Risk Is Not a Quarterly Exercise; It Should Be a Way of Life

Posted on Nov 28, 2009

The International Organization for Standardization (ISO) recently released a new risk management standard: ISO 31000. It prompted me to think about what really matters — what makes an organization effective in managing risk.

continue reading...

Our Job Is Not to Perform Audits

Posted on Nov 17, 2009

If you ask auditors what they do, most will answer that they perform audits. They may vary on that theme by saying that they assess and test controls, add value, identify control weaknesses, or similar; but if they say or imply that their job is to perform audits, then they are mistaken.

continue reading...