Increasing risk oversight is a priority of boards and management since the global financial crisis, but many are unprepared to do this according to a recent report from the Canadian Institute of Chartered Accountants (CICA). A Framework for Board Oversight of Enterprise Risk presents a nine-step roadmap to help directors identify, understand and address enterprise risk and recognize potential compounding effects when risks collide. The roadmap is sound and also can be a valuable resource for risk management professionals.
The CICA report states “a common concern among boards of directors is the lack of a comprehensive framework and toolsets to assist boards to structure an effective, robust risk oversight process.” Key activities in the CICA framework include: identifying risks; analyzing, validating and prioritizing them; determining risk tolerance and risk appetite; managing risk through various response strategies; and ongoing monitoring. These are similar to recommendations included in ISO’s risk management standard (31000) and their business continuity management system standard (22301). Read More



In the sustainability and corporate social responsibility (CSR) “space” there is increasing pressure to report on triple-bottom-line issues through reporting frameworks, such as the
As part of my research this summer on relationships between EHS/S and risk management, I interviewed a group of EHS/S and risk management executives about various aspects of their activities. Prior to the interviews, the interviewees were given the Redinger EHS white paper titled, “
It has been a while since I’ve posted. The summer has been full, working on developing the 

Many EHS/S management system experts believe that one of the most important components of an integrated MS is management review. Management review is the time during which the overall strategy of an integrated EHS/S MS is assessed. Said differently, it is a time to see if the MS’s purpose and desired outcomes are being fulfilled. Management review is commonly framed as a performance evaluation activity. While this is correct, I would suggest that there is much more available through management reviews—that is, these are strategic opportunities to impact an organization’s Strategic Risk Management (SRM) process, and possibly start developing an SRM MS.