Can Internal Audit Be Agile?

Should It Be? I’ve always been uncomfortable with the term “agile” when applied to GRC generally or Audit specifically. I guess I still have some internal auditor left in my DNA, but it sounded like the flavor of the month. “Agile” seemed a little too furtive and vague to be an attribute to aspire to. […]

Quick Reaction to” OnRisk 2020: A Guide to Understanding, Aligning and Optimizing Risk”

Refreshing and powerful new insights from the IIA This report, available here,  is a must read for anyone interested in scaling and sustaining risk management to drive business value. Its not necessary to agree with the reports approach or conclusions. The question is can we build on and refine practices from this starting point? The […]

Internal Controls: Designed to Fail or Designed for Failure?

All controls will fail. They will fail at a predictable rate. Internal controls not designed for failure are designed to fail. The week of Oct 14 was “Risk Awareness Week” (RAW), a series of  interactive workshop that began on Oct.14. The workshops were designed to raise awareness about risk management applications in planning, forecasting, budgeting, […]

Is Enterprise Risk “Accounting” (ERA) Blocking Enterprise Risk Management (ERM)?

In reflecting on the state of Enterprise Risk Management (ERM) recently, (I will use the term ERM generically for all its current variations) I have come to conclude ERM is far from reaching its potential and may be in a state of decline. As a profession we have developed what I will call Enterprise Risk […]

Have We Reached the Tipping Point in Risk and Compliance? Is It Time Now to Connect the Dots?

Thanks to the perseverance of risk and compliance professionals and automation we have built silos where domain specific risks are managed in very granular detail. This data has unexploited strategic value.

Sizing up Risk and Compliance Practices: A Strategic Perspective

Here’s the problem. The diversity and complexity of regulations, standards and professional practices across the risk and compliance spectrum represent multiple, often conflicting seemingly irreconcilable and deeply held paradigms and beliefs.

Risk management won’t add value unless it starts with value drivers

Risk and compliance professionals want be “trusted advisors”. To do this they need to help add value to the business. They usually fail because they don’t know where to start. My simple premise is you can’t add value if you don’t understand where value lies. Here are some clues I found helpful. Hint 1: Value, […]