Enterprise Compliance Today

PDCA is NOT Best Practice

Posted by Greg Carroll on Fri, Nov 14, 2014 @ 01:30 PM

There is a gaggle of Management Consultants pushing the 20th century mantra of Good Management Practice as a panacea to all the ill of today’s business environment. The key plank in most of these methodologies is that old chestnut “the PDCA cycle” for Continuous Improvement. If your consultant wears this as a badge, run a mile!

Read More

Tags: Best practices, corporate governance, iso 55000, Quality Management, project management, risk management

Axe archaic attitudes on Risk Appetite!

Posted by Greg Carroll on Fri, Oct 17, 2014 @ 11:00 AM

We need to discard the continuing archaic attitude to Risk Appetite as a compliance policing action and develop it as a tool of improving management and system performance.  In the brave new world of the 21st century volatile business environment not only are the goal posts moving, but the ground is moving under our feet.

Read More

Tags: corporate governance, decision making, risk tolerance, risk culture, risk management

Emerging Risks II – The Black Swan Syndrome

Posted by Greg Carroll on Thu, Oct 02, 2014 @ 10:10 AM

In part 2 of my analysis of the ISO 31000 forum on “Does anyone really understand Emerging Risks?” I look at the 3rd question: How do you manage the unknown?

Read More

Tags: corporate governance, risk evaluation, risk identification, risk management

Does anyone really understand Emerging Risks?

Posted by Greg Carroll on Fri, Sep 19, 2014 @ 12:00 PM

I recently opened an ISO 31000 Forum discussion on “Does anyone really understand Emerging Risks?”  The discussion proved illuminating so in this week’s post I thought I would share a summary of the forum discussion.

Read More

Tags: corporate governance, due diligence, risk identification, risk management

QANTAS $3b Loss – Risk is more than Compliance

Posted by Greg Carroll on Sat, Aug 30, 2014 @ 08:00 AM

Where was the QANTAS Board Risk & Audit Committee during the past 6 years of Alan Joyce’s systematic destruction of, at one-time, one of the world’s leading airlines?

Read More

Tags: corporate governance, due diligence, risk management

How to use Strategic Imperatives to focus Corporate Risk Management

Posted by Greg Carroll on Wed, Aug 06, 2014 @ 02:00 PM

Risk exists everywhere - the problem is knowing what to focus on. ISO31000 definition of risk as “the measure of uncertainty in a situation” hasn’t done a lot to clarify what corporate risk means for Directors providing "good corporate governance".

Read More

Tags: corporate governance, risk identification, Strategic Management

Understanding ERM: 7 Guiding Principles for Successful ERM

Posted by Greg Carroll on Fri, Jun 13, 2014 @ 01:30 PM

The Dept of Defence assesses capability in 7 categories: Purpose, Environment, Organisation, People, Process, Data, and Material. Below I have used this methodology to lay out the guiding principles for achieving a successful Enterprise Risk Management (ERM) system.

Read More

Tags: Best practices, risk culture, risk management

Risk Culture vs Organizational Culture – Hitler Diaries Case Study

Posted by Greg Carroll on Fri, May 23, 2014 @ 01:00 PM

The “Risk Culture” Myth Part3: The blurring of the difference between Risk Culture & Organizational Culture has had a major detrimental effect on ensuring good governance in corporations.  An independent Risk Culture to Organizational Culture is as vital to good governance as an independent judiciary is to good government.

Read More

Tags: risk management, corporate governance, risk culture, due diligence

The "Risk Culture" Myth 2: Roadmap to a Practical Risk Culture

Posted by Greg Carroll on Fri, May 09, 2014 @ 09:55 AM

The Risk Culture Myth isn't anti risk culture but that it's been hijacked to a belief system. In this 2nd article on the Risk Culture Myth I attempt to re-position Risk Culture back to it its original practical intent.

Read More

Tags: Best practices, risk management, risk culture

The “Risk Culture” Myth

Posted by Greg Carroll on Thu, Apr 24, 2014 @ 11:31 PM

Risk Culture is the greatest myth perpetrated on business since the Y2K bug. Just like Y2K, an industry has now grown up around it assisting companies to improve their “risk culture”. The problem with “risk culture” is that it has been hijacked from its original practical intent to now being an impossible (and unrequired) philosophical pursuit.

Read More

Tags: Best practices, risk management, risk culture

Project Risk: The 5 most common mistakes implementing software

Posted by Greg Carroll on Fri, Apr 04, 2014 @ 06:00 PM

Whilst the IT Industry has to bear the brunt of the responsibility, it is your business and your job that wears the consequences, and therefore it is in your best interest to intercede in the process to ensure your best possible outcome.

Read More

Tags: risk management, Management & Reporting, project management

Governance: How Company Directors should manage THEIR Risk Exposure

Posted by Greg Carroll on Sun, Mar 23, 2014 @ 09:30 AM

Board members need to consider their Risk exposure when considering needs of their organisation's corporate governance.  This weeks contribution is by Dr Lee Finniear. Lee is a Fellow of the Australian Institute of Company Directors.

Read More

Tags: corporate governance, due diligence, risk identification

Free Excerpt: Mastering 21st Century Enterprise Risk Management

Posted by Greg Carroll on Wed, Mar 12, 2014 @ 08:48 AM

My book providing the best of parts of my 2013 webinar series... plus an addendum with nuts-and-bolts guidance is now available thru Amazon.com.

Read More

Tags: Best practices, risk management, risk aggregation, Company News

Pro-Active vs Re-Active Risk Management

Posted by Greg Carroll on Wed, Feb 26, 2014 @ 10:25 AM

ISO31000 needs to address the understanding of the fundamental nature of risk if it hopes to advance the maturity of risk practices in business

Read More

Tags: risk management, shareholder value, project management, risk identification

Where to start your Enterprise Risk Management (ERM) system

Posted by Greg Carroll on Fri, Feb 14, 2014 @ 10:02 PM

Contract Management has all the same components.  Financial, Operational and strategic risks, surveillance and KPIs, opportunity and threat management, and most importantly, easily understandable methods of aggregation. 

Read More

Tags: Best practices, corporate governance, contract management, risk management