Internal Audit Charter: Minimum requirements to comply with IIA Standards
Introduction The Institute of Internal Auditors (IIA) published the Global Internal Audit Standards (GIAS) in January, 2024. The GIAS will become effective January 9, 2025. Domain III on Governing the Internal Audit Function includes Standard 6.2 Internal Audit Charter. From a governance perspective, this is the most important Standard as the Internal Audit Charter includes […]
Risk Aggregation – Purpose, Challenges & Approaches
Introduction The nature of risk management is perpetually evolving which is of course, natural, as practitioners seek to drive improvements through either rethinking existing practices or through innovation. One such area on which there is often no overall agreement, is that of risk aggregation. There are few studies on this issue and neither ISO nor […]
Risk Appetite – Framework & Approaches
Introduction For banks or financial institutions, risk appetite is a particularly important component of an end-to end risk management framework. It needs to be supported by other risk management components, such as a comprehensive risk taxonomy, robust risk identification and assessment processes, data and analytics capabilities, and a risk aggregation and prioritization logic based on […]
Key Indicators: KPI, KRI, KCI
KPIs, KRIs, KCIs… It’s easy to get tangled in the alphabet soup 🥣 of metrics. While each of these ‘K & Is’ plays a distinct role in your organisation’s success, they are all ultimately just indicators serving a different purpose. ⬇ Here’s the breakdown: 🔹 KPIs (Key Performance Indicators) – These metrics keep score of […]
Controls: The Good, the Bad & the Ugly
Necessities for Effective Risk Management What is it? A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. (Source: IIA/IPPF) There may be different definitions, but I personally like this one as it includes all the key […]
Risk Governance: What is it, Why does it matter & What does it involve?
What is it? Governance refers to the framework of rules, practices, processes, and structures by which an organisation is directed and controlled. It encompasses the mechanisms through which the objectives of the organisation are set, monitored, and achieved, while also ensuring accountability to stakeholders. Risk governance is a subset of overall governance that focuses specifically […]
Enterprise Risk Management (ERM) Implementation: Key Considerations
In my previous article, I discussed assessing ERM maturity. Here I will run through the main points of implementing an ERM programme. It is worth noting that every organisation’s ERM implementation programme should be based on its own maturity, objectives, requirements and applicable regulatory standards. However, the points below should help to benchmark your approach. […]
Navigating Enterprise Risk Management (ERM) Maturity: A Roadmap for Success
In the ever-evolving landscape of business, risk is not a static concept; it’s dynamic, multifaceted, and omnipresent. To thrive in this environment, organizations must adopt a proactive approach to managing risks. This is where Enterprise Risk Management (ERM) comes into play. ERM isn’t just about mitigating risks; it’s about strategically identifying, assessing, and leveraging risks […]