I always struggle when I review enterprise risk management (ERM) information that seems to stop at the risk assessment activity. Isn’t it time we stop just merely assessing risk and start addressing risk?
The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.