Board Risk and Certainty Management Oversight

Better Board Oversight: A guide to where boards of directors can look for useful insight, Tim J. Leech, Ethical Boardroom, Winter 2020
Synopsis: Board risk oversight expectations continue to escalate. In a global world, where directors have limited time for professional development, where can/should directors look for practical information, advice and guidance?

Board Oversight of Strategy and Risk, Tim J. Leech, Ethical Boardroom, Autumn 2019
Synopsis: Directors need better information to meet rapidly escalating expectations. This article provides a summary of escalating expectations and how to respond.

Board Oversight of Long Term Value Creation and Preservation: What Needs to Change? Tim J. Leech, Conference Board Director Notes, July 2017
Synopsis: Institutional investors are calling on CEOs to focus on long term value creation and strategy, including risks that create uncertainty. This article proposes practical steps boards can take.

Building Businesses for the Long Term: Focusing ERM and Internal Audit on What Really Matters – Long term value creation and preservation, Tim J. Leech, Ethical Boardroom, Spring 2017
Synopsis: Investors, particularly institutional investors, representing in excess of a billion future pensioners, are flexing their muscles and calling on companies around the globe to significantly change their approach to value creation. This article provides specific strategies to meet these expectations.

The Next Frontier for Boards: Oversight of Risk Culture, Parveen Gupta and Tim Leech, Conference Board Director Notes, June 2015
Synopsis: Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success.1 This article provides a primer on the next frontier for boards: oversight of “risk culture.”

Overseeing Risk Appetite and Tolerance: Roadblocks that Need to Be Overcome, Parveen Gupta and Tim Leech, Ethical Boardroom, Winter 2014
Synopsis: In the aftermath of the 2008 global financial crisis post mortems were convened in countries around the world to identify what went wrong. A unanimous conclusion was that boards of directors of public companies in general, and financial institutions in particular, need to do more to oversee ‘management’s risk appetite and tolerance’ if future crises are to be avoided.

What Knowledge and Skills Do Directors Need? Today’s board risk oversight require new tools and ideas, Parveen Gupta and Tim Leech, Ethical Boardroom, Summer 2015
Synopsis: This article provides an overview of the risk oversight knowledge and skills required to equip directors to better drive value creation, prevent significant corporate value erosion and, perhaps most importantly, help directors protect their personal reputations as guardians of stakeholder interests.

Control and Risk Self-Assessment: The Dawn of a New Era in Corporate Governance Tim J. Leech, Multiple publication journals 1990
Synopsis: this is an article Tim Leech authored in 1990 that received global recognition and acclaim. It was published in multiple professional journals and used in hundreds of workshops presented to tens of thousands interested internal auditors. An opening paragraph reads: In this article I set out my reasons for concluding that boards of directors, officers, managers, and auditors that use the "historical/traditional approach" to control and risk management should be dissatisfied and actively searching for a more effective replacement. The author hasn't changed his mind 30 years later.

Are we using weak first line risk governance? The single most important question CEOs and boards should be asking internal
auditors and risk officers
Synopsis: In 2003 the IIA produced guidance titled "THREE LINES OF DEFENSE MODEL". It tried to define roles for management, second line functions including risk management and internal audit. Regulators embraced it and encouraged even legislated companies, particularly financial sector companies use it. Three Lines of Defense is a weak first line model that does not expect management to assess and report on the state of risk linked to top objectives. In 2020 the IIA released updated guidance "IIA THREE LINES MODEL". The word "defense" is gone and emphasis is on achieving objectives. This article targeted at CEOs and board members analyses these developments and proposes that the way forward is strong 1st line objective centric risk management.

Free Downloads

Risk & Certainty Management Implementation Resources

CertaintyStatusline – the foundation building block of Risk & Certainty Management

CertaintyStatusline Risk Treatment Principles and Elements

Objective Centric ERM and Internal Audit Five Step Overview

Sample Risk & Certainty Management Corporate Policy Including Role Definitions

COSO ERM 2017 Principles and ROS Objective Centric Risk Management Enablers

Culture Diagnostic Tool and Implementation Method Guide

Objective Centric Risk Management Software Concepts/Specifications



Article: Reinventing Internal Audit: Recent governance-related developments require the profession to revisit some of its long-held paradigms, Tim J. Leech, Internal Auditor, April 2015

Case Study: Objective Centric Risk & Certainty Management: A Case Study – SVG Capital, 2012-2016, Tim J. Leech, London U.K.

Presentation: Reinventing Internal Audit & ERM: It’s time for revolutionary not incremental change, Tim J. Leech, training presentation to IIA Miami, Jan 2017

Presentation: Paradigm Paralysis in ERM and Internal Audit: A Big Risk To Better Governance, Conference Board of Canada presentation, Tim J. Leech December 2016

Presentation: Honorably Retire “Controls” Promote “Risk Treatments: It’s Time, Tim J. Leech, IIA GRC Conference, August 2012

Presentation: Three Lines of Defense vs Five Lines of Assurance: Elevating the Role of the Board and CEO in Risk Governance, Lauren Hanlon and Tim Leech, Infonex GRC Conference, Toronto, June 2016

ROS Primer: 10 Primary Assurance Methods: Objective Centric, Risk Centric, Process Centric, Control Centric and Compliance Centric, Updated 2019

Tim Leech/Risk Oversight Solutions response to the March 2021 UK request for comments "Restoring Trust in Audit and Corporate Governance"