Can one of the documents be more useful than the other? And if yes, useful for whom, risk practitioners, regulators, auditors or consultants? Or have both documents failed to account for the actual growth in the risk management maturity and will be looked at with disappointment by risk professionals? Should you, as a risk practitioner, even bother to read both documents? And what should you tell an external auditor next time he recommends adopting one of the documents?
I will try and answer all these questions in the upcoming free webinar: