Norman Marks will share his principles for effective risk management. It’s not about avoiding harm (“doom management”), it’s about achieving success. It’s about understanding what might happen, determining whether that’s OK, and then acting as needed. To be successful, you need to be making informed and intelligent decisions. Those are where risks are taken. That is how you optimize the likelihood and extent of success: achieving objectives.
We should avoid techno-babble and use the language of the business. Risk management can be considered effective when leaders of the organization and decision-makers at all levels assert that it is helping them be successful. The periodic review of a list of risks is a small part of risk management. It’s about helping leaders understand the likelihood of achieving objectives, not the out-of-context size of risks. Risk management is effective management!
Norman Marks, CPA, CRMA is a retired senior executive. He now works with individuals and organizations around the world, advising them on risk management, internal audit, corporate governance, enterprise performance, and the value of information. Norman was the chief audit executive of major global corporations for twenty years and is a globally-recognized thought leader in the professions of internal auditing and risk management. In addition, he served as chief risk officer, compliance officer, and ethics officer, and managed what would now be called the IT governance function (information security, contingency planning, methodologies, standards, etc.) He ran the Sarbanes-Oxley Section 404 (SOX) programs and investigation units at several companies.