Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for October 2018.
There are unmistakable signs that an internal audit was a big success. This article identifies indicators that an internal audit report hit a home run, even though these aren’t the only signs that an internal audit was successful. The strongest signal that an internal audit was successful is often unique to the circumstances of the particular engagement. Read more
Although the concepts of Agile Internal Audit (Agile IA), which emphasize fluidity over formality, are simple, putting them into action has been more difficult than some IA functions have anticipated. The decentralization of decision-making is key to Agile IA, and it can be a difficult switch to make. Read more
The ultimate objective of internal audit reporting is to persuade readers to take action. Impact is imperative, but not all internal auditors realize the difference that writing style can make to ensure corrective action is taken. This article includes recommendations that can help to ensure audit reports not only change minds but that they also create a call to action that gets results. Read more
What happens when you combine EHS and risk management? The best way to answer the question is to look at a real-life example and MOL Group, an integrated oil and gas company headquartered in Hungary, and present in over 30 countries with 26,000 workers. MOL is active in all areas of the industry, including upstream (exploration and production), midstream, downstream (refining and petrochemicals), and consumer services (retail, distribution and marketing).
In this video, Alex Sidorenko explains why risk registers are not useful for communicating information about risks and what alternatives exist. Watch the video and see if you agree or disagree with Alex’s perspectives. Watch video
If a risk falls outside of your risk tolerance, you need to determine how much is within your control and which elements of the risk are transferable. The first impulse is to obtain coverage for insurable risks. But insurance will only cover financial losses, not other impacts such as reputation, talent or lost-time. Also, insurance doesn’t reduce the risk, it just helps address the financial impacts should the covered event occur. There are two other options for transferring risks: outsourcing and partnerships. Read more
Corporate risk-taking and the monitoring of corporate risk remain prominently top of mind for boards of directors, investors, legislators and the media. Risk management is no longer simply a business and operational responsibility of management. It has also become a governance issue that is squarely within the oversight responsibility of the board. This memorandum highlights a number of issues that have remained critical over the years, and provides an update to reflect emerging and recent developments. Read more
Geopolitical risks are posing an increasing threat to the global economy. Companies should consider how a variety of future scenarios may impact their ability to do business in any part of the world, and develop a more strategic approach to understanding geopolitical change. Risk managers can help their organizations consider geopolitics in their business strategy by using scenario planning and horizon scanning, making preparations and engaging with stakeholders and policymakers on local and national levels. Read more
Boards of directors tend to be diligent in overseeing risks that management has identified, but this focus can lead to blind spots and leave businesses vulnerable to disruptive risks triggered by new technologies changing the way people do business, economic and political uncertainties, or dramatic shifts in demand. These risks are defined as complex and fast-moving, and can have sudden and catastrophic effects. Read more
Some project managers start their projects with a strong focus on risk management. However, somewhere along the way, they lose steam. They spend more time dealing with issues and implementing workarounds. This article provides questions that can help in monitoring project risks and achieve better results. Read more
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!
View the recording of our webinar with COFACE to learn more about their GRC journey with Enablon, and how to centralize risk, control and assurance activities: