It has been quite a busy week, so I've not been able to write for the blog. I have, however, been reading a lot. While it was not primarily on my agenda, this article on risk management caught my eye. It makes a concise and very clear distinction between risks and risk sources. A recommended … Continue reading Risk versus risk sources
The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations
Just finished a discussion with a friend on whether it's possible to do goal management in a public sector environment. But before we go into that, perhaps I need to define a goal first. Defining a goal A goal in a public sector context is, in my book, the object of your efforts, the aim, … Continue reading Is goal management in a public sector environment relevant?
Risk impact management complements risk exposure management Managing risk impacts is a common practice among risk practitioners. It is a recognized approach which, if used well, complements actions aimed at reducing the likelihood of occurrence of a risk. What is more disconcerting is finding out that risk impact management is all that is being done … Continue reading Just managing your risk impacts is rarely a good idea
The baseline As CAE of a small audit shop in a complex environment, I have to comply with the IIA standards like any other CAE. The performance standard for planning purposes is of course "2010 - Planning", which states that "The chief audit executive must establish risk-based plans to determine the priorities of the internal … Continue reading Conducting a multi-location risk analysis for audit planning purposes in a small audit shop
I've expanded on a post I wrote for my old reengineering blog in 2010. Enjoy! I’ve seen a lot of failed reengineering attempts. There are a lot of reasons why reengineering exercises fail and it’s not the purpose of this blog post to evaluate all possible reasons. What I do want to discuss, briefly, is … Continue reading The advantages of risk and evidence based reengineering
How to determine a risk profile and calculate a level of risk? Introduction This is a significant rewrite and a first time write-up in English of an article I published in Dutch in May of 2009. I'm revisiting it because I had an interesting exchange with my ERM class at Solvay Brussels School last week, … Continue reading Why sum formulas better reflect the risk appetite in calculating risk levels