We define risk as “the effect of uncertainty on objectives” (ISO 31000), however how often do we stop and ask if we have the right objectives in the first place? On what basis were they formed? When were they developed? Have times changed? In my experience facilitating risk workshops, often a poor or even incorrect
One approach for embedding a risk management culture across your enterprise is to develop a team of risk champions within your business. What should you expect of them and how should you equip them? The answers to these questions are not straight forward. When you are dealing with cultural change the strategies that work best
Recently I read a comment in a LinkedIn Group that stated Chief Risk Officers should be given more authority in order to enforce sound risk management practices. This made me raise my pen. The notion of authority for a CRO worries me a bit along the lines that the risk management function and internal audit
One of the most important aspects of being a strong Risk Leader is helping ensure those you are guiding are assessing the right risk. Here is a simple example: You are conducting a short risk assessment with a team tasked with relocating to a new head office. During the risk assessment physical risks to the
A question often asked is how broadly or how deeply do we need to design risk reporting in our risk management frameworks. Of course there is no easy answer. Let me give you a short anecdote before I give you my usual few dot points on the topic. I was at a UNSW Australian School