TL;DR Organisations have no brains. And even humans, with brains, can barely imagine unexpected risks. Making sure we are adequately prepared for potential risks requires a thorough exercise of risk assessment. Each project or program requires such an effort. However, we often neglect that. Not so obvious When I mention the very simple idea that … Continue reading Failing to plan = planning to fail
This article is a rewrite of an article I originally wrote about six years ago on a now discontinued blog aptly titled “complexity risk management”. I am reviewing a paper on risk management and felt it relevant to update this post as an additional comment to one of my review points. Whenever I speak about … Continue reading Why I use a static and a dynamic phase in a risk management approach?
Mutual exclusivity? I'm hearing a lot of comments about the relevance and the redundancy of internal controls and especially internal controls development and internal controls training. A number of new management philosophies such as this one - pretty much unknown outside of the French speaking world, but mirrorred in philosophies such as the one of … Continue reading The real relevance of internal controls and their development
An interesting article on risk register obsolescence I recently read this article by Michael Werneburg which was subsequently updated here. The article deals with the evolution of risk management in organisations beyond the use of risk registers into a risk mature organisation. It restates and reiterates a number of points that have been made by … Continue reading Risk management maturity – moving beyond risk registers?
It has been quite a busy week, so I've not been able to write for the blog. I have, however, been reading a lot. While it was not primarily on my agenda, this article on risk management caught my eye. It makes a concise and very clear distinction between risks and risk sources. A recommended … Continue reading Risk versus risk sources
I wrote this article in 2012 for a foreign speaking engagement. It gives a short overview of risk management evolution in the Belgian federal government. When speaking about risk management, many people assume that the main drive started in 2004, after the publication of the long awaited COSO ERM. Quite often, public sector practices tend … Continue reading Looking back – Risk management in the Belgian federal public sector
What is a risk register? A risk register is an as complete as possible overview of all the risks that may potentially impact an activity, a process, a division or an entire organization within the scope of a risk assessment. What is the purpose of a risk register? A risk register is a tool to … Continue reading How to build a risk trigger list