Please register to receive new blog articles

Your email:

About the Blog Author

enterprise risk management

Greg Carroll has 30 years' experience addressing risk management systems in life-and-death environments eg Dept. of Defence and Victorian Infectious Diseases Laboratories. He has also worked for decades with multinationals like Motorola. He is Founder and Technical Director at Fast Track; and author of the seminal "Mastering 21st Century Enterprise Risk Management". More »Enterprise Risk eBook

Download eBook


Enterprise Compliance Today

Current Articles | RSS Feed RSS Feed

Understanding ERM: 7 Guiding Principles for Successful ERM

9780099791515 large

The Dept of Defence assesses capability in 7 categories: Purpose, Environment, Organisation, People, Process, Data, and Material. Below I have used this methodology to lay out the guiding principles for achieving a successful Enterprise Risk Management (ERM) system.

Risk Culture vs Organizational Culture – Hitler Diaries Case Study

9780099791515 large

The “Risk Culture” Myth Part3: The blurring of the difference between Risk Culture & Organizational Culture has had a major detrimental effect on ensuring good governance in corporations.  An independent Risk Culture to Organizational Culture is as vital to good governance as an independent judiciary is to good government.

The "Risk Culture" Myth 2: Roadmap to a Practical Risk Culture


The Risk Culture Myth isn't anti risk culture but that it's been hijacked to a belief system. In this 2nd article on the Risk Culture Myth I attempt to re-position Risk Culture back to it its original practical intent.

The “Risk Culture” Myth


Risk Culture is the greatest myth perpetrated on business since the Y2K bug. Just like Y2K, an industry has now grown up around it assisting companies to improve their “risk culture”. The problem with “risk culture” is that it has been hijacked from its original practical intent to now being an impossible (and unrequired) philosophical pursuit.

Project Risk: The 5 most common mistakes implementing software

12613435 m

Whilst the IT Industry has to bear the brunt of the responsibility, it is your business and your job that wears the consequences, and therefore it is in your best interest to intercede in the process to ensure your best possible outcome.

Governance: How Company Directors should manage THEIR Risk Exposure

Lee Finniear

Board members need to consider their Risk exposure when considering needs of their organisation's corporate governance.  This weeks contribution is by Dr Lee Finniear. Lee is a Fellow of the Australian Institute of Company Directors.

Free Excerpt: Mastering 21st Century Enterprise Risk Management

enterprise risk management

My book providing the best of parts of my 2013 webinar series... plus an addendum with nuts-and-bolts guidance is now available thru

Pro-Active vs Re-Active Risk Management

risk burnout chart

ISO31000 needs to address the understanding of the fundamental nature of risk if it hopes to advance the maturity of risk practices in business

Where to start your Enterprise Risk Management (ERM) system

9725861 m

Contract Management has all the same components.  Financial, Operational and strategic risks, surveillance and KPIs, opportunity and threat management, and most importantly, easily understandable methods of aggregation. 

Why Aggregate Risk in an Enterprise Risk Management (ERM) System?

enterprise compliance

There appears to be a growing view that Risk does not need to be aggregated to have an effective ERM. I believe this is due to a combination of the rush of inadequate software products on the market and the infiltration of Q.A. mentality into ERM. 

All Posts