IMPROVING OUR DEFENCES

As businesses, especially those that are regulated, we work hard to carry out risk assessments, but where are we with that and are these assessments informed, measured or validated?



Risk, this thing that ‘compliance’ professionals work hard to mitigate.

Well, regulatory risk at any rate.


Where are we with this?

I would suspect we all look to identify our risks, guesstimate the inherent nature of them by considering likelihood and impact.


I would also hope we are also reassessing these after our businesses have designed mitigation by way of procedures and controls.


But, do we then assess the effectiveness of the design, do we review and report on the operational efficiency of these controls?


Perhaps we do this through our monitoring and assurance programmes...however there remain some burning questions,


What is our quantified confidence in those controls and have we considered how we might do this with validity?

Are we able to show our boards definitive evidence of whether our inherent risk is diverging or converging when compared to residual risk?


If we profess to be following a risk-based approach, we have to be able to provide answers to these!


We need to constantly strive to improve our defence.

Recent Posts

See All

This website and its content is copyright of Perrin Carey Limited © 2020-2021. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited.

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

"Enhancing performance 

through governance"

© 2020-2021

by Perrin Carey®

GOVindicia®

Perrin Carey Limited is a company registered in Guernsey under company no. 68118