Day 1: Auditors and Zombies In a factory someplace, there are 20 workers whose job it is to continuously pass a ball to each other as quickly as possible. Watching this important work from a viewing area are 10 newly…
The winding rivers of risk management
In the novel Time and Again by Jack Finney, he writes about Einstein’s theory of time travel this way: “we’re mistaken in our conception of what the past, present, and future really are. We think the past is gone, the…
The Night’s Watch and the Wall of risk management
In the series A Song of Ice and Fire which begins with the book A Game of Thrones, by George RR Martin, we are introduced to the Wall and the Night’s Watch. The Wall is an immense fortification on…
The iPhone 4S of enterprise risk management
Last year Apple released the iPhone 4S and critics pointed out it was pretty much the iPhone 4 with a big-s glued on. Although there were some minor improvements from the iPhone 4, overall it was pretty much the…
When treating a risk creates another risk and so on and so on
Sometimes in an effort to treat an issue, we generate a different risk or increase an existing one in the process. Many of us can relate to when the internal auditors come in, look at existing processes and weak controls…
Leech shares his thoughts on the Board oversight of risk
Please have a read at what Tim Leech has to say about the SEC’s new enhanced proxy disclosure requirements and new rules around the Board oversight of risk, in his IIA blog found here: http://www.theiia.org/blogs/leech/index.cfm/post/New%20U.S.%20Disclosures%20-%20Board%20Oversight%20of%20Risk He notes that while you…
Internal audit is not risk management even in New Zealand
Keeping with today’s theme “internal auditors are not risk managers”, here’s something I quite enjoyed courtesy of a report from Marsh in New Zealand called The 2008 State Sector Risk Management Practices Report. Page 17 it reads: Internal Auditors play…
Internal auditors get my goat
Here’s one of those articles that would get my goat if I owned a goat. It’s the typical rah-rah article about how wonderful ERM is and everyone should be doing it. (I am always a proponent of those.) But the…
Spreadsheet risks (a comedy of errors)
Here is a pretty good read by Forrester called “Controls to Mitigate Spreadsheet Risk” about the risks inherent in using spreadsheets; it includes a list of common spreadsheet risks including these: Lack of audit trail Poor security and access controls…
Risk Management is not Internal Audit
Risk management is looking forward Risk management is when you are driving your car on a foggy night and you cannot see more than 10 feet in front of you – there may be something out there: perhaps a…