I have always had a fondness for risk management; in my career, there have been many times where I have argued against something because it was too risky, at least in my eyes. Governance and compliance always seemed to be burdens to me, and to be completely honest, I was fairly prejudice against them. With compliance, I could see the benefit from a societal level, but at a certain point I viewed it as checking off proverbial boxes.
The concept of a risk management system—what it is and consists of—is something that is often misunderstood or misinterpreted. A big challenge many companies face is evolving the management of their risk and dealing with it properly as it changes. While risk itself is a recurring instance for most companies, the problem is not just dealing with different risks, but having a universal definition of what they are and also specifically having a risk identification plan.
If risk management is on your radar, take a look through the articles and insights below. They might just challenge your thinking…in a good way.
One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.
Yesterday, I picked up the July 11 edition of the Wall Street Journal. As I skimmed the front page, the following headline drew my attention: “Under Fire, Theranos CEO Stifled Bad News.” A CEO stifling bad news? Sounds like an interesting Tone at the Top tale to this former auditor!
This is the first article in a three-part series I’ll be posting throughout the GRC Conference in Phoenix. My intent is not to dissect the IIA’s changes in minute detail. There have been a number of great pieces written on this topic, and I encourage you to jump over and read what those on the forefront of internal audit are saying, particularly a recent article by Norman Marks and Kristen Gantt that offers a compelling view of the internal audit department of tomorrow.