This new paper from the International Federation of Accountants (IFAC) is written from an accountant’s perspective, exploring how accountants as a profession can become more informed and engaged in their organization’s wider risk management culture.
“Enterprise risk management (ERM) needs to be part of the professional accountant mindset and makeup. This report explores the contribution of professional accountants to effective ERM in their roles as chief financial officers (CFO) and within finance functions. To add value, accountants must be seen as risk experts who are outward-looking and provide valuable insights to help organizations manage risk, respond to uncertainty, and achieve their objectives.
As businesses face rapid change and increasing uncertainty, the report identifies three ways in which CFOs and finance functions can enhance their contribution to ERM:
- Align risk management with value creation and preservation;
- Drive insights and enable decisions through provision of risk modeling and analytics, data governance and identification of organizational risk appetite; and
- Enable integration and interconnectivity by breaking down siloes across the organization to share information.”
From the Information Technology and Information Security professional viewpoint, this is a useful tool to help:
- Educate our colleagues in the wider business about the need for effective risk management
- Understand how our colleagues in other professions are approaching risk management and their participation in the management of risk
- Learn more about the efforts other professions are making to champion effective risk management in the wider business space
You can also find an introduction to the UK NCSC’s risk management guidance for cybersecurity here.
The New Zealand equivalent is here.
And finally, the NIST paper on Risk Management and the Cybersecurity of the U.S. Government is here.