Here is a link to a discussion by Matt Kelly of Compliance Week about risk management, suggesting or perhaps stating that risk management is being done by financial institutions and some other public corporations, but it is a mixed bag, and, in my words, risk management and how to do it really have not caught on. And then below the link to Matt’s discussion, I have pasted in this post my response to Matt. Here is the link to Matt’s very interesting discussion – please read it, CLICK HERE.
And here’s my response to Matt’s post. Good discussion Matt. I’m not sure everything in the discussion correlates, but I believe the underlying points are true. Your discussion caused me to think about all of the many, many emails that I receive about new risk management discussions and posts, and some of them are by me. But have they done much good? I question whether they have. I’m not being critical, just truthful. Hordes of risk management, and internal control, and governance discussions and posts are created monthly, and for many, many years. But I have come to believe that people most often take action only if they are presented with a specific situation that they know demands that they take action, or they are required to by law, statute, or regulation, or they are required to by rule, sometimes (such as stock exchange rules), or it becomes an expected practice, sometimes (such as an expected practice in the community or perhaps by a professional organization such as the NACD, etc.). Otherwise, the requirement that the organization, or the board, or the audit committee, or the risk committee is responsible for risk management is simply too vague and indefinite. And that’s the way it is.
Dave Tate, Esq., San Francisco and throughout California, http://directorofficernews.com