Skip to main content


The 3 Lines of Defense for Good Risk Management

For years, risk in many organizations was managed on an ad-hoc basis by tenured leaders relying on their own experience, such as the CEO and any credit, market, legal and fraud experts on hand. Internal audit functions existed to identify necessary internal controls and make sure there were no gaping holes. Typically, internal audit was the only part of an organization performing regular risk assessments, and when something went wrong, management would cry, “Where were the auditors?” Today, a new governance model is gaining popularity. The “three lines of defense” (3LoD) model mobilizes three separate groups—business managers, central risk and compliance management teams, and internal auditors—to work together at different stages to provide increased protection against an ever-widening array of risks. The model promotes risk ownership and a stronger risk management culture while eliminating inefficiencies, gaps and overlaps that often occur in the management of risk and compliance by…
Recent posts

Risk Management, What If Analysis and Emergency Preparedness

Visit to learn more about Naval risk management and pirate risk assessment!

Embedding Risk Management Within The Organization

Embedding Risk Management Within The Organization
Whether you are in manufacturing, service industry of healthcare, embedding risk management into daily work is going to be a key challenge. It is often difficult because many risk managers and leaders don't really know how to do this. I am sharing the two key tips that can help you in being very successful in embedding risk management within your organization. Connect the dots: This deals with employees understanding and knowing the rules of the games and taking pride in their work as well as being engaged. The organization will be able to connect the dots for its employees when it is open, transparent and willing to share information on key metrics and performance such as Quality, Delivery, Safety, Cost and Morale. Sharing these metrics is the first step. There are many other next steps that should follow. We can help you and your organization in connecting your business Why with your ERM's Why? visit us at …
Risk Assessment is a process that provides the required information to decision makers on the uncertainties in relation to specific goals or objectives. Conducting risk assessments helps organizations in managing uncertainties. Typically risk assessment process consists of two key tasks. First, to identify risks and second, to analyze the identified risks.

The effect of risk can be either positive or negative. The negative effect comes from not meeting goals or objectives. The positive effect comes from meeting or exceeding set goals.

Key goal of risk assessment is to inform management at all levels of the risks faced by the organization and how those risks affect the organization's ability to meet objectives, as well as to identify potential risk treatment options.

When assessing risks, the risk manager should be mindful of overall risk appetite and risk tolerance.

Risk Appetite is defined as the total exposed amount that an organization wishes to undertake on the basis of risk-…

Surgical Error - Why risk management often fails in healthcare