New website =
RiskCommentary.caERM myths, observed by your host over several years’ experience as practitioner and educator. For each point, we will give you the practical take-away to apply in your risk management program.
Myth #8: Managers, directors, analysts, CEOs, etc. know how to implement new programs.
Myth #9: Enterprise Risk Management can best be implemented by using a software application.
Myth #10: Defining risk tolerance is essential to an ERM program.
Myth #11: Monitoring compliance constitutes effective ERM.
Myth #12: Linking corporate strategy to ERM is difficult and complex.
Myth #13: ERM takes 3-5 years to implement.
Myth #14: Good ERM predicts the future; it is effective forecasting.
KEY QUOTE
Do not fall prey to the myth that the technology, in and of istelf, will inspire acceptance and take-up of the new risk management program.
"The most common pitfall in compliance programs is an overreliance on policies, procedures and systems, according to Ulysses Chioatto, director of SSAMM Management Consulting.
A cursory glance over all the convictions and enforceable undertakings by ASIC in the past five years highlights this overreliance on policies, procedures and systems by financial services providers in their compliance programs, said Chioatto, with little to no work on people – or to put it another way, the company’s culture.
Both internal and external auditors as well as compliance and risk officers pore over documents, flowcharts, plans and reports from computer risk and compliance applications, yet breach registers are overflowing, or worse still, completely empty. "