IIA recently published a Practice Guide on Assessing the Risk Management Process. It sounded interesting so I set aside some time to go through the document. Overall verdict The maturity model proposed by IIA has exactly the same fundamental flaws that all of the other 100+ consulting risk maturity models out there have. Plus, while… Continue reading Is IIA secretly trying to kill risk management? Sometimes I wonder.
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 2)
Complete this free risk management maturity assessment to determine whether your organization is risk management 1 or risk management 2. The assessment takes less than 3 minutes and is designed as a quick assessment to determine potential gaps in risk management integration. Risk management 2 is about integrating risk analysis into decision making, core processes… Continue reading Free risk management maturity assessment. Find out if you are risk management 1 or risk management 2
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 1)
While the management needs to ensure that the necessary resources are allocated to the integration of risk management into decision making and core processes, considerations of the internal and external context should apply, and in particular: People responsible for managing risk should: Have sufficient industry, business, and technical knowledge and experience Have strong facilitation, risk… Continue reading RISK MATURITY: Are necessary resources allocated to managing risk?
The ultimate goal of risk management 2 is to integrate risk analysis into decision-making processes and the overall management of the organization. Mature organizations ensure that appropriate risk assessment and decision-making techniques/tools are used, for example: The effect of uncertainty on cash flows, budgets, business plans and production forecasts may be analyzed by running Monte-Carlo… Continue reading RISK MATURITY: Choosing the most appropriate risk assessment technique
Most mature organizations have already documented their appetites for different risks to objectives. Segregation of duties, financing and deal limits, procurement criteria, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetites. Sometimes risk appetite is driven by legal or regulatory requirements, industry practices, sometimes by… Continue reading RISK MATURITY: How to document risk appetite
A critical component of risk management integration is including responsibility and accountability (authority, resources and competence) for managing risks into all business activities. Top management should ensure that the responsibilities and authorities for relevant roles with respect to risk management are assigned and communicated at all levels of the organization. It is quite common to… Continue reading RISK MATURITY: How to integrate risk management into roles and responsibilities
Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk management. Risk management framework documents became so common, that nowadays they don’t require much effort to develop and there are plenty… Continue reading RISK MATURITY: How to build a risk management framework
I feel risk management is on a verge of something interesting, something very exciting at the moment. For a long time, I naively thought that by doing good risk management all the key stakeholders would be satisfied, but the reality is, different stakeholders want completely different things. There is risk management 1 – risk management for… Continue reading RM1 vs RM2 – which side will you choose?