
When the board insists on a list of the top risks
What should a CRO or CAE do if the board insists they still want a list of “top risks” plotted on a color risk profile; and soundly reject the ISO view “risk” is “effect of uncertainty on objectives”, and COSO position “risk” is “the possibility that events will occur and affect the achievement of strategy and business objectives.”