Bryan’s Blog

Three Lines Creates Red Tape

Last week I blogged about Overstepping the 3 Lines, where I highlight the biggest criticism of the Three Lines Model, (my opinion and that of many practitioners), it does nothing to build TRUST between the Risk Team as advisers to the business and those making the decisions to take risk. Unfortunately, it is the model

Overstepping the 3 Lines

Early this year I asked readers of my blog what they would like me to blog about this year.  Some asked about the Three Lines Model, which for those not in the know, refers to a risk management operating model that is the brainchild of the Institute of Internal Auditors. Line 1 is the business. Line

Embedding Better Practice

Does your management team fully understand the principles and the main mechanics of managing risk? Last week I wrote about better business practice and the use of simple business language to communicate what is actually good risk management. In 2024 you could ask; Do we really have to dumb down our language? Should business leaders

Better Business Practice

At the end of the RMIA Enterprise Risk Management course that I designed and run with my colleague, Lauren Jones, the last quarter hour is an opportunity to ask questions and to note some of the key learnings and actions that will be taken by participants. At the end of the most recent course we

Rewarding Risk

Have you ever asked yourself why people don’t take accountability for the more formal management of risk our risk frameworks demand? In particular, senior leaders? In my experience, a lack of accountability is not a conscious choice by a leader. It is a circumstance of something else. For example: Buy-in – They have not been