Risk and contextual limitations

The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations

Is goal management in a public sector environment relevant?

Just finished a discussion with a friend on whether it's possible to do goal management in a public sector environment. But before we go into that, perhaps I need to define a goal first. Defining a goal A goal in a public sector context is, in my book, the object of your efforts, the aim, … Continue reading Is goal management in a public sector environment relevant?

Just managing your risk impacts is rarely a good idea

Risk impact management complements risk exposure management Managing risk impacts is a common practice among risk practitioners. It is a recognized approach which, if used well, complements actions aimed at reducing the likelihood of occurrence of a risk. What is more disconcerting is finding out that risk impact management is all that is being done … Continue reading Just managing your risk impacts is rarely a good idea

Conducting a multi-location risk analysis for audit planning purposes in a small audit shop

The baseline As CAE of a small audit shop in a complex environment, I have to comply with the IIA standards like any other CAE. The performance standard for planning purposes is of course "2010 - Planning", which states that "The chief audit executive must establish risk-based plans to determine the priorities of the internal … Continue reading Conducting a multi-location risk analysis for audit planning purposes in a small audit shop

The advantages of risk and evidence based reengineering

I've expanded on a post I wrote for my old reengineering blog in 2010. Enjoy! I’ve seen a lot of failed reengineering attempts. There are a lot of reasons why reengineering exercises fail and it’s not the purpose of this blog post to evaluate all possible reasons. What I do want to discuss, briefly, is … Continue reading The advantages of risk and evidence based reengineering

Why sum formulas better reflect the risk appetite in calculating risk levels

How to determine a risk profile and calculate a level of risk? Introduction This is a significant rewrite and a first time write-up in English of an article I published in Dutch in May of 2009. I'm revisiting it because I had an interesting exchange with my ERM class at Solvay Brussels School last week, … Continue reading Why sum formulas better reflect the risk appetite in calculating risk levels