Please register to receive new blog articles

Your email:

About the Blog Author

enterprise risk management

Greg Carroll has 30 years' experience addressing risk management systems in life-and-death environments eg Dept. of Defence and Victorian Infectious Diseases Laboratories. He has also worked for decades with multinationals like Motorola. He is Founder and Technical Director at Fast Track; and author of the seminal "Mastering 21st Century Enterprise Risk Management". More »Enterprise Risk eBook

Download eBook


Enterprise Compliance Today

Current Articles | RSS Feed RSS Feed

The Risk Outlook for 2015


It is customary at this time of year for most risk professionals to step back and take a broader look at the risk landscape ahead for the coming year. The normal starting point is the “think-tank” assessments of Global Risks such as Zurich Risk Landscape 2007-2015 and the WEF’s 2015 Global Risk Report.  And Global Warming is at the top of most experts’ lists.

COSO ERM Review - 9 Point Plan to Integrate ISO 31000


COSO has announced its intention to review its 2004 ERM Framework and has already started soliciting feedback.  Broadly panned by the Risk fraternity, I believe it can provide a valuable contribution to the GRC landscape. Although I expect critics from both sides (COSO & ISO 31000), here are my recommendations.

PDCA is NOT Best Practice


There is a gaggle of Management Consultants pushing the 20th century mantra of Good Management Practice as a panacea to all the ill of today’s business environment. The key plank in most of these methodologies is that old chestnut “the PDCA cycle” for Continuous Improvement. If your consultant wears this as a badge, run a mile!

Axe archaic attitudes on Risk Appetite!


We need to discard the continuing archaic attitude to Risk Appetite as a compliance policing action and develop it as a tool of improving management and system performance.  In the brave new world of the 21st century volatile business environment not only are the goal posts moving, but the ground is moving under our feet.

Emerging Risks II – The Black Swan Syndrome

blackswan resized 600

In part 2 of my analysis of the ISO 31000 forum on “Does anyone really understand Emerging Risks?” I look at the 3rd question: How do you manage the unknown?

Does anyone really understand Emerging Risks?

Emerging Risks Scope resized 600

I recently opened an ISO 31000 Forum discussion on “Does anyone really understand Emerging Risks?”  The discussion proved illuminating so in this week’s post I thought I would share a summary of the forum discussion.

QANTAS $3b Loss – Risk is more than Compliance

Monty Python The Black Knight 2

Where was the QANTAS Board Risk & Audit Committee during the past 6 years of Alan Joyce’s systematic destruction of, at one-time, one of the world’s leading airlines?

How to use Strategic Imperatives to focus Corporate Risk Management

9605512 m

Risk exists everywhere - the problem is knowing what to focus on. ISO31000 definition of risk as “the measure of uncertainty in a situation” hasn’t done a lot to clarify what corporate risk means for Directors providing "good corporate governance".

Understanding ERM: 7 Guiding Principles for Successful ERM

9780099791515 large

The Dept of Defence assesses capability in 7 categories: Purpose, Environment, Organisation, People, Process, Data, and Material. Below I have used this methodology to lay out the guiding principles for achieving a successful Enterprise Risk Management (ERM) system.

Risk Culture vs Organizational Culture – Hitler Diaries Case Study

9780099791515 large

The “Risk Culture” Myth Part3: The blurring of the difference between Risk Culture & Organizational Culture has had a major detrimental effect on ensuring good governance in corporations.  An independent Risk Culture to Organizational Culture is as vital to good governance as an independent judiciary is to good government.

All Posts