Addressing the ugliest risk: internal politics
Maybe it’s a taboo subject, but I can’t say I have seen it discussed very often.
Politics can be the greatest risk to the achievement of objectives, whether at the corporate level, between division heads, among managers, on projects, or from one worker to another.
I have seen it far too often:
- Hiding information
- Spreading false rumors
- Sabotaging projects by withholding people or other resources
- Failing to tell others of dangers ahead
- Duplicating efforts with competing projects
- and more
So what should we do about it?
- Recognize that internal politics, at any and every level, can be a source of risk
- Follow your risk management process (e.g., as explained in ISO 31000) to assess and determine how to treat the risk
- Be aware of the politics of dealing with the politics
- Avoid being accused of playing politics yourself by being open and taking care how you frame the issues (such as talking about availability of resources rather than people withholding resources)
- Stay alert and keep your eyes and ears open to changes in the political environment
- If this is a significant problem, talk to your champions at executive and board level about how to change the culture
I welcome your stories, comments, and opinions.
- How to Build an IT Audit Plan December 9, 2013
- Does Your Internal Audit Department Understand All the Tools It Has? December 2, 2013
- Reflections on IT Risk and Audit November 25, 2013
- UK Issues Proposed Guidance on Risk Management, Internal Control, and Going Concern November 18, 2013
- Using COSO Updated Internal Controls Framework in a Top-Down, Risk-Based Sarbanes-Oxley Program November 7, 2013
- Board Members Who Should Be Fired November 4, 2013
- PCAOB Issues New Guidance on Sarbanes-Oxley October 29, 2013
- Why Internal Audit Must Assess and Provide Assurance Over the Management of Risk October 17, 2013
- Accenture Reports Good News for Risk Management but Misses a Key Point October 17, 2013
- Audit Committees Should Discipline the Auditors More Often October 7, 2013
Recent Posts on this Blog
- Two new reports show improvement in and value from risk management
- An Interesting Paper on Risk Management
- Reflections on Strategic Risk
- The Optimal Role for the CIO
- If I was Chair of the Audit Committee
- Is it time to call the term “GRC” dead?
- The Risk of Average People
- Use the language of your audience
- ISO provides additional and useful risk management guidance
- Corporate culture, the good and the bad CEO
- New Deloitte survey has mixed news about risk management effectiveness
- Are you considering GRC software?
- What is your risk appetite?
- Board governance depends on where you sit
- Information Security Disconnected from Management?