the five key principles of successful risk management according to Jim DeLoach are presented and discussed in this article.
First, let’s congratulate Jim DeLoach for his recent recognition by the National Association of Corporate Directors. He received their Directorship 100 award this week.
Now, let’s look at his latest risk management post.
His 5 Key Principles of Successful Risk Management are:
- Integrity to the discipline of risk management
- Constructive board engagement
- Effective risk positioning
- Strong risk culture
- Appropriate incentives
Each is important.
But are they the key to successful risk management?
Are they half as good as the principles in ISO 31000:2009 or in World-Class Risk Management? The latter are:
- Risk management enables management to make intelligent decisions when setting strategy, planning, making decisions, and in the daily management of the organization. It provides reasonable assurance that performance will be optimized, objectives achieved, and desired levels of value delivered to stakeholders.
- Risk management provides decision-makers with reliable, current, timely, and actionable information about the uncertainty that might affect the achievement of objectives.
- Risk management is dynamic, iterative and responsive to change.
- Risk management is systematic and structured.
- Risk management is tailored to the needs of the organization and updated/upgraded as needed. This takes into account the culture of the organization, including how decisions are made, and the need to monitor the program itself and continually improve it.
- Risk management takes human factors (that may present the possibility of failures to properly identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance they are overcome.
How about these?
- Focus on enabling success rather than avoiding failure
- Help everybody make informed and intelligent decisions, understanding what might happen and acting accordingly
- Obtain reasonable assurance that people are making quality decisions and taking the right risks
The rest is detail.
Somehow, we need to move the practice away from a periodic review of a list of risks (which Jim refers to as enterprise list management) and to increasing the likelihood and extent of success.
I welcome your thoughts and commentary.
- Useful ethics training for internal auditors - February 21, 2024
- Internal audit wastes so much time on policies, documentation, and more! - January 17, 2024
- The risk to an organization of technology debt or deficit - December 11, 2023