I agree with the blogspot comments, they are risks or defects to a successful risk workshop. As a risk consultant I never approach the process as if the risk workshop is the only tool. Usually I allow all participants to participate in an anonymous survey to identify Strategic, Operational, Compliance and Reporting risks using a very detailed magnitude and vulnerability scale that they helped develop in prior sessions. The Magnitude and Vulenrability (aka Likelhood) scale take a long time to create and I used workshops to do so. In the end if a 5 point scale is being used one can end up with 50 paragraphs of text for the Magnitude scale (5 x 10 factors) and 60 paragraphs of text for the 5 x 12 vulnerability factors. Its a little hard later to dispute the results since the whole group participated in describing the Magnitude and Vulnerability paragraph descriptions, but 110 paragraphs is alot of work. After the Magnitude and Vulnerability scale is created by the client/organization, an anonymous survey can be sent out where they used the rating scale, I usually use SurveyMonkey or some other tool and then summarize results. Only after this is done is a workshop planned.
During the actual workshops usually 20 persons participate from every department in the global company. I believe my risk workshops have been successful because I start out with a statement to the effect that the participants need to be wary of a false sense of precision that some workshop facilitators and participants may believe can occur. I emphasize that a workshop is not precise and therefore is only one tool in the toolkit to prioritize risk response investments by the entity.
Other tools are OECD bribe payer indecies, corrupt practices indecises and software piracy indecis available from OECD which help with country risk assessments which are again only one tool. I used about twenty different sources of data for each top 20 risk statements and about 25 for business process risk by country when I do a global risk assessment. Prior audit experience, change, complexity etc.
Unfortunately I can't give more details because a US process patent is pending.
Bernice Lemaire
President Lemaire Consulting at Lemaire Consulting LLC
bernicecpa@aol.com
____________________________________________________
skip to main |
skip to sidebar
Followers
Blog Archive
-
▼
2008
(14)
-
▼
December
(13)
- David HarrisStudent at West Virginia Universitydha...
- From: Matthew Leitch [mailto:m.leitch1@ntlworld.co...
- November 28, 2008I'm impressed with your proposals...
- My view is that workshops are great to bring out i...
- While the specifics of risk identification are ten...
- RE: Reasons for Risk Workshops failing to deliver ...
- RE: Reasons for Risk Workshops failing to deliver ...
- From:David HarrisDate:December 2, 2008To: Gavin La...
- The risk workshop methodology is deeply entrenched...
- LinkedInDate: 11/29/2008Subject RE: Reasons for Ri...
- I agree with the blogspot comments, they are risks...
- LinkedInDate: 11/28/2008Subject RE: Reasons for Ri...
- LinkedInDate: 11/27/2008Subject RE: Reasons for Ri...
-
▼
December
(13)
No comments:
Post a Comment