IF you are given the task to head a department consist of audit and risk management, without any experience or training, would you do it?
Some may say no, some may say yes. Depends on one determination and of course, willingness to learn new things, be challenged.
You may think risk management, as well as audit are one of the same. Unfortunately, there is a thin line or rather a very big gap between them. You could say that they complement each other but is not on top of each other. Many has certainly strong arguement on this but let us see whether we can simplify this into chunks or tit bit everyone could appreciate and understand.
Audit - we all know what that means eh.. checking on things whether it is done according to a preset procedures, processes or policies.
Risk management - managing what you foresee would happen and will happen depending on past history of your company or someone elses.
People tend to forget, when risk materialised, it is NOT a risk anymore but an incident, an issue or shall we say, a disaster. So when that happens, audit would be the best person to analyse and of course find out for you what went wrong and how to improve it. And since audit can't just wait for that to happen in order to do their job, they would preplan for the year and check for you, just in case there is symptoms for these bad things happening.
In the meantime, risk management would continue to monitor, discover or uncover the unknown for the company.
So its all about understanding the two misunderstood roles. As Sherlock Holmes would always say to his side kick, its elementery Watson, Elementery.
No comments:
Post a Comment