Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for August 2018.
The updated COSO framework recommends coordinating the ERM process with the strategy formulation dimension. Predefining and integrating risk at the strategic planning level would be truly preventive in nature as it would spotlight risks at an early stage before they become much bigger problems. New business models or major corporate initiatives would have to be evaluated to see not only if they fit the company’s risk appetite, but also whether they are aligned with its mission, vision and values. Read more
Integrating risk management with strategic and operational priorities is a struggle for many companies, but opening communication channels among the different executives overseeing risk, strategy, and operations is an important starting point. When executives with risk responsibility view risk through the lens of business leaders and help the business understand the risks that could get in the way of achieving their goals, the dialogue and the impact to the business can become even stronger. Read more
Bonnie Hancock, Executive Director of the ERM Initiative at NC State University, interviews Fred Stuckel, Vice President, Enterprise Risk Management and Audit at Express Scripts Holding Company, about how his organization identifies and evaluates emerging risks. Watch video
Rolling up operational risks from all sites or divisions to the corporate level is not enough. There must also be a calibration of risk ratings. An operational risk at a specific facility or unit may have a “high” or “critical” priority, but it may have a “low” or “medium” one at the enterprise level. The exact same risk can have a different rating at the operational level and the enterprise level.
In order to have successful risk management, you must first have a successful risk identification process. A key part to identifying threats and opportunities is making sure you involve the right people in the process. Understanding the type of risks, or subject matter, is the big question you will need to answer first as it will drive who should be involved in the process. Read more
The UK National Audit Office (NAO) has published advice on how to manage the risk of spiralling costs in large projects, which are often high profile, complex and technically difficult. The NAO is responsible for scrutinizing the UK government’s portfolio of major projects. While the advice is mainly focused around government initiatives, it contains valuable insight for any business thinking of committing to a major undertaking. Read more
The measurement of the effectiveness of controls is important for the management of risks, but it also needs to relate to the achievement of organizational outcomes. This article uses the example of call centers to show that there is a direct correlation between the effectiveness of controls and organizational performance. Both output and outcome measures are needed to have a truly holistic performance framework. Read more
Stakeholder support is vital to internal auditing’s ability to add value and contribute to the organization. When chief audit executives and their staff are not meeting stakeholder expectations, there are typically signs or early indications that the support that they might have enjoyed in the past is starting to slip. Read more
Few skills are more essential for internal auditors than knowing how to ask the right questions. With effective questioning skills, internal auditors can build rapport, strengthen understanding, and encourage openness. Without these skills, they can damage working relationships or overlook essential information. Read more
To stay prepared, organizations must expect the unexpected. Business Continuity Planning addresses the need to have contingency plans in place to deal with potential threats that can turn an organization on its head. As a risk manager, CEO, or any party responsible for the long-term success of an organization, you need to have a plan in place to clearly outline what you would do if the worst were to happen. Read more
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!