Agree with Bruce completely, 'A poorly designed control that is followed' would be like that guy selling fake bomb detector, giving people a false sense of security which is one of the biggest risks of all
Any process in Management that is not followed is like no action. Actions will not succeed on their own. They will need not only continuous followup but also continuous improvement.
Control is also a process. It needs continuous followup. Definitely poorly designed can not match properly designed.
So the statement itself is not very well designed.
I agree with Arie, it depends on whats wrong with the design of the control. If the poor design leads to the risk not being addressed at all then the organization is going to under a false sense of security while adhering to the control activity. That could be worse than understanding that you have a well designed control in place thats not being followed and as a result your risk is not covered.
I deny both - poorly designed control results in devastating the idea of risk control in general; well designed control that is not working highlights fundamental problem of risk control: whole organization is not involved. By the way, well designed control can't be ignored - design is not just tools or nice wallpaper, but implementation and PEOPLE involvement.
I agree with that statement although not ideal. The risk is far greater by ignoring a control than not to follow a control at all. One can always redesign a poorly designed control at a later time and use it in the interim than not follow one at all. If a control is well-designed, why is it then not followed..? ... to me that indicates a lack of good governance if you have a good control in place and then not using it.
The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.
For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!
Comments
Agree with Bruce completely, 'A poorly designed control that is followed' would be like that guy selling fake bomb detector, giving people a false sense of security which is one of the biggest risks of all
Any process in Management that is not followed is like no action. Actions will not succeed on their own. They will need not only continuous followup but also continuous improvement.
Control is also a process. It needs continuous followup. Definitely poorly designed can not match properly designed.
So the statement itself is not very well designed.
Khalid
I agree with Arie, it depends on whats wrong with the design of the control. If the poor design leads to the risk not being addressed at all then the organization is going to under a false sense of security while adhering to the control activity. That could be worse than understanding that you have a well designed control in place thats not being followed and as a result your risk is not covered.
Denying a control effectiveness is one of the mistake to ignore the risk metrics of the organization
It depends.
It depends on the definition of poorly and whether the control mechanisms are principle or rule based
I deny both - poorly designed control results in devastating the idea of risk control in general; well designed control that is not working highlights fundamental problem of risk control: whole organization is not involved. By the way, well designed control can't be ignored - design is not just tools or nice wallpaper, but implementation and PEOPLE involvement.
I agree with that statement although not ideal. The risk is far greater by ignoring a control than not to follow a control at all. One can always redesign a poorly designed control at a later time and use it in the interim than not follow one at all. If a control is well-designed, why is it then not followed..? ... to me that indicates a lack of good governance if you have a good control in place and then not using it.