Free Downloads

Objective Centric Risk & Certainty Management (#OCRUM) Imperatives.

Risk & Uncertainty Management Implementation Resources

First generation training on Control & Risk Self Assessment: CARD (Collaborative Assurance & Risk Design) Advanced workbook 2004

UncertaintyStatusline – the foundation building block of Objective Centric Risk & Uncertainty Management

UncertaintyStatusline MS Word assessment template

UncertaintyStatusline Owner/Sponsor Guide

UncertaintyStatusline Risk Treatment Principles and Elements

Objective Centric ERM and Internal Audit Five Step Overview

Sample Risk & Uncertainty Management Corporate Policy Including Role Definitions

COSO ERM 2017 Principles and ROS Objective Centric Risk Management Enablers

Culture Diagnostic Tool and Implementation Method Guide

Objective Centric Risk Management Software Concepts/Specifications

Tim Leech Linked In posts 2021 - A primer on business case for Strategy/Objective Centric ERM/Internal Audit

Tim Leech Linked In posts 2022 - A primer on business case for Strategy/Objective Centric ERM/Internal Audit

Linkages between FSB Principles for Effective Risk Appetite Frameworks and ORCM Enablers

10 Main Assurance Methods, Including Best and Next Best

Inventory Assurance Methods Tool

10 Primary Assurance Methods Visual

Using objective centric risk assessment for SOX 404 and similar ICFR requirements

Legal implications of effective risk/uncertainty management

Tim Leech's top 25 Linkedin posts in 2023


Board Risk and Uncertainty Management Oversight

Preventing the next wave of unreliable financial reporting: Why US Congress should amend Section 404 of the Sarbanes – Oxley Act Tim J. Leech, Lauren Hanlon, International Journal of Disclosure and Governance 2011
Synopsis: Over the past 40 years the world has suffered successive waves of major governance breakdowns. Each time regulators made an attempt to fix the system. Those attempts continue to fail. Ensuring Boards are aware of the true state of risk/uncertainty key objectives will be achieved is the way forward. Legacy assurance systems aren't up to the task.

Accounting Control Assessment Standards: The Missing Piece in the Restatement Puzzle

On Being a Member of the Accounting & Auditing “PROFESSION"
Tim J. Leech FCA/FCPA, ICAO journal and others 2009

"Why the World Needs The International Accounting Control Standards Board (IACSB)" Tim Leech ACCA IA Bulletin 2010

COSO: Is "it" fit for purpose?

"ROS response to COSO 2016 ERM exposure draft" Sept 2016

COSO 1992 Control Framework and Management Reporting on Internal Control: Survey and Analysis of Implementation Practices, Prof. Parveen Gupta IMA 2006"

Better Board Oversight: A guide to where boards of directors can look for useful insight, Tim J. Leech, Ethical Boardroom, Winter 2020
Synopsis: Board risk oversight expectations continue to escalate. In a global world, where directors have limited time for professional development, where can/should directors look for practical information, advice and guidance?

Board Oversight of Strategy and Risk, Tim J. Leech, Ethical Boardroom, Autumn 2019
Synopsis: Directors need better information to meet rapidly escalating expectations. This article provides a summary of escalating expectations and how to respond.

Board Oversight of Long Term Value Creation and Preservation: What Needs to Change? Tim J. Leech, Conference Board Director Notes, July 2017
Synopsis: Institutional investors are calling on CEOs to focus on long term value creation and strategy, including risks that create uncertainty. This article proposes practical steps boards can take.

Building Businesses for the Long Term: Focusing ERM and Internal Audit on What Really Matters – Long term value creation and preservation, Tim J. Leech, Ethical Boardroom, Spring 2017
Synopsis: Investors, particularly institutional investors, representing in excess of a billion future pensioners, are flexing their muscles and calling on companies around the globe to significantly change their approach to value creation. This article provides specific strategies to meet these expectations.

The Next Frontier for Boards: Oversight of Risk Culture, Parveen Gupta and Tim Leech, Conference Board Director Notes, June 2015
Synopsis: Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success.1 This article provides a primer on the next frontier for boards: oversight of “risk culture.”

Overseeing Risk Appetite and Tolerance: Roadblocks that Need to Be Overcome, Parveen Gupta and Tim Leech, Ethical Boardroom, Winter 2014
Synopsis: In the aftermath of the 2008 global financial crisis post mortems were convened in countries around the world to identify what went wrong. A unanimous conclusion was that boards of directors of public companies in general, and financial institutions in particular, need to do more to oversee ‘management’s risk appetite and tolerance’ if future crises are to be avoided.

What Knowledge and Skills Do Directors Need? Today’s board risk oversight require new tools and ideas, Parveen Gupta and Tim Leech, Ethical Boardroom, Summer 2015
Synopsis: This article provides an overview of the risk oversight knowledge and skills required to equip directors to better drive value creation, prevent significant corporate value erosion and, perhaps most importantly, help directors protect their personal reputations as guardians of stakeholder interests.

Control and Risk Self-Assessment: The Dawn of a New Era in Corporate Governance Tim J. Leech, Multiple publication journals 1990
Synopsis: this is an article Tim Leech authored in 1990 that received global recognition and acclaim. It was published in multiple professional journals and used in hundreds of workshops presented to tens of thousands interested internal auditors. An opening paragraph reads: In this article I set out my reasons for concluding that boards of directors, officers, managers, and auditors that use the "historical/traditional approach" to control and risk management should be dissatisfied and actively searching for a more effective replacement. The author hasn't changed his mind 30 years later.

Are we using weak first line risk governance? The single most important question CEOs and boards should be asking internal
auditors and risk officers
Synopsis: In 2003 the IIA produced guidance titled "THREE LINES OF DEFENSE MODEL". It tried to define roles for management, second line functions including risk management and internal audit. Regulators embraced it and encouraged even legislated companies, particularly financial sector companies use it. Three Lines of Defense is a weak first line model that does not expect management to assess and report on the state of risk linked to top objectives. In 2020 the IIA released updated guidance "IIA THREE LINES MODEL". The word "defense" is gone and emphasis is on achieving objectives. This article targeted at CEOs and board members analyses these developments and proposes that the way forward is strong 1st line objective centric risk management.

The High Cost of Herd Mentality
Synopsis: This article appeared in the London School of Economics Centre for Risk & Regulation Winter 2012 issue - Tim Leech analyses the current approaches used by regulators to prevent the next wave of corporate malfeasance. He suggests that more than a few approaches to regulatory reforms suffer from what he calls “herd mentality” and a lack of serious research to determine if the benefits to stakeholders are worth the massive costs imposed on public companies.

Clarity on Board Tim J. Leech Ethical Boardroom Fall 2021
Synopsis: Most Boards do not disclose with much clarity what their PURPOSE is. This article calls on Boards to clarify Board PURPOSE. Clarifying Board PURPOSE immediately leads to greater clarity on the PURPOSE of Internal Audit and Risk Management functions that serve Boards.

U.S. Board Practices Under the Spotlight in the U.S. Tim J. Leech Ethical Boardroom Spring 2022
Synopsis: The National Association of Corporate Directors has convened a commission with a mandate to study the question "Are Board practices outdated". In this article Leech says the answer is a strong YES and provides his prescription re what needs to change.



Objective Centric Risk & Uncertainty Management: Core concepts and business case

Honorably retire "internal controls" and promote "risk treatments" it's time. IIA All Star Conference Oct 2013

Article: Reinventing Internal Audit: Recent governance-related developments require the profession to revisit some of its long-held paradigms, Tim J. Leech, Internal Auditor, April 2015

Case Study: Objective Centric Risk & Uncertainty Management: A Case Study – SVG Capital, 2012-2016, Tim J. Leech, London U.K.

Presentation: Reinventing Internal Audit & ERM: It’s time for revolutionary not incremental change, Tim J. Leech, training presentation to IIA Miami, Jan 2017

Presentation: Paradigm Paralysis in ERM and Internal Audit: A Big Risk To Better Governance, Conference Board of Canada presentation, Tim J. Leech December 2016

Presentation: Honorably Retire “Controls” Promote “Risk Treatments: It’s Time, Tim J. Leech, IIA GRC Conference, August 2012

Presentation: Three Lines of Defense vs Five Lines of Assurance: Elevating the Role of the Board and CEO in Risk Governance, Lauren Hanlon and Tim Leech, Infonex GRC Conference, Toronto, June 2016

ROS Primer: 10 Primary Assurance Methods: Objective Centric, Risk Centric, Process Centric, Control Centric and Compliance Centric, Updated 2019

Tim Leech/Risk Oversight Solutions response to the March 2021 UK request for comments "Restoring Trust in Audit and Corporate Governance"

Presentation: In Search of Utopia: What should an audit committee want from internal audit?, Training workshop presented to audit committee members of Alberta Crown Corporations by Tim Leech, March 2006

Presentation: IN SEARCH OF UTOPIA: What Should An Audit Committee Want from Internal Audit? 2006

Regulatory revolution risks civil war

Tim J Leech Algo Research Quarterly Summer 2002

Synopsis: In the summer of 2002 my company, CARDdecisions was going to be acquired by one of the top quantitative risk management firms in the world at that time - Algorithmics founded by Ron Dembo, author of one of the top risk management books written, SEEING TOMORROW. This article overviews the "civil war" between two factions - those that favour and promote highly quantitative risk management methods, largely driven by specialists with advanced statistics/math backgrounds and simpler, more qualitative methods to identify and assess risks. Many things have changed since then, but the civil war between the "quants" and the "quals" continues. In the end Algorithmic's new investors told the CEO to stick to their focus on quant methods/services and not acquire CARDdecisions, a company that focused on promoting strong 1st line risk management supported by risk management and internal audit.

The case for strong first line risk governance

Parveen Gupta, Tim Leech Strategic Finance July 2023

Synopsis: The majority of the world uses weak first line risk governance where management, the people responsible for achieving objectives and managing risk are not trained or expected to assess and report on risk status linked to MISSION CRITICAL OBJECTIVES. This article explores the problem and recommends THE WAY FORWARD.