audit isn’t the only function that focuses its efforts on high-profile risk areas. Internal control and compliance departments have a similar approach, but called risk-based compliance, applied notably when performing a …
Business activity monitoring (BAM) and business process management (BPM) are great ideas that have been around for quite some time. They have also developed significantly since the early 2000s, giving birth to a number of tools and technology solutions to support companies’ BAM/BPM programs. However, implementing these programs and the related tools has proved challenging to say the least. Not uncommonly, large, costly BAM/BPM projects have been abandoned by several companies for lack of results and insurmountable hurdles like integration issues, customization efforts, maintenance nightmares, and so on.
Mounting External Pressures
In parallel, external impositions have increased on companies …
Now there’s a sentence I have heard many, many times! I believe this assumption comes from the association that risk management equals management of compliance risks, which applies mostly to regulated companies or public companies.
As we’ve already discussed many times in these blogs, this is a misconception – compliance risks only compose one risk category that deserves to be managed. It certainly doesn’t define a complete risk management scope.
All companies manage risks since they’re inherent to any production or service delivery activity. For instance, small and medium enterprises (SMEs) might manage:
Treasury risks: suppliers and employees aren’t …
The Art of Speed: 2009
About five years ago, I was sitting beside a pool in Palm Springs while on a winter vacation when my phone rang. It was one of my credit card providers calling to tell me my credit card had been stolen. That’s right, they were telling me – not asking me.
They explained that over the previous four days, my card had been used at a college bookstore and a college pub, and several other places I had not ever frequented, even though I routinely traveled around the world on business. The expenditures were modest, probably …
I was sitting in my backyard yesterday, which overlooks a golf course in Anthem, Arizona, and my mind was wandering as I thought about the topic for my next blog. Just for the fun of it, I thought about some key aspects of golf that might be applicable to governance, risk, and compliance. If you are a golfer, you’ve probably heard some of this before—but I’m guessing you’ve never heard this applied to GRC.
Perhaps the US Golf Association (USGA) says it best in an excerpt from The Human Element:
“Golf is …
My Fictional Day Begins…. By Carla
After I drag myself out of bed and finish my morning ablutions, I sit down with coffee and cereal to read the latest Federal Register followed by Compliance Today and a few industry publications. I make notes as I go of any regulation changes relevant to my job. You see, the company is extremely interested in avoiding compliance risk—and to be honest, it makes my work life miserable.
Oh, pardon me, I should introduce myself. I am Carla Franco, a working manager of a purchasing team within a large global enterprise. I can’t …
A number of years ago, while living near Houston, Texas and working for a major oil company as an audit director, I joined the local volunteer fire department in my community.
As a new member, I was assigned the task of carrying out a fire inspection at our local middle school. I was part of a team that included more highly-trained fellow volunteers.
Auditing Fire Risks
Being an experienced auditor, I was certain I was up to the task. I knew all about controls and I thought that knowledge would come in handy. My plans were to meet up …
Often, when looking at historical events and time periods, I try and imagine what it would have been like to live then and to have my perspectives influenced by the opportunities and challenges of the day. What would have been my reactions, for example, to experiencing the Prohibition of the 1920s, to having the Bible made available to the masses, to living under fascism, or to seeing the end of slavery?
Not having lived during those times, it can be easy to make allusions (or casual references) to the difficult and challenging periods as if they simply live in …
Recently, I had a chance to watch one of those old, French cult movies of the 60s from the recently deceased director Georges Lautner (an institution in France) entitled “Ne nous fâchons pas” (Let’s not get angry).
In one scene, the main male character seeks to engage in business with a rich (and wary) heiress. To gain her confidence, he tells her: “People always tend to see gangsters as stocky, dark-haired guys. It’s the silliest prejudice!” To which she answers, “And I have another one for you—they tend to think that a tall, blond woman is inevitably daft… Missed!”