I like this review of the guidelines published a couple of years ago by internal auditors in the Nordics.
Guest blogger Marinus de Pooter highlights some good points and areas of weakness.
====================================================================
A steering group drawn from the Institutes of Internal Auditors for the Nordic and Baltic countries issued the ‘Good practice guidelines for the Enterprise Risk Management function’ in 2020. The target group is organizations that would like to establish an ERM function or develop their existing risk management function further.
The aim of this document is to set a common benchmark and to facilitate the Internal Audit function when evaluating the effectiveness of risk management processes. When reading the Guidelines I asked myself this question: To which extent do they help a business manager to run his or her organization(al unit) better?
What I like is that they authors talk about the management of positive and negative uncertainty [p. 1]. Contrary to many approaches, according to them risk management is not only about mitigating events with undesirable consequences.
I agree that the emphasis should be on assisting decision-makers with dealing with meaningful uncertainty. Risk management’s field of expertise is in evaluating and communicating the…
