CRO DIARIES – Using bow-ties for compliance risks with David Tattam

Join Alex Sidorenko, CRO EuroChem, and David Tattam, Chief of Research, Knowledge and Consulting, Protecht, to talk about using bow-ties diagrams for compliance risks. This will be useful, entertaining and highly practical. ISO and COSO have got it wrong when it comes to compliance risks. You can and should quantify compliance risks. Every organisation is… Continue reading CRO DIARIES – Using bow-ties for compliance risks with David Tattam

Compliance Risk Management – Risk mitigation and reporting

Risk mitigation and trade-off The treatment of compliance risks refers to the corresponding strategies implemented by an organization to deal with its risks. A risk treatment plan should consider a range of treatment options, which may include legal remedies as well as financial, operational and reputational remedies for each prioritized risk. The following factors should… Continue reading Compliance Risk Management – Risk mitigation and reporting

Mark Powell – The lost art of building risk matrices and why they should be avoided

Risk matrices have been around for decades, but most people don’t build their own anymore. In fact, Mark Powell told an audience at Risk Awareness Week 2020 that he hadn’t met anybody in 25 years who had built a risk matrix from scratch, with many outsourcing the job to consultants instead. So why does this… Continue reading Mark Powell – The lost art of building risk matrices and why they should be avoided

Compliance Risk Management – Risk analysis (part 4)

Step 4. Allocate weights to each scenario In order to determine the weight allocated to each consequence scenario of events triggered by compliance risk, historical data, modelling, as well as expert opinions, can all be used, individually or in combination. Weight of each scenario can involve the following factors: the range of laws, along with… Continue reading Compliance Risk Management – Risk analysis (part 4)

Compliance Risk Management – Risk analysis (part 3)

Step 3. Determine the range of consequences for each scenario In order to quantitatively assess compliance risks the next step involves defining the possible range of values for each consequence scenario. Typical consequences can involve the following factors: Consequence scenario Range of consequences A.     Small fine for violation, for example a fine for three days… Continue reading Compliance Risk Management – Risk analysis (part 3)

Compliance Risk Management – Risk analysis (part 2)

Step 2. Identify causes and consequence scenarios Causes and consequences for the bow-tie diagram are normally derived from the regulations as well as through consultation with risk owners and subject matter experts. Common consequence scenarios for compliance risks (just a quick example, there is more) include: Risk area Examples of consequence scenarios Licensed activities and… Continue reading Compliance Risk Management – Risk analysis (part 2)

Torsten Röhner – Why probability is critical for meaningful financial modelling

Torsten Röhner, founder and managing director of Syconomic, demonstrates why financial models that do not account for probability are virtually meaningless. “Most innovations in financial modelling solve the wrong problem… They solve technical problems instead of overcoming flaws in the methodology,” Torsten Röhner, founder and managing director of Syconomic, told the audience at Risk Awareness… Continue reading Torsten Röhner – Why probability is critical for meaningful financial modelling

Compliance Risk Management – Risk analysis (part 1)

Wherever possible companies should apply quantitative risk analysis to measure and prioritize compliance risks. Wait what? We can do better than a compliance heatmap? Apparently :)) The following information should be collected and recorded for each identified risk: Possible consequence scenarios as described in the legislation or other regulatory requirements (usually includes fines, 3rd party… Continue reading Compliance Risk Management – Risk analysis (part 1)

Compliance Risk Management – Risk identification

Every organisation is required to comply with laws within the countries it operates in, the legal and regulatory requirements vary between different regions adding to the need to have understanding and confidence in the risk management processes in place. Organisations face considerable uncertainty when making decisions and taking actions that may have significant compliance consequences.… Continue reading Compliance Risk Management – Risk identification

Alex Sidorenko – Why businesses and decision-makers must embrace Risk Management 2

One major flaw in the risk management industry is that the commonly adhered to standards and practices are built on theories that have no basis in scientific fact. Indeed, risk managers have become bogged down in appetite statements and risk registers which have little or no bearing on improving actual decision-making. But how have things… Continue reading Alex Sidorenko – Why businesses and decision-makers must embrace Risk Management 2