Can one of the documents be more useful than the other? And if yes, useful for whom, risk practitioners, regulators, auditors or consultants? Or have both documents failed to account for the actual growth in the risk management maturity and will be looked at with disappointment by risk professionals? Should you, as a risk practitioner, even bother to read both documents? And what should you tell an external auditor next time he recommends adopting one of the documents?
I will try and answer all these questions in the upcoming free webinar:
Check out other risk management books
RISK-ACADEMY offers online courses
Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!
ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.
Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.
Hello Alex,
Just wanted to know why you always focus on ISO 31000 applicability on non-financial companies. In your opinion, do you feel that COSO ERM 2017 is a more suitable framework than ISO 31000 for financial companies and why?
Of course not, coso erm is rubbish for any industry. The only reason why I always say applicable to non financial is because I never worked in a bank and feel I have no right to comment on risk management in fs