Enterprise Compliance Today

How to Implement Risk Based Audits & Inspections

Posted by Greg Carroll on Sat, Jul 18, 2015 @ 05:40 PM

With the release of the Final Draft of ISO9001:2015 this week and its focus on risk-based Compliance Management, I thought I would share our approach to Risk-Based Auditing from our experience with the likes of Defence Aviation and the Australian Quarantine Inspection Service, both leaders in the field.
Read More

Tags: Best practices, Compliance Management, risk management, ISO9001:2015, audit & Inspection

The 4 Biggest Mistakes in Compliance Management

Posted by Greg Carroll on Fri, Jul 03, 2015 @ 11:53 AM

Mere compliance with a Framework is an insufficient audit approach; it is critical to assess whether it is current, timely, communicated broadly, and meets the needs of the business. The 4 biggest mistakes are: 
  1.      Not being Outcome focused
  2.      Not using Risk base targeting
  3.      Not Value Adding
  4.      Not being timely
Read More

Tags: Best practices, Compliance Management, audit & Inspection

How to Identify Corporate Risks in ERM

Posted by Greg Carroll on Fri, Jun 26, 2015 @ 03:16 PM

An effective Corporate Risk management system (or ERM) requires developing a detailed inventory of all the drivers and influences and how they affect the organisation.  It requires a methodical and introspective commitment to fully understand what makes things tick, but as with most things, a bit of effort upfront produces a lifetime of benefits.

Read More

Tags: corporate governance, ISO31000 & ERM, Strategic Management

Why Corporate Governance is broken and how to fix it

Posted by Greg Carroll on Thu, May 28, 2015 @ 11:23 AM

Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs, is one of approach.

Read More

Tags: corporate governance, Compliance Management, erm

Citibank vs Berkshire Hathaway – The Power of Ethics in Governance

Posted by Greg Carroll on Tue, May 12, 2015 @ 01:27 PM

Maybe "Greed is Good" but with a 300% increase in Shareholder Value Berkshire Hathaway proves Ethics pays better!  But if Ethics pays, the traditional "zero tolerance" preach & penalize awareness training approach won't get you there, nuturing will.

.

Read More

Tags: corporate governance, shareholder value, Strategic Management, ethics

21 Best Practices in Workflow Management

Posted by Greg Carroll on Wed, Apr 22, 2015 @ 09:13 PM

Return of Investment (ROI) does not come for automating a process but from using it to add value.  Value adding comes from targeting time and resources, risk based thinking, and Business Intelligence where they can deliver the greatest benefit to achieving the organisation’s strategic goals.   

Read More

Tags: Best practices, Realization, Optimization, PDCA, ISO9001:2015, grc

Definition of Resilience - #VanuatuStillSmiles

Posted by Greg Carroll on Sat, Apr 11, 2015 @ 11:42 AM

When stripped naked, Resilience is about strength of character and speed of recovery.  Vanuatu has shown both in spades with the succinct #VanuatuStillSmiles.

Read More

Tags: Resilience

Why is it so hard to integrate risk appetite in an organisation?

Posted by Greg Carroll on Thu, Mar 19, 2015 @ 12:23 PM

Risk Appetite is such a simple concept that everyone thinks they know but invariably misunderstand. COSO and other regulatory requirements for boards to issue a Risk Appetite Statement has led to a belief a business has an overarching level of risk tolerance. Personally I don’t believe these Risk Appetite Statements add any value but regulators are regulators.

Read More

Tags: corporate governance, erm, decision making, risk appetite, risk tolerance, risk adverse

Strategic Management: How to turn a Strategic Plan into Results

Posted by Greg Carroll on Thu, Mar 05, 2015 @ 07:30 AM

Corporate objectives are not the “bulls eye” of strategic planning they're just the dartboard.  Boards are assessed by the quality of their Results not the quality of their Objectives.

Read More

Tags: corporate governance, erm, Strategic Management

Time to Revise the ISO 31000 Risk Management Standard

Posted by Greg Carroll on Thu, Feb 19, 2015 @ 09:00 AM

With the recent release of a new British standard BS 65000 on Organisational Resilience, and COSO’s announcement of a review of its 2001 COSO ERM framework, I believe that business is moving ahead of ISO 31000 as a necessary response the evolving business environment and accelerating rate of technical change; therefore there is a strong case for a taking a fresh look at ISO 31000.   

Read More

Tags: ISO 31000, risk management, erm, Resilience, Emerging Risks, BS 65000