To achieve value, it’s critical to:
First: Perform an entity wide risk assessment that includes leadership from all critical business units.
Second: Develop or update entity wide policies and controls to mitigate the risks identified.
Third: Develop detailed procedures to ensure controls continue to function as intended and expected.
Fourth: Educate all employees with regards to entity wide policies and provide detailed procedural training.
Last and certainly NOT least: Empower your employees to report new risks, control failures and opportunities for control enhancement and process improvement.
BETTER, FASTER, CHEAPER….
