What is a risk? It’s not what you think it is

If there is one thing I learned as a CRO, it is crucial to understand the nature of each and every risk we have to work with. I will no doubt write a separate article about the mistake of aggregating various risks into a risk register or attempting to use the same methodology to quantify… Continue reading What is a risk? It’s not what you think it is

Why Board Audit Committee is the worst place for risk management and having a separate Board Risk Committee is even worse

Over the last 10 years it became almost dogmatic that risk management effectiveness has to be disclosed at the Board level. It seems to be equally accepted that full Board is responsible for risk management oversight, who, however can and often do, delegate this oversight responsibility to the Audit Committee. This is in fact so… Continue reading Why Board Audit Committee is the worst place for risk management and having a separate Board Risk Committee is even worse

Projected Revenue Estimation from Crowdsourced Information on Statistical Errors

By Sam Savage (bio in sidebar) and Shayne Kavanagh (bio) It is difficult for municipal financial officers to accurately estimate their tax revenues, especially during uncertain times such as the recession of 2008 to 2010 and the current COVID-19 pandemic. Customarily forecasts are based on a single number, with no indication of its chances of… Continue reading Projected Revenue Estimation from Crowdsourced Information on Statistical Errors

Benoit Ladouceur – Five distributions that will immediately improve your risk analysis

“It may sound like modelling is a nearly mythical experience where you need to have a firm grasp of arcane mathematics and hermetic financial models to do simulations, but that’s just not the case,” said Benoit Ladouceur, specialist director enterprise risk at VIA Rail Canada. He was giving a practical presentation to an audience at… Continue reading Benoit Ladouceur – Five distributions that will immediately improve your risk analysis

ISO and COSO haven’t got a clue. You can and should quantify compliance risks

Every organisation is required to comply with laws within the countries it operates in, the legal and regulatory requirements vary between different regions adding to the need to have understanding and confidence in the risk management processes in place. Organisations face considerable uncertainty when making decisions and taking actions that may have significant compliance consequences. The management… Continue reading ISO and COSO haven’t got a clue. You can and should quantify compliance risks

Compliance Risk Management – Risk mitigation and reporting

Risk mitigation and trade-off The treatment of compliance risks refers to the corresponding strategies implemented by an organization to deal with its risks. A risk treatment plan should consider a range of treatment options, which may include legal remedies as well as financial, operational and reputational remedies for each prioritized risk. The following factors should… Continue reading Compliance Risk Management – Risk mitigation and reporting

Compliance Risk Management – Risk analysis (part 5)

Step 5. Measure the effect of risks on decisions In order to account for the uncertainty both in the consequences of each scenario and its weight, consequence distributions are multiplied by weight distributions using the Monte-Carlo simulation method. Normally 10000 simulation runs should be sufficient for most compliance risks, however more simulation runs may be… Continue reading Compliance Risk Management – Risk analysis (part 5)

Mark Powell – The lost art of building risk matrices and why they should be avoided

Risk matrices have been around for decades, but most people don’t build their own anymore. In fact, Mark Powell told an audience at Risk Awareness Week 2020 that he hadn’t met anybody in 25 years who had built a risk matrix from scratch, with many outsourcing the job to consultants instead. So why does this… Continue reading Mark Powell – The lost art of building risk matrices and why they should be avoided

Compliance Risk Management – Risk analysis (part 4)

Step 4. Allocate weights to each scenario In order to determine the weight allocated to each consequence scenario of events triggered by compliance risk, historical data, modelling, as well as expert opinions, can all be used, individually or in combination. Weight of each scenario can involve the following factors: the range of laws, along with… Continue reading Compliance Risk Management – Risk analysis (part 4)

Compliance Risk Management – Risk analysis (part 3)

Step 3. Determine the range of consequences for each scenario In order to quantitatively assess compliance risks the next step involves defining the possible range of values for each consequence scenario. Typical consequences can involve the following factors: Consequence scenario Range of consequences A.     Small fine for violation, for example a fine for three days… Continue reading Compliance Risk Management – Risk analysis (part 3)