Home > Risk > World-Class Risk Management

World-Class Risk Management

For several years now, I have been writing, speaking, and networking with people around the world to discuss risk management. I have reviewed hundreds of articles, surveys, and other publications on the topic, and written about them in my two blogs (on the IIA site and on my personal site).

Writing makes you think, especially when you find something lacking in what you are reading and want to understand what it is – and then convey that to your readers.

All of this has helped me grow in my understanding of risk management – especially when I have an opportunity to debate and discuss the topic with world-class practitioners. I started in 1990 as the leader of an internal audit function taking a true enterprise risk-based approach and helping management understand and address the risks that matter, added the responsibility of building a risk-management function nearly 10 years ago, and today I am a semi-retired and self-styled evangelist for better-run business. This means that I try to help people run their business better through the effective management of risk, oversight and governance of the organization, world-class internal audit, and the wise deployment of technology.

I had fun writing my book on World-Class Internal Auditing[1],[2]. So much so that I decided to write one on World-Class Risk Management[3] (with the advice and support of luminaries such as Grant Purdy, John Fraser, Martin Davies, Jim DeLoach, Alex Dali, Felix Kloman, Arnold Schanfield, Richard Anderson, and more).

Grant Purdy was kind enough to write a challenging foreword.

What is risk management, truly, and what makes for a world-class risk management capability? Why do so many top executives and board members have difficulty seeing how enterprise risk management makes a positive contribution to the success of the organization?

These are the key questions I tackle in the book. A continuing theme is the need to make the management of risk a key ingredient in intelligent decision-making and the successful running of the business. I believe risk management is about more than avoiding pitfalls and threats; it’s about taking the right level of the right risks so that performance and value are optimized.

The book walks through each aspect of effective risk management, including culture; framework and context; risk identification; risk assessment, evaluation, and treatment; and complex issues such as whether a risk management function with a senior executive as chief risk officer who reports on risk to the CEO and the board is necessary or even healthy; whether you can or should try to calculate a single value for the level of a risk; whether risk appetite works in practice; issues with heat maps and other risk reporting methods; and more.

Finally, I suggest that a world-class risk management program goes beyond what many hitherto have described as effective. I disagree with both COSO ERM and ISO 31000:2009 guidance on effective risk management to describe and explain my view:

Not everybody will agree with the ideas and suggestions in the book. My hope is that through open minds and discussion, it will spark a debate that will move the practice of risk management forward.

Expert reviews include:

  • “Whether you are a manager, an assurance provider or a risk management professional, the way Norman has written this book and the good sense it contains should cause you to rethink your understanding of risk and how you go about recognising and responding to it.” – Grant Purdy
  • “I found World-Class Risk Management an engaging and interesting read. Fair warning: This is not a text book; it is a point-of-view book. If you are only interested in preserving the status quo, I advise you to put this book down! Now! But if you welcome a challenge to your view as to how risk management should function, I encourage you to let Norman take you on a journey to world-class risk management. These changing and disruptive times require that we constantly up our game.” – Jim DeLoach
  • “In the last 6 years, Norman has evolved and challenged narrow minded views of risk management that have a bureaucratic audit or compliance-focus approach as well as academic thoughts that do little to increase the performance of an organization and create value. Today, he has gathered his current state of knowledge in risk management in his new book exploring, reviewing and questioning the concept of “World-Class Risk Management” with references to the internationally-adopted ISO 31000 risk management standard.” – Alex Dali

[1] Available as a paperback from CreateSpace, and on Amazon as either a paperback or e-book.

[2] My earlier book, Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization, is available from the IIA Bookstore or on Amazon. I also have a short book, How Good is your GRC?: Twelve Questions to Guide Executives, Boards, and Practitioners.

[3] Available in paperback from CreateSpace or Amazon, and on Amazon in e-book format.

  1. Michael Proulx
    June 14, 2015 at 10:29 PM

    Mr. Marks, How about an excerpt or two? I too have been involved in Risk Management for 2+ decades, and have drawn near to your own conclusions. I am currently working on the business case for conflict sensitivity in conflict and post-conflict contexts and feel your insights would be beneficial to my work and research. I agree Risk Management goes beyond mere market ‘numerology’, yet needs quantifiable values to stick. Good governance protects more than the bottom line – it is world class as you state, and as I have titled my own work, World wise risk management.
    I look forward to an insightful read.

    • Norman Marks
      June 15, 2015 at 6:49 AM

      Thanks, Michael. I plan to do so.

  2. June 15, 2015 at 6:55 AM

    Norman, I look forward to reading this new book!

    • Norman Marks
      June 15, 2015 at 7:00 AM

      Thanks, Jay. Love to hear what you think

  3. Norman Marks
    June 15, 2015 at 7:55 AM

    The book is now available on Amazon in both paperback and e-reader formats. (I recommend the paperback.)

  4. abdulghafoor
    June 21, 2015 at 11:09 AM

    who can send me this book

    • Norman Marks
      June 21, 2015 at 3:19 PM

      Abdul, it is available as shown in the post, note 1

  5. August 18, 2015 at 3:20 AM

    Great posts to learn the secrets of risk management Your Posts simply teach the importance of risk management in the Organization . The company has to spend the time to identify and to assess the risk http://www.spplimited.co.in/nebosh-igc-course-training-in-chennai/ . Better avoid it , by the earlier identification rather than getting affected . Thanks for the Admin for the Great posts .

  1. June 19, 2015 at 4:23 PM
  2. June 27, 2015 at 7:05 AM
  3. July 3, 2015 at 10:13 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: