Hindsight 20/20 #3 – shareholders before customers – nothing can go wrong
During the Banking Royal Commission, we have heard evidence of appalling behaviour by Australia’s major banks and financial planners from the past decade, including alleged bribery, forged documents, repeated failure to verify customers’ living expenses before lending them money, and selling insurance to people who can’t afford it. In one example, ANZ admitted at the royal commission that […]
Risk Tip # 11 – linking control effectiveness measures to organisational outcomes
I have previously written in relation to the measurement of control effectiveness (Risk Tip #2- Control Effectiveness), but in this latest instalment of my Risk Tip series, I want to show why it is so important, not only in the management of risk, but also how it relates to the achievement of our organisational outcomes. […]
2018 Blog # 4 – Proportionality is the Key
I have discussed the importance of controls and their effectiveness to the risk management process in many forums including Risk Tip #2- Control Effectiveness. It is still my belief that the management of risk cannot be effective unless an organisation understands not only what controls are in place, but, more importantly, how effective they are. […]
Risk Tip # 10 – Post Event Analysis
Risk Tip # 10 – Post Event Analysis “We learn from history that we do not learn from history.” Georg Wilhelm Friedrich Hegel No matter how well an organisation manages risk, there will still be occasions where incidents occur i.e. risks are realised. In organisations without a well-structured risk management program, these events will likely […]
2018 Blog # 3 – the Incident Database – the Reverse Risk Register
Many organisations maintain an incident database to record the incidents that occur. What I have observed, however, is that the incident databases are not being used to their full effect in that there is no linkage to the risk register. This blog will describe why the linkage is so important and, how to get the […]
2018 Blog # 2 – why Fraud Control Plans are Completely Unnecessary
One of the plans that I see almost universally in government organisations, as well as in many large private companies, is the Fraud Control Plan. It’s usually in place to highlight the organisation’s approach to preventing, detecting and responding to fraud. In my experience, however, these documents just become shelf ware until the next time […]
Hindsight 20/20 #2 – Colonel – we have a problem
In mid-February KFC announced that it was shutting the majority of its stores across the UK and Ireland due to, of all things, a chicken shortage that was caused by the introduction of a new delivery contractor, that had taken over from an established food distributor that had worked with the fried chicken brand for […]
Risk Tip # 9 – Describing Risk Treatments
I love reading risks treatments in risk registers – they are always so descriptive. Some of the treatments I have taken from risk registers over time are shown below: better communication; training in contract management; rolling fraud audit program; additional physical security; more management oversight and action; better change management; and/or recruit additional staff. increased […]
Hindsight 20/20 – this is not a drill
On Saturday 13th January 2018, the Hawaiian Emergency Management Agency (HEMA) sent out a missile alert: What followed were scenes of absolute fear, confusion and chaos as Hawaiians sought shelter where they could: under bridges, in underground shelters, with video even emerging of a father lowering his child into a drain so she would be […]
2018 Blog # 1 – What is a Risk?
It may seem obvious but, fundamental to the effective management of risk, it is essential that we actually understand what a risk is. From the outset let me be frank, I consider the definition of risk management in ISO 31000 (the effects of uncertainty on objectives) to be confusing, and, utterly ineffectual as a definition. […]
