Scribd Logo
Upload

Welcome to Scribd!

  • What To Avoid and How To Maximize Effectiveness

    Uploaded by

    alijadoon
    10 views1 page

    Original Title

    What to Avoid and How to Maximize Effectiveness

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views1 page

    What To Avoid and How To Maximize Effectiveness

    Uploaded by

    alijadoon

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    What to avoid and how to maximize effectiveness 

    The corporate scandals of Enron, WorldCom and Tyco in the early 2000s have forever changed the way management and
    investors view risk management programs. Circumventing controls and exposing a company to increased risk is a recipe for
    disaster that could result in reputational damage.

    Despite management’s good faith efforts to implement comprehensive risk assessments and mitigation programs, the
    percentage of successful implementations remains relatively low. Gladly, there are some clear indicators that your risk
    assessment may be falling short.  Here are five pitfalls that contribute to an ineffective risk assessment:

    1. Done, filed away:  Risk assessments often result in a substantial amount of documentation that is filed away once
    completed. However, if the risk management process is not incorporated into daily business processes, it becomes
    a “check-the-box” exercise and the benefits are never realized. To be effective, it needs to be refreshed as the
    business changes and should be continuously updated.
    2. Incomplete diagnosis:  When issues are identified, remediation efforts often address the symptom, but fail to
    treat the root cause of the problem. As a result, the root cause goes unresolved and the risk of further issues
    remains high.
    3. Generic risks:  When performing risk assessments, companies tend to identify generic risks. For example, they
    may conclude that there is a “risk or fraud,” which is too generic.  Instead, potential fraud scenarios should be
    identified, including who the likely perpetrators are, how they could conceal the fraud, and how the potential fraud
    could be prevented.
    4. Incomplete view:  Many companies utilize a top down approach, which is great for identifying strategic risks.
    Others prefer a bottoms up approach, which is better for identifying operational risks. However, each one provides
    only a partial view.  Having the perspectives of both executive management and operational staff are necessary to
    developing a holistic view of the organization’s risk exposures and ways to mitigate them.
    5. Lack of accountability and buy-in: Risk assessments are often done by someone independent of the business
    process, such as the Compliance person, and sometimes without getting buy-in or feedback from the business
    area.  This can result in incorrect assumptions being used, which in turn leads to poor process documentation and
    incorrect controls.

    You might also like