Category: risk management

Failing to plan = planning to fail

TL;DR Organisations have no brains. And even humans, with brains, can barely imagine unexpected risks. Making sure we are adequately prepared for potential risks requires a thorough exercise of risk assessment. Each project or program requires such an effort. However, we often neglect that. Not so obvious When I mention the very simple idea that … Continue reading Failing to plan = planning to fail

Why I use a static and a dynamic phase in a risk management approach?

This article is a rewrite of an article I originally wrote about six years ago on a now discontinued blog aptly titled “complexity risk management”. I am reviewing a paper on risk management and felt it relevant to update this post as an additional comment to one of my review points. Whenever I speak about … Continue reading Why I use a static and a dynamic phase in a risk management approach?

The real relevance of internal controls and their development

Mutual exclusivity? I'm hearing a lot of comments about the relevance and the redundancy of internal controls and especially internal controls development and internal controls training. A number of new management philosophies such as this one - pretty much unknown outside of the French speaking world, but mirrorred in philosophies such as the one of … Continue reading The real relevance of internal controls and their development

Risk management maturity – moving beyond risk registers?

An interesting article on risk register obsolescence I recently read this article by Michael Werneburg which was subsequently updated here. The article deals with the evolution of risk management in organisations beyond the use of risk registers into a risk mature organisation. It restates and reiterates a number of points that have been made by … Continue reading Risk management maturity – moving beyond risk registers?

Looking back – Risk management in the Belgian federal public sector

I wrote this article in 2012 for a foreign speaking engagement. It gives a short overview of risk management evolution in the Belgian federal government. When speaking about risk management, many people assume that the main drive started in 2004, after the publication of the long awaited COSO ERM. Quite often, public sector practices tend … Continue reading Looking back – Risk management in the Belgian federal public sector

Too few risks are identified, too many are managed

We don't want to know what can go wrong When I'm looking at a risk management implementation from an audit point of view, I often worry about two fundamentally opposite problems. On the one hand, I note that quite often the risk identification exercise is not conducted to ensure completeness. Often heard excuses are: "we … Continue reading Too few risks are identified, too many are managed

Risk and contextual limitations

The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations

The state of EWRM part III – Essential EWRM practices

Introduction We 've established in the prior two parts of this series of posts that current EWRM practices may lead to situations in which the original and ultimately responsible parties, the process owners, become disenfranchised and no longer own the responsibility of managing risks to their objectives, although this is a key responsibility. Process owners … Continue reading The state of EWRM part III – Essential EWRM practices