‘Stick close to your desks and never go to sea, And you all may be rulers of the Queen’s Navy’
The chorus of “Sir Joseph Porter’s Song” above, taken from the Gilbert and Sullivan operetta H. M. S. Pinafore, is a satire said to be based on William Henry Smith (1825-91), the Victorian businessman who made a fortune through expanding his father’s bookselling business into a national chain which still thrives today as WH Smith. Like many successful businessmen William entered Parliament …
Risk management continues to fall short of expectations. Surveys show boards and senior executives believe risk management is important, but also reflect an overwhelming dissatisfaction with the implementation initiatives.
Adopt a Value Driven Approach to Risk
Recently, in an attempt to make risk management more relevant and sustainable, I wrote a blog aimed at focusing risk management on value driving activities of the business (“Driving Value with Risk Management”). My belief is that too much risk management activity is spent on identifying and …
In my last blog, Redefining the Role of Internal Audit: Avoiding Redundancy, I outlined the dangers auditors face if they don’t innovate and adapt to today’s technological advances. I also proposed that internal auditors should respond with a paradigm shift—from being in the auditing business to being in the knowledge business.
What would this new role for internal auditors look like? Let me suggest another definition:
The role of Internal Auditors is to create, interpret, and disseminate as widely as possible …
A year ago, my team conducted some research into risk management. We wanted to assess the state of risk management adoption, the role of technology, and the evolution of risk management practices.
We combined our research with that of others and issued an infographic illustrating our conclusions. To summarize, everyone thinks risk management is important. But “good enough” practices and technologies rule. Things are changing slowly and not necessarily for the better, if at all.
In this blog I want to assess the state …
I was in a meeting this week discussing with some colleagues how clients build a business case for acquiring governance, risk, and compliance solutions.
Many GRC professionals accept the concept of GRC, but struggle to justify the initiative, the investment, and the cultural changes required.
My colleagues and I agreed that the fundamental arguments used by clients to justify the benefits of GRC were a reduction in cost and an increase in efficiency. Rarely was there any attempt …
Last week, I wrote a blog about the qualifications for a director who is relied on by the board as a risk expert.
One of the comments I received is that the same or similar list could be used to define the necessary attributes of an effective chief risk officer (CRO).
I think that is right, with special emphasis added in three areas:
The CRO has to have an excellent understanding of the business, the organization structure and key players, how …
My good friend, Michael Rasmussen, is perhaps the father of the term GRC and styles himself as the GRC Pundit. He has an excellent web site that I wholeheartedly recommend and one of his latest posts is on the subject of 2013 GRC Drivers and Trends.
I share with Michael and many others the belief that the term GRC refers to “a capability to reliably achieve objectives (governance & performance) while addressing uncertainty (risk management) and acting with integrity (compliance)”. This is …
There are many ways people rationalize away risk when it comes to their companies. Ever heard someone say, “We don’t manufacture a tangible product, therefore, we’re not at risk for global trade violations”? Or, “We only sell to domestic markets.” Or even, “Our product is simple and clearly for civilian use, so it poses no military threat.” Assumptions like these could be putting your company at extreme risk.
Screening Business Partners Is Good
Companies that do any type of business must, at a minimum, screen …
I truly believe that amazing developments are arriving that will make future decision-making far more effective. I want to talk about two in this post; admittedly one is more a hope and the other more a prediction.
The prediction can be expressed this way:
In the near future, which is getting nearer every day, decision-makers will have moved from an experience-based process to an information-based process. They will have reliable, useful information delivered to the palm of their hand in near real time that will let them …
Help Wanted: Risk Owner Position Available
I’d like to consider for a moment the concept of risk ownership. ISO 31000 defines a risk owner as a “person or entity with the accountability and authority to manage a risk.” I’ve seen risk registers listing risk owners, but I don’t think I’ve ever met anybody who proudly proclaimed they were a risk owner.
I have never read a resume with a list of risks owned by a job applicant.
I have never seen a course at any level that …