Why are there “bad” decisions? No one starts out to deliberately make a bad decision. If you look into available thought papers and reports, you can find some evidence that can provide some understanding of how bad decisions are made.
COSO in 2012, commissioned a report on “Enhancing Board Oversight”[1] focusing on challenges and biases in making professional judgments. Continue reading
You may think that you grasp the idea of risk and ISO management; but as you study risk in greater depth, you begin see it as a word of many colors. Here’s an example from ISO 19011:2011. It says that ISO management system auditors need to realize the risk associated with auditing. This includes the risk that comes with the audit program and auditing risk. In other words, there is a risk that the auditors are looking for and there is risk that comes in the process of doing the audit. Continue reading
Following is excerpted from Mastering 21st Century Enterprise Risk Management (forthcoming October 2013):
THE NATURE OF RISK
Most systems masquerading as enterprise risk management are re-jigged workplace health-and-safety risk platforms that attempt to apply a predefined standardized methodology. A one-size-fits-all assessment program cannot be imposed on everyone and achieve any useful results. Risk-assessment must be relevant to their field if people are to take it seriously. It must provide meaningful value to them. It also must go through continual review as the nature of risk changes and evolves. Continue reading
The US Federal government folks in the Computer Security Division (CSD) at National Institute of Standards and Technology (NIST) have been hard at work on the Cybersecurity Framework deliverables for the President’s February Executive Order 13636, on Improving Critical Infrastructure Cybersecurity. (see prior Insights post). NIST has created a web portal for the Framework at http://www.nist.gov/itl/cyberframework.cfm . The NIST CSD portal is http://csrc.nist.gov/. Continue reading
The trains and boats …Hindsight is cheap, as argued by Taleb when he wrote about black swans.
First [the black swan] is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it carries an extreme impact …. Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable. Continue reading