• About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
pexels-andrea-piacquadio-3811807.jpg

The challenges to getting objective-centric information

January 20, 2021

Given a choice, most boards and CEOs - you would imagine - would prefer forward-looking, concise information on the risk/certainty of achieving an organisation’s most important objectives over a stack of internal audit reports and risk register reviews/heat maps from the previous quarter. 

(There may be a small percentage of cases where the CEO doesn’t want their board to know the true risk/certainty linked to top value creation/preservation objectives – always a sign of an unhealthy leadership culture.)    

One of the big barriers to change is that traditional risk management and internal audit methods have often not provided deep enough analysis and critical oversight of the likelihood of a company achieving its key strategic objectives and the majority of CEOs/boards have been okay with that. 

Risk functions and internal audit are often thought to be more compliance responses and not linked to driving long term strategic success. 

Internal audit functions produce information from a combination of traditional internal audit methodologies. CEOs and boards do not usually get definitive objective-centric information from Internal Audit on risk/certainty status.

Risk functions also tend to focus on risk-centric assessments without providing sufficient guidance to CEOs and boards on risk certainty status based on information linked to key value creation and preservation.

Boards and executive teams are now being pressured by institutional and other investors and, to some extent also, by regulators to demonstrate more effective board oversight of strategy and the risk management process linked to strategy.  This is starting to help drive change. Both risk management and internal audit departments will, however, have to significantly raise their games if they are going to help management complete risk/certainty assessments on key strategic objectives to long term success.  

So will Chief Risk Officers and Heads of Internal Audit find these new board expectations an exciting challenge and a huge career opportunity?   

Or will they hunker down and stick with traditional risk management and internal audit methods until forced to change?  

Some may wait too long while markets and consumers make the painful decisions for them and the companies who rely on their advice.

The damage may be irreparable.

Tim Leech - Risk Oversight Solutions Inc, Toronto, Canada

Tags: Tim Leech
Prev / Next

Blog

Featured
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson
Sep 25, 2023
Chris Burt
The implications of the revised UK Corporate Governance Code
Sep 25, 2023
Chris Burt
Sep 25, 2023
Chris Burt
Sep 13, 2023
Andrew Cunningham
Financial regulators take aim at crypto-finance
Sep 13, 2023
Andrew Cunningham
Sep 13, 2023
Andrew Cunningham