Enterprise Compliance Today

Behind compliance management failures at Mitsubishi, VW, Target

Posted by Greg Carroll on Fri, Jun 17, 2016 @ 03:15 PM

2016 has seen a virtual tsunami of compliance failures involving some of our largest companies. From Mitsubishi to VW, from ANZ to Target, almost weekly there have been media reports about some company employees having run amok – unbeknownst to their executives and boards. People are asking: “What happened to the compliance management systems that are supposed to monitor and prevent such abuses?” Executives and boards are naturally starting to question the entire compliance management function. 
Read More

Tags: Best practices, corporate governance, Compliance Management

How to Identify Corporate Risks in ERM

Posted by Greg Carroll on Fri, Jun 26, 2015 @ 03:16 PM

An effective Corporate Risk management system (or ERM) requires developing a detailed inventory of all the drivers and influences and how they affect the organisation.  It requires a methodical and introspective commitment to fully understand what makes things tick, but as with most things, a bit of effort upfront produces a lifetime of benefits.

Read More

Tags: corporate governance, risk identification

Why Corporate Governance is broken and how to fix it

Posted by Greg Carroll on Thu, May 28, 2015 @ 11:23 AM

Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs, is one of approach.

Read More

Tags: corporate governance, Compliance Management, risk management

Citibank vs Berkshire Hathaway – The Power of Ethics in Governance

Posted by Greg Carroll on Tue, May 12, 2015 @ 01:27 PM

Maybe "Greed is Good" but with a 300% increase in Shareholder Value Berkshire Hathaway proves Ethics pays better!  But if Ethics pays, the traditional "zero tolerance" preach & penalize awareness training approach won't get you there, nuturing will.

.

Read More

Tags: corporate governance, shareholder value, ethics

Why is it so hard to integrate risk appetite in an organisation?

Posted by Greg Carroll on Thu, Mar 19, 2015 @ 12:23 PM

Risk Appetite is such a simple concept that everyone thinks they know but invariably misunderstand. COSO and other regulatory requirements for boards to issue a Risk Appetite Statement has led to a belief a business has an overarching level of risk tolerance. Personally I don’t believe these Risk Appetite Statements add any value but regulators are regulators.

Read More

Tags: corporate governance, risk management, risk culture, decision making, risk tolerance

Strategic Management: How to turn a Strategic Plan into Results

Posted by Greg Carroll on Thu, Mar 05, 2015 @ 07:30 AM

Corporate objectives are not the “bulls eye” of strategic planning they're just the dartboard.  Boards are assessed by the quality of their Results not the quality of their Objectives.

Read More

Tags: corporate governance, risk management, Strategic Management

COSO ERM Review - 9 Point Plan to Integrate ISO 31000

Posted by Greg Carroll on Fri, Jan 09, 2015 @ 09:09 AM

COSO has announced its intention to review its 2004 ERM Framework and has already started soliciting feedback.  Broadly panned by the Risk fraternity, I believe it can provide a valuable contribution to the GRC landscape. Although I expect critics from both sides (COSO & ISO 31000), here are my recommendations.

Read More

Tags: corporate governance, risk management, Resilience

PDCA is NOT Best Practice

Posted by Greg Carroll on Fri, Nov 14, 2014 @ 01:30 PM

There is a gaggle of Management Consultants pushing the 20th century mantra of Good Management Practice as a panacea to all the ill of today’s business environment. The key plank in most of these methodologies is that old chestnut “the PDCA cycle” for Continuous Improvement. If your consultant wears this as a badge, run a mile!

Read More

Tags: Best practices, corporate governance, iso 55000, risk management, project management, Quality Management

Axe archaic attitudes on Risk Appetite!

Posted by Greg Carroll on Fri, Oct 17, 2014 @ 11:00 AM

We need to discard the continuing archaic attitude to Risk Appetite as a compliance policing action and develop it as a tool of improving management and system performance.  In the brave new world of the 21st century volatile business environment not only are the goal posts moving, but the ground is moving under our feet.

Read More

Tags: corporate governance, risk management, risk culture, decision making, risk tolerance

Emerging Risks II – The Black Swan Syndrome

Posted by Greg Carroll on Thu, Oct 02, 2014 @ 10:10 AM

In part 2 of my analysis of the ISO 31000 forum on “Does anyone really understand Emerging Risks?” I look at the 3rd question: How do you manage the unknown?

Read More

Tags: corporate governance, risk management, risk identification, risk evaluation