Risk Roundup - October 2018

October 15, 2018

Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for October 2018.

6 Signals That Your Last Internal Audit Hit a Home Run

There are unmistakable signs that an internal audit was a big success. This article identifies indicators that an​ internal audit report hit a home run, even though these aren’t the only signs that an internal audit was successful. The strongest signal that an internal audit was successful is often unique to the circumstances of the particular engagement. Read more

Mind Over Matter: Implementing Agile Internal Audit

Although the concepts of Agile Internal Audit (Agile IA), which emphasize fluidity over formality, are simple, putting them into action has been more difficult than some IA functions have anticipated. The decentralization of decision-making is key to Agile IA, and it can be a difficult switch to make. Read more

Agile Internal Audit

​​​​Writing an Impactful Audit Report: 6 Tips for Being More Persuasive

The ultimate objective of internal audit reporting is to persuade readers to take action. Impact is imperative, but not all internal auditors realize the difference that writing style can make to ensure corrective action is taken. This article includes recommendations that can help to ensure audit reports not only change minds but that they also create a call to action that gets results. Read more

What happens when you combine EHS and risk management? The best way to answer the question is to look at a real-life example and MOL Group, an integrated oil and gas company headquartered in Hungary, and present in over 30 countries with 26,000 workers. MOL is active in all areas of the industry, including upstream (exploration and production), midstream, downstream (refining and petrochemicals), and consumer services (retail, distribution and marketing).

Are Risk Registers Useful?

In this video, Alex Sidorenko explains why risk registers are not useful for communicating information about risks and what alternatives exist. Watch the video and see if you agree or disagree with Alex’s perspectives. Watch video


Risk Transfer – A Response Strategy for Limiting Damage from a Negative Event

If a risk falls outside of your risk tolerance, you need to determine how much is within your control and which elements of the risk are transferable. The first impulse is to obtain coverage for insurable risks. But insurance will only cover financial losses, not other impacts such as reputation, talent or lost-time. Also, insurance doesn’t reduce the risk, it just helps address the financial impacts should the covered event occur. There are two other options for transferring risks: outsourcing and partnerships. Read more

Risk Management and the Board of Directors

Corporate risk-taking and the monitoring of corporate risk remain prominently top of mind for boards of directors, investors, legislators and the media. Risk management is no longer simply a business and operational responsibility of management. It has also become a governance issue that is squarely within the oversight responsibility of the board. This memorandum highlights a number of issues that have remained critical over the years, and provides an update to reflect emerging and recent developments. Read more

Managing the Rising Threat of Geopolitical Risks

Geopolitical risks are posing an increasing threat to the global economy. Companies should consider how a variety of future scenarios may impact their ability to do business in any part of the world, and develop a more strategic approach to understanding geopolitical change. Risk managers can help their organizations consider geopolitics in their business strategy by using scenario planning and horizon scanning, making preparations and engaging with stakeholders and policymakers on local and national levels. Read more

How Boards Can Better Manage Disruptive Risks

Boards of directors tend to be diligent in overseeing risks that management has identified, but this focus can lead to blind spots and leave businesses vulnerable to disruptive risks triggered by new technologies changing the way people do business, economic and political uncertainties, or dramatic shifts in demand. These risks are defined as complex and fast-moving, and can have sudden and catastrophic effects. Read more

12 Questions for Monitoring Project Risks

Some project managers start their projects with a strong focus on risk management. However, somewhere along the way, they lose steam. They spend more time dealing with issues and implementing workarounds. This article provides questions that can help in monitoring project risks and achieve better results. Read more

Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!

View the recording of our webinar with COFACE to learn more about their GRC journey with Enablon, and how to centralize risk, control and assurance activities:

Webinar GRC Operational Excellence