I have been speaking about and listening to people speak about risk for a very long time. I am providing you with my list of risks to consider for 2018. The risks provided are not based on theory, but rather what I am seeing in practice. I also focused on those risks that might not be so obvious?
I welcome your comments and thoughts…
- Data Dilution Risk – when the information received is watered down, changed or altered in a way to mask a potential issue.
- Incentive risk – when your compensation structure directly or indirectly encourages unethical behavior.
- Investigation risk – when an ethics violation or fraud is alleged and there is a failure to investigate or the scope of the investigation is consciously managed/manipulated. Failing to properly investigate could result in unnecessary issues and expenses.
- Up-the-ladder risk – when an ethical violation is reported to a manager and the issue(s) are not properly escalated and reviewed. I expand on this in my article in an upcoming issue of Fraud Magazine.
- Training or education disremember risk – when the messages you are sending are not retained. Believe me this is real!
- Remediation risk – when you identify gaps or weaknesses and remediate by treating the symptom(a) rather than the true “root cause”.
- Perfect place risk – when a fraud or vulnerability risk assessment is not performed, properly performed, or updated on a regular basis, because the feeling by senior leadership is nothing bad will ever happen to us.
- Skepticism risk – when issues are managed by people who are not or can’t provide and independent and objective analysis of the situation and act accordingly.
- Risk of risks – when risks are not properly identified or the risks identified are so numerous and the process for managing risks is informal or unorganized, thus the organization is unable to focus on managing those risks that negatively impact the achievement of goals and objectives. This is really enterprise risk management, which is a governance issue.
Happy New Year!