The Current State of Risk Oversight: Useful or Useless?


Norman Marks on Governance, Risk Management, and Audit

For quite a few years, the people at the Enterprise Risk Management Initiative have researched and provided reports on The State of Risk Oversight:  An Overview of Enterprise Risk Management Practices.

In February, they published the 8th edition of their report.

I have covered their reports in the past, highlighting:

  • According to the authors, very few organizations have what they consider to be “mature” or “robust” risk management processes.
  • They don’t provide detail on what they consider constitute “mature” or “robust” risk management processes. My educated guess is that they leave it to the respondents to form their own definition.
  • It seems that their idea of risk management is maintaining an “inventory” of risks (i.e., a risk register), updating it every so often, and reviewing it at board and executive management meetings.

There is some useful information in the report.

But does it add value to continue…

View original post 241 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s