How to Make a Peanut Butter Sandwich: Norman Marks

 

In my third instalment of this increasingly less funny series, we look at how popular auditor and blogger Norman Marks might make a PBJ sandwich.

How to Make a Peanut Butter Sandwich: Norman Marks

1. Add jam and peanut butter to bread.
2. Perform a self-assessment to determine if that was actually peanut butter, jam and bread.
3. Check off boxes.
4. Ask Tim Leech if this is an adequate sandwich.
5. Draft a new framework about how to make a peanut butter and jam sandwich.
6. Solicit input on LinkedIn from others who like peanut butter and jam sandwiches.
7. Publish findings in Internal Audit magazine.

Read Full Post »

Risk management certification: let’s discuss

Tim Leech’s IIA blog discusses some of the many risk management designations and certification available and whether or not one of these may be the cost of entry in the future. I would like to know if anyone out there is interested in replying to this post with thoughts, pros, cons, benefits, etc., for the many designations out there.

For example years ago, I entertained the FRM certification from GARP but found the study material a bit too quantitative for the risk management I was interested in. (If memory serves me right, I think there was a calculus test!) I’ve look at the RIMS CRM certification and find their website is too poorly written to understand what is explicitly required: they sort of send you off to a list of Canadian universities to take some courses then come back and apply. There is a new certification at GRCSI.org which talks about a body of knowledge and is vague on their exam.

So, I’d like to open this up to the masses. Do you have one of these or others? Are you thinking of getting one of these? What’s been your experience?

And have a read of Tim Leech’s post as well (see link above).

Trevor

Read Full Post »

Marks explains how to make risk management a way of life

In this November 2009 post on the IIA website, Norman Marks promotes the idea of making risk management a way of life instead of a quarterly exercise. If it doesn’t add value, then it is merely “decoration”, he writes.

I quite enjoyed this example about managing the risks of his daily commute to work – something we call all relate too – and recommend that you have a read. It is an excellent illustration of how one makes risk management a way of life rather than an ad hoc activity.

Please click here to have a read at Norman’s post.

Read Full Post »

Leech shares his thoughts on the Board oversight of risk

Please have a read at what Tim Leech has to say about the SEC’s new enhanced proxy disclosure requirements and new rules around the Board oversight of risk, in his IIA blog found here:

http://www.theiia.org/blogs/leech/index.cfm/post/New%20U.S.%20Disclosures%20-%20Board%20Oversight%20of%20Risk

He notes that while you will benefit by reading this document, it is not recommend for fireplace reading during the holidays.

Read Full Post »

Tim Leech writes about the actuaries approach to operational risk

I am posting the link to Tim Leech’s commentary about the paper titled A New Approach for Managing Operational Risk: Addressing the Issues Underlying the 2008 Global Financial Crisis. If you are not following @LeechGRC on Twitter or read theiia.org, you will likely miss it.

And you should read what Tim has to say.

He writes:  “I believe the approach to risk management described in this paper and introduced in the Stamford/Towers Perrin workshop has the potential to literally change the way the world thinks about risk management.”

Click here to read the full Tim Leech text at theiia.org.

To follow Tim on Twitter, http://twitter.com/LeechGRC

Read Full Post »

Tim Leech raves about ISO 31000

I just found some cash in the pocket of my winter coat which I was planning on spending on a Slap Chop™ and a Mike Cammalleri jersey but I decided it would be better spent on my very own copy of the new Risk Management–Principles and Guidelines (ISO 31000).

For those of you awaiting my review, Tim Leech’s review is good enough for me. And while he suggests this is the best 112 Swiss Francs you will ever spend, I would argue that a 10 lb Toblerone would be the best 112 Swiss Francs you ever spend, with ISO 31000 a very close second.

See Tim’s review by clicking here

Riskczar likes Toblerone too

 

Read Full Post »

H. Felix Kloman – COSO ERM vs ANZ 4360 Deathmatch

Here’s a 2003 article written by Mr. Kloman where he reviews a draft version (at the time) of 4360 and one of COSO ERM authored by PwC. Although he is not reviewing the final versions, one can still draw similar conclusion. The terms “winner” or “draw” were added by me.

Mr Kloman noted:

• 4360: Model of clarity (winner)
• COSO: Feels like an elephant stepped on me

• 4360: Just calls it risk management (without the enterprise, business, integrated, holistic, business, etc.) (draw)
• COSO: Adds the E to the risk management

• 4360: Defines risk as:  “exposure to the consequences of uncertainty, or potential changes from what is planned or expected.” (winner)
• COSO: Says no common terminology exists

• 4360: The draft reviewed as only 23 pages (winner)
• COSO: The Executive Summary was only 23 pages, and the entire document was 139 pages

• 4360: Uses the term “risk treatment” (winner)
• COSO: Very control focused and uses the term “risk response”

• 4360: The gold standard (winner)
• COSO: It is an exercise in cranial congestion: too many words, too much jargon and too little clarity.

With a final score of 5-0, 4360 wins hands down over COSO ERM.

If you had to chose based on the length of each document, perhaps this Churchill quote will help: “The length of this document defends it well against the risk of its being read.”

Read Full Post »