It seems that my piece in the June edition of Risk Management Magazine caused some contraversy, and even drew a letter to the editor from the President of the Risk Management Institution of Australia.  This is all healthy debate as it forces us to assess whether learned approaches are still relevant, or whether we’re just keeping a wary eye on the deckchairs (while forgetting to look out for icebergs).

To see the rebuttal, have a look at page 3 of the July edition of Risk Management Magazine here.  And to see the original article which caused the contraversy, click here for page 3 fo the June edition.  (Now locked down, here’s the web version).

For more information on how strategy, risk, governance and assurance come together, please click here.

The number of software offerings in the space has increased, and the marketing spin is increasing which means that unless you are a highly experienced and sophisticated buyer with a track record in software selection in this space, your chances of making a poor selection are high.

TDA understands the GRC market.  We understand the strengths and weaknesses of different providers and can guide you through the selection process.

We can help you:

1. Understand the different possibilities including in this space such as continuous control monitoring, computer-assisted audit techniques, audit follow-up, data mining, control self-assessment, SOX compliance, risk assessment, legislative compliance, policy compliance, legislative training and integrated solutions.
2. Be very clear on what your specific needs are, including developing your strategy for enterprise governance.
3. Determine whether you require a generalised or niche solution
4. Understand what the most cost-effective solutions are
5. Be clear on which solutions have the strongest support base and longevity
6. Negotiate the right price

For more information, contact us.

Silos.  It’s a word that can fill you with dread if your responsible for the governance of an organisation, yet they keep on appearing.  Organisational theory is currently aguing for matrix structures, but if you’ve ever tried to run one you’ll know that shared accountability without the right tools is the same as no accountability at all.  Silos are alive and well.

TDA has track record in brining these functions together for greatest impact.  We can help to ensure:

• Duplication between assurance functions is minimused
• Assurance programs are focused on what really matters
• Risk management has a top-down view of strategic risks
• Emerging risk capability informs the strategy and risk functions
• Strategic risk insight informs the strategy process
• Strategy drives capability development

To find out more, contact us.

Todd has just been booked to facilitate a session at SOPAC – the premier internal audit & governance event in the South Pacific. 

The session will be co-chaired with Jon Isaacs, an Audit Committee Chair of a number of government agencies where they will facilitate a discussion relevant to all sectors on what makes a good Audit Committee. 

The session will be held on Tuesday March 4, 2008 at 11:15am at the Sydney Convention Centre in Sunny downtown Pyrmont.  For more information on the conference, click here.

The ASX Corporate Governance Council has been at pains to emphasise to the market that the framework is not a “one size fits all” approach to corporate governance, but a model against which companies can assess their current practices and assess whether they need to move forward.  In simple terms, the principles work on the basis that is okay not to adopt a recommendation, as long as sufficient disclosure is made to enable investors to assess whether the company has an alternative mechanism which addresses the spirit of the principles, or alternatively is deliberately taking a strategy of non-compliance.  The theory is investors will make their own mind up.

So what does all this mean?  Well three things really:

• Great governance should be common sense
• Great governance shouldn’t be difficult to implement
• You shouldn’t have to spend large sums of money on compling or writing disclosure statements.

Our offering is really simple and is aimed at small and mid-cap companies:

• We’ll tell you quickly whether you comply already – and make sure you get credit for what’s already in place
• In the areas where you don’t comply, we’ll see if you already have mechanisms which address the spirit of the principles – again making sure you get credit for being a well governed organisation
• If you don’t comply and don’t have a good mechanism, we’ll give you guidance on whether this matters to your company, to the market and what easy and quick solutions are available to you.
• In rare cases when the answer isn’t a simple one, we’ll give you the answers straight and steer you to a cost effective path.

There are many quick wins in this area, and we’ll make sure you’re across them.

Why TDA?

Todd Davies has been a practitioner representative on the ASX Corporate Governance Council since shortly after the first principles and recommendations were released and was a member of the working group on Principle 7 (Recognise and Manage Risk).  He has deliberately positioned himself as a pragmatist on the group with a sense of how to make the principles useful in practice, and practical to implement.

Perhaps more importantly, Todd believes that this should be an area which common sense prevails and not one where consultants generate large fees.  We encourage you to hold us to that!

Thanks to everyone who attended the Canberra meeting, it was great bunch of people with some great questions and discussion and a relaxed format. 

There was a particular interest in what this will mean to other sectors.  While it’s difficult to predict in detail, I’d suggest that the one to watch is the new recommendation 7.2.  The crux of the wording of this is that rather than just going through a process, management now need to form a view on whether their risks are being effectively managed and report this through to the Board.  This means that risk management can no longer suffice as a standalone process, but must be truly embedded into the governance processes of the organisation, and that due diligence will have to be done on the output of any risk process.  As I found in my last head of audit & risk role, such a signoff requires significant gear changes in thinking to make it effective and relevant.  It’s going to be an exciting time for risk management for those people on the front foot.

Download the presentation here:
Updated ASX Corporate Governance Principles & Guidelines

If you are looking for assistance with compliance with the Principles & Recommendations, please click here.

Strategy, risk, governance and assurance

“Corporate governance, sustainability and strategy have become inseparable.  They are inextricably linked.” Mervyn E. King

A lot of firms specialise in strategy, risk, governance or assurance, but few seem to bring them all together. In everything TDA does, we bring the other disciplines to it, whether using risk management to underpin delivery of your strategy, or getting strategic alignment with these areas.

Please click on a link below to find out more.

Governance & Leadership

• Enterprise Governance – getting everyone on the same page
• Enterprise Resilience – positioning for prosperity in the face of dramatic change
• Compliance with the ASX Corporate Governance Council Principles and Recommendations

Strategy

• Relevance regained – strategic planning for NGOs
• Emerging Risk Analysis – seeing what’s around the corner before it hits

Risk & Assurance

• Fine tuning your Internal Audit function – Internal Audit transformation & quality reviews
• Getting the most out of internal audit sourcing – outsourcing, cosourcing and partnering
• Navigating the GRC maze – understanding GRC solutions and software selection
• Getting what was promised – project assurance and project risk management