Just a quick note about this month’s column (available here).
I’m getting the sense from the risk and control professionals I’ve spoken with recently that there is a greater realization of the separation of duties incumbent upon risk functions. In this piece, I briefly discuss how to use reporting to make this clear, and drive an increase in control posture across your organization.
This being the goal setting time of year, its also worth noting that you shouldn’t be committing to increasing control strength unless you are really the owner of a control. Otherwise, I’d recommend using phrases like “better inform,” “make aware,” “increase awareness,” etc. It more accurately represents the role you play.
(Yes, that’s Chuck Norris in the eponymous 2009 game, because nothing says “effective IT risk management” like Chuck Norris!)