Risk Tip # 11 – linking control effectiveness measures to organisational outcomes
I have previously written in relation to the measurement of control effectiveness (Risk Tip #2- Control Effectiveness), but in this latest instalment of my Risk Tip series, I want to show why it is so important, not only in the management of risk, but also how it relates to the achievement of our organisational outcomes. […]
Proportionality is the Key
I have discussed the importance of controls and their effectiveness to the risk management process in many forums including Risk Tip #2- Control Effectiveness. It is still my belief that the management of risk cannot be effective unless an organisation understands not only what controls are in place, but, more importantly, how effective they are. […]
Risk Tip # 10 – Post Event Analysis
Risk Tip # 10 – Post Event Analysis “We learn from history that we do not learn from history.” Georg Wilhelm Friedrich Hegel No matter how well an organisation manages risk, there will still be occasions where incidents occur i.e. risks are realised. In organisations without a well-structured risk management program, these events will likely […]
The Incident Database – The Reverse Risk Register
Many organisations maintain an incident database to record the incidents that occur. What I have observed, however, is that the incident databases are not being used to their full effect in that there is no linkage to the risk register. This blog will describe why the linkage is so important and, how to get the […]
Why Fraud Control Plans are Completely Unnecessary
One of the plans that I see almost universally in government organisations, as well as in many large private companies, is the Fraud Control Plan. It’s usually in place to highlight the organisation’s approach to preventing, detecting and responding to fraud. In my experience, however, these documents just become shelf ware until the next time […]
Colonel – we have a problem
In mid-February KFC announced that it was shutting the majority of its stores across the UK and Ireland due to, of all things, a chicken shortage that was caused by the introduction of a new delivery contractor, that had taken over from an established food distributor that had worked with the fried chicken brand for […]
Risk Tip # 9 – Describing Risk Treatments
I love reading risks treatments in risk registers – they are always so descriptive. Some of the treatments I have taken from risk registers over time are shown below: better communication; training in contract management; rolling fraud audit program; additional physical security; more management oversight and action; better change management; and/or recruit additional staff. increased […]
This is not a drill
On Saturday 13th January 2018, the Hawaiian Emergency Management Agency (HEMA) sent out a missile alert: What followed were scenes of absolute fear, confusion and chaos as Hawaiians sought shelter where they could: under bridges, in underground shelters, with video even emerging of a father lowering his child into a drain so she would be […]
What is a Risk?
It may seem obvious but, fundamental to the effective management of risk, it is essential that we actually understand what a risk is. From the outset let me be frank, I consider the definition of risk management in ISO 31000 (the effects of uncertainty on objectives) to be confusing, and, utterly ineffectual as a definition. […]
Risk Tip # 8 – Capturing the right risks in your risk register
Lack of qualified staff would have to be one of the risks that I see most often in risk registers. You may even have it in yours. Other risks that I see on a regular basis in risk registers include: lack of funding; failure to meet the Government’s reform agenda; project does not meet its […]
