From http://www.digitaljournal.com/article/320137:
I am soliciting real examples, suitably camouflaged, in response to this post. Examples can be of decisions made by a variety of people with a known motivation (i.e. well-intentioned, malicious, irresponsible) or an unknown motivation.
| The global economy has provided organizations with many opportunities that didn’t exist even ten years ago. But it also presents organizations with many risks because of the flattening of the Earth via the Internet and extensive outsourcing to countries such as China, Mexico and other nations.The designers of COSO, the guidance commonly used for compliance support of Sarbanes-Oxley Law (SOX), recognized as early as1992 the importance of risk management by including it as one element of the system of internal control. And now ISO 9001 developers are including risk in the 2015 revision. Continue reading |
Internal auditors play a valuable role in ensuring that IT investments are well-managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project’s life cycle — not just in post-implementation assessments.
Risk can take many forms from individual to companywide (enterprise). Regardless of the level there is always a tendency to underestimate the level of risk. Soldiers in combat almost never believe that they will end up a casualty. In fact, people performing jobs considered dangerous regularly underestimate the risk to health and welfare. This same mentality carries forward when dealing with enterprise risk. Ken Olsen, the founder of Digital Equipment Corporation (DEC), stated, “There is no reason why anyone would want a computer in their home.” (1) Personal Computers are now ubiquitous. DEC is out of business. Another famous incident is when Andrew Grove and Intel CEO Gordon Moore decided to exit the memory chip business. It took Intel management two years of churning and emotional trauma before the exit was complete. When one customer was told of the exit, the response was, “What took you so long?”
