Risk, security, and internal audit functions are often seen as compliance-focused rather than enabling organizational success. To break out of silos, these functions must understand the organization's objectives and identify risks that could positively or negatively impact success. By focusing on objectives, making intelligent decisions around risks, and working together across functions, risk, security, and audit can increase the likelihood that the organization achieves its goals.

2. In many organizations, risk is seen as a compliance function,
corporate security as something we have to do but reluctantly, and
neither is connected to enabling success. How can leaders of these
functions break out of any silo mentality and help leadership connect
their essential work to the achievement of enterprise objectives? How
can corporate security, risk, and internal audit work together?

3. ▪ Deliver value to stakeholders.
▪ Be successful.
▪ Achieve or exceed our objectives.

4. ▪ Focus on the objectives and strategies of the
organization.
▪ What can happen that might affect success?
✓ Improve results
✓ Inhibit success
▪ That is “risk”.

5. “Enterprise risk management helps an entity get to
where it wants to go and avoid pitfalls and surprises
along the way.”

6. ▪ “A greater likelihood of achieving business
objectives”.
▪ “More informed risk-taking and decision-
making”.

7. The purpose of managing risk is to increase the
likelihood of an organization achieving its objectives by
being in a position to manage threats and adverse
situations and being ready to take advantage of
opportunities that may arise.
National Guidance
on Implementing ISO 31000:2009
From NSAI in Ireland

9. It’s about setting the right objectives.

10. It’s about making intelligent decisions.

11. It’s about taking the right risks.

12. It’s all about achieving or exceeding objectives.

13. ▪ A failure to secure the organization and its assets
can impair performance and success.
▪ It can be a risk.
▪ But the risk should be measured against the effect
on the organization’s objectives.

15. ▪ It’s all about achieving or exceeding objectives.
▪ Understanding what might happen is key.
▪ Acting where necessary is critical.
▪ Security failures are risks to be managed – as they
relate to the achievement of objectives.

17. ▪ Performance management.
▪ Where are we?
▪ What lies ahead?
▪ What do we need to do?

18. ▪ A common goal – help the organization succeed.
▪ Focus on how we can contribute.
▪ Focus on what might happen and what we need
to do.
▪ Work together to act for the corporate good.
▪ Communicate! Communicate! Communicate!

19. ▪ It’s not about ‘me’ or ‘my team’.
▪ It’s not about ‘you’.
▪ It’s about the success of the organization.

21. @normanmarks
nmarks2@yahoo.com
normanmarks.wordpress.com