If you are preparing to take the CISA exams or the CIA exams. I just want to take this opportunity to wish you all the best in your exams. Remember; "Remember to pay attention to the questions and quickly eliminate incorrect options". All the best, Ransom Follow me on Twitter @RansomNformi
Risk are accepted, mitigated or transferred at the point of decision-making
I have been thinking about how an organization can obtain assurance that risk (what might happen) is appropriately considered in decision-making.
As I have been saying for quite a while now, decision-making is where risk is taken.
We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment.
We want to know that the right level of the right risks is being taken.
Looking at whether the organization’s risk appetite (a concept that frankly doesn’t work well for all sources of risk) has been exceeded is, at best, an after-the-fact control. It should not be satisfactory to management to know only after-the-fact that a poor decision was made.
So I had what might be a novel idea.
Let’s drive risk management effectiveness by improving decision-making – and let’s drive…
View original post 274 more words
If you are preparing to take the CISA exams or the CIA exams. I just want to take this opportunity to wish you all the best in your exams. Remember; "Decide that you want it more than you afraid ot it". All the best, Ransom Follow me on Twitter @RansomNformi