Risk in Focus provides practical, data-driven research to help internal auditors and their stakeholders understand today’s risk environment and prepare audit plans for the year ahead. Whitepaper 2024 Risk in Focus Survey Results Global Summary What’s in this Survey Report from the Internal Audit Foundation: Global Risk in Focus provides practical, data-driven research to help internal auditors and their stakeholders understand the current risk landscape and prepare internal audit plans for the years ahead. The research represents an ambitious expansion of the European Institutes ..read more

Protiviti’s Jim DeLoach revisits some of his writing from half a decade ago to see if companies are making good on the promise offered by technology to deepen the effectiveness of their risk management processes. Five years ago, I contributed an article to these pages titled, “Does ERM Really Matter in Your Organization?” This article described the status quo in risk management as I envisioned it at that time and concluded that more needed to be done to elevate risk management to help organizations face the dynamic realities of the 21st century.  I pointed out that risk management, as a ..read more

Chief audit executives have identified risk orientation, stakeholder management and team leadership as the three biggest characteristics of effective audit executives, according to a new Gartner survey. The survey of 114 chief audit executives (CAEs), which was conducted in the spring, sought to quantify executive effectiveness across 180 areas to determine the most important traits. The six biggest include management satisfaction; CAE and audit department performance; perception of the CAE; audit engagement quality; CAE impact; and team engagement. “Risk orientation was the single biggest f ..read more

3-D Risks Require a 3-D Approach On paper, risks may seem one-dimensional, but they can be far more complex in reality. A one-dimensional approach to three-dimensional risks won’t suffice. Especially at a time when risk management is undergoing a global transformation, organizations must ensure ERM is creating value for the organization. If you haven’t noticed lately, risk management is going through a global transformation wherever you look! The COSO ERM framework is being revised with a new tagline, Enterprise Risk Management – Aligning Risk with Strategy and Performance.  Dennis Chelse ..read more

Is Yours Missing the Point? The purpose of risk management isn’t solely to avoid and mitigate risks – it’s a key part, yes, but most risk professionals overlook the also critical bit about improving business processes and decisions.  Here are three common traps risk managers and consultants fall into. Warning: this article may upset some conservative risk managers. Risk management in modern nonfinancial companies is very different compared to, say, five years ago. The level of risk management maturity, for lack of a better word, has grown significantly. As more and more companies acr ..read more

Some early-stage, high-growth companies choose to stay private instead of going public in part so that they have the opportunity to grow under the radar without intense scrutiny from securities regulators and the press.  However, as Elizabeth Holmes, the founder, chairman and chief executive officer of Theranos, recently learned, staying private does not guarantee that a company will avoid becoming the target of investigative reports by major media outlets or coming under fire from business partners.  If a company has not prepared in advance to weather these storms, in the worst case ..read more

Driving Change to Improve Resilience and Agility Enterprise risk management (ERM) is a framework organizations use to manage risks and seize opportunities related to the achievement of their objectives. More and more frequently, upper-level management refuses to acknowledge ERM properly, which leads to missed opportunity and lost revenues. Read more to find out what world-renowned entrepreneur Peadar Duffy has to say about ERM and its business implications. ERM is Dead! I spent a couple of hours talking with the senior independent director of a major FTSE recently. He opined that in his e ..read more

Building Risk Awareness and Aligning with Business Strategy MetricStream’s latest survey on the state of internal audit finds auditors focused on delivering timely insights on key risks, aligning audit planning with business strategy, and improving audit processes and operational effectiveness Palo Alto, California (July 10, 2018) – As part of its ongoing efforts in understanding industry trends,  MetricStream Research announced today the findings of its latest survey, State of Internal Audit 2018 – Impact and Opportunities. The survey evaluated 600 organizations from 15 in ..read more

And How an Automated Solution Can Help You Overcome Them In 2017, it’s time for many organizations to stop viewing risk management in silos and begin implementing a comprehensive enterprise risk management (ERM) program. Adoption is slow, however, due to some common challenges, especially when it comes to finding a consistent method of defining, assessing and reporting risk. A good automated ERM solution can help lessen the burden. With 2017 in full swing, companies are finally beginning to abandon the historical practice of approaching risk management in silos.  Many are beginning the mi ..read more

Creating Situational Awareness Several prominent Wall Street firms are transitioning to a cognitive risk management environment. The changes they’ve made are significant, but there’s still work to be done. James Bone asserts that a more comprehensive approach is needed: one that includes intentional control design and machine learning – technology to help humans become more productive. In my previous articles, I introduced human-centered risk management and the role cognitive risk governance should play in designing the risk and control environment outcomes you want to achieve.  One of th ..read more