Alex Sidorenko from RISK-ACADEMY talks about three things to review when auditing risk management effectiveness in non-financial companies Download free risk management book at https://www.risk-academy.ru/en/download/risk-management-book/
More information about RISK-ACADEMY, our training courses and services at https://www.risk-academy.ru/en/
-~-~~-~~~-~~-~-
Please watch to find out more about risk management webinars we run every week: “RISK ACADEMY free webinars”
-~-~~-~~~-~~-~-
Hi Alex!
Very interesting ideas… However, let's remind that Risk is the potential of deviating from the objectives. Are there any items is your list which could prevent the entity to miss its objectives?
The aim of risk management is not to eliminate risk, but to take smart risks. In doing so, entities should implement preventive controls and minimise the risk (impact, likelihood, vulnerability and/or velocity). I don't see any preventive control on your list.
Moreover, what happens with the ideal risk management on your list, when an unexpected event occurs?
1. Excellent historical performance coupled with excellent performance metrics in-line with the industry;
2. Management takes decision very well (at least, it has been proven on historical records);
3. Management takes decision very well (I think point 3 is more or less the same with point 2)
Are these sufficient to manage the magnitude of impact from an adverse event in case of occurrence? Is the entity adaptable to new conditions? Is the entity immune to fraud risk or to employees collusion who try to avoid internal control measures?
I would rather say that there is not a magic short list of aspects to be taken into consideration… Unfortunately, there is no magic wand, and risk management is heavily relying on professional judgement, it must be adaptable from case to case…
Comments are closed.