Risk Management Insights

I want to join the BLOG

07/10/2015 / Enterprise Risk Management, Risk Management, Risk and Control Self Assessment, Risk Controls

Need Help Defining a Risk Control?

6 Key Questions to Define Risk Control.

In last week's blog, I discussed the basic but often confused issue, of describing operational risks in a logical and understandable way. This week, I turn to controls, which are often as equally poorly defined and understood.

The ISO 31000 standard defines control as a “measure that is modifying risk”. While not incorrect, this definition is broad, and I am not sure overly meaningful or engaging with the employee at the coal face. 

Read More