Mobile Edition
Print
Get the Mag
Weekly UpdatesI applaud Norman Marks' article, "Risk's Role in Governance Failures" ("Governance Perspectives," June 2009), as one that adds positively to the conversation. He points out aspects of risk management, internal auditing, and their perceived juxtaposition, that are problematic; and the key element that gets in the way of risk management and auditing--lack of effective communication.
Risk identification is worthless without internal controls to manage risk; internal controls are worthless unless the correct risks are identified. Risk management, when practiced correctly and allowed to flourish, can be used as a predictive tool and vastly alter the direction of any organization (hopefully for the good). Internal auditing is central to that practice. While the two are interconnected, it is unclear where, how, and how much.
[ILLUSTRATION OMITTED]
The language we use is so industry-specific and fraught with acronyms and ill-defined terms that practitioners don't even know what they mean. Language needs to be simple, unambiguous, and accurate. Many times, language is used as a weapon or to establish territory, and in this business, that has no place. The mission of risk management--locally, enterprisewide, or globally--is too important to get bogged down in such pursuits. My opinion is that those who are more self-interested than dedicated to that mission should be shown the door. Keep shining that light. We all need to continue to work on this until we get it right. The stakes couldn't be higher.
THOMAS R. HOLLAND
trhdrums@yahoo.com
FEED