Risk Management requires identifying the risks to which you are exposed, and then establishing controls to prevent those risks significant enough to be controlled.  But you can’t stop there.  You really need to have mitigations in place in case a risk occurs anyway, despite your controls.

“VA’s Watchdog Is Slammed,” Wall Street Journal, June 24, 2014 A3  You have an internal watchdog to make sure you learn of operating problems (a control for a risk).  But then the watchdog undercuts the reports of wrongdoing.  Oops.  And what about the impact on the organization’s culture (notwithstanding the watchdog’s career path)?

Leave a comment

Filed under Board, Compliance, Compliance Verification, Culture, Governance, Internal controls, Oversight, Risk, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s