risk – Exploring The Black Box

Risk versus risk sources

It has been quite a busy week, so I've not been able to write for the blog. I have, however, been reading a lot. While it was not primarily on my agenda, this article on risk management caught my eye. It makes a concise and very clear distinction between risks and risk sources. A recommended … Continue reading Risk versus risk sources

Risk and contextual limitations

The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations

Is goal management in a public sector environment relevant?

Just finished a discussion with a friend on whether it's possible to do goal management in a public sector environment. But before we go into that, perhaps I need to define a goal first. Defining a goal A goal in a public sector context is, in my book, the object of your efforts, the aim, … Continue reading Is goal management in a public sector environment relevant?

Just managing your risk impacts is rarely a good idea

Risk impact management complements risk exposure management Managing risk impacts is a common practice among risk practitioners. It is a recognized approach which, if used well, complements actions aimed at reducing the likelihood of occurrence of a risk. What is more disconcerting is finding out that risk impact management is all that is being done … Continue reading Just managing your risk impacts is rarely a good idea

Conducting a multi-location risk analysis for audit planning purposes in a small audit shop

The baseline As CAE of a small audit shop in a complex environment, I have to comply with the IIA standards like any other CAE. The performance standard for planning purposes is of course "2010 - Planning", which states that "The chief audit executive must establish risk-based plans to determine the priorities of the internal … Continue reading Conducting a multi-location risk analysis for audit planning purposes in a small audit shop

The advantages of risk and evidence based reengineering

I've expanded on a post I wrote for my old reengineering blog in 2010. Enjoy! I’ve seen a lot of failed reengineering attempts. There are a lot of reasons why reengineering exercises fail and it’s not the purpose of this blog post to evaluate all possible reasons. What I do want to discuss, briefly, is … Continue reading The advantages of risk and evidence based reengineering

Why sum formulas better reflect the risk appetite in calculating risk levels

How to determine a risk profile and calculate a level of risk? Introduction This is a significant rewrite and a first time write-up in English of an article I published in Dutch in May of 2009. I'm revisiting it because I had an interesting exchange with my ERM class at Solvay Brussels School last week, … Continue reading Why sum formulas better reflect the risk appetite in calculating risk levels

Reducing the effort of risk based internal audit planning

Risk based internal audit planningThe IIA's standards require us to prepare a risk based internal audit planning. However, if risk assessment and management is not (yet) embedded in your organization, it requires a concerted effort from the auditees to provide you with the relevant information. Given this is not necessarily a priority to them, are … Continue reading Reducing the effort of risk based internal audit planning

Working with inherent and residual risk

The internal audit perspectiveTo an internal auditor, a risk analysis is relevant because it provides information on the priorities within an audit universe. The auditor will look at all he has right to audit (the audit universe) and ask himself where his task, providing assurance, is best executed. You need to think this through: it’s … Continue reading Working with inherent and residual risk

The impact of simplification on residual risk

Red tape increases risksRed tape is likely to lead to increases in residual risk profiles of organizations. These organizations are overburdening their external and internal customers with these increases in rules and regulations they need to comply with. Contrary to their expectations, this will not lead to more care. The more rules exist, the more … Continue reading The impact of simplification on residual risk

Tag: risk