Author Archives for Jim DeLoach

Ensuring Risk Management Success

Published by

Risk governance varies radically across industries and organizations because a one-size-fits-all approach simply does not exist. There are, however, five interrelated principles that underlie effective risk management within all organizations in both good times and bad: integrity in the discipline of risk management, constructive board engagement, effective risk positioning, strong risk culture, and appropriate incentives. Integrity in the Discipline of Risk Management Integrity in the discipline of risk management means having a firm grasp of business realities and disruptive market forces. It also means engaging in straight talk with the board and within executive management about the related risks in... Read More


Should Boards Have a Separate Risk Committee?

Published by

Among many other duties, the board is tasked with ensuring that a process is in place for managing the significant risks facing the organization and that those processes are continuously improved as the business environment changes. While the full board retains overall responsibility for risk oversight, there are several ways to think about how this process is organized. Key Considerations  One approach is for the full board to coordinate the scope and accountabilities of risk oversight, assigning certain responsibilities to the various standing committees. The full board receives reports from management and each committee regarding the status of critical risks... Read More


How Mature Are Your Risk Management Capabilities?

Published by

“How mature is our risk management?” Chances are good that you have been asked this question at least once. At Protiviti, we hear it frequently. The common presumption is that the more mature a process, the more effective it is. But what does that really mean, and how does the concept of maturity apply to risk management? Effective enterprise risk management (ERM) enables timely responses to the risks that matter most to an organization. An effective risk management infrastructure is constructed using the following six elements: Policies Processes People and organization Reports Methodologies and assumptions Systems and data Once in... Read More