Risk Maturity Model

Safety objectives cannot be fully realised through rule enforcement alone After the dramatic improvements of H&S using systematic procedural techniques, the quest for zero incident rates has remained illusive. Continuously tightening work place discipline and rigour can prove counter productive if it leads to a ‘them and us’ mentality characterised by mistrust, resentment and disaffection. Trust and mutual respect are only achieved through proper consideration of the human factor in the risk equation. Many different aspects of personality are related to risk taking; it is not a simple scale between ultra cautiousness and uncontrolled recklessness. To enrich organisational risk culture […]

‘Three Lines of Defence’: A Dangerous Delusion

By Anthony Fitzsimmons A ‘Three lines of Defence’ risk management model sounds reassuring, but it contains a flaw.   The model was implicitly endorsed by the UK’s now defunct Financial Services Authority in 2003 and is still characterised as “sound operational risk governance” by the Basel Committee on Banking Supervision, failed to prevent the recent financial sector crisis. ‘Three lines of defence’, ubiquitous in financial services and widespread elsewhere, actually has four layers.  Line managers deal with risks as they take them. Centralised teams monitor and report on risk to the CEO’s team and to the board. Internal and external auditors should bring an independent […]

The Auditor: Risky Business

  Auditing is risky business. The choice of becoming an auditor, choosing your field of expertise, gaining an understanding of the standards, and applying to technical area all rely on a professional’s competence. What underlies this competence is the confidence to complete the task. This confidence is achieved through the ability to resolve the risk inherent in the process. Let’s talk risk.