Add to collection(s) Add to saved
  1. Business
  2. Management

Attitudes towards risk

Minnesota Management and Budget Internal Controls Bulletin newsletter banner reflecting the COSO logo
Volume 3, Issue 5 – May 26, 2011
Attitudes towards risk
Highlights



It is important to be realistic about what can go wrong while performing a risk assessment.
Employees may be overly optimistic, rather than skeptical when it comes to assessing risk.
Management can send subtle signals that pointing out problems is not appreciated.
Employees are motivated to be optimistic and “can-do,” rather than skeptical when it comes to performing their duties.
Most people are aware that having a positive outlook reflects well on them, while dwelling on what could go wrong is
generally frowned upon. We all want to appear confident in our work, even if outcomes may, in fact, be in doubt.
Understanding how people perceive and think about risk is helpful when evaluating internal controls. For instance,
optimism from employees can be a great motivator, but there is also a need for a reality-check. Bad things can and do
happen, and a carefully constructed risk assessment should not paint an overly rosy picture but must, instead, identify and
consider all significant things that could go wrong.
It is important to be realistic about all possible risks when performing a risk assessment. Part of the risk assessment
process is brainstorming about what can go wrong. Do not start the discussion by downplaying any legitimate risks. There
needs to be an open atmosphere in order to fully explore all significant business process vulnerabilities.
Managers must be especially aware of the type of atmosphere they are promoting. Management can send subtle signals
that pointing out certain risks or problems is not appreciated. Nobody likes bad news, a fact which might lead a manager
to associate negative sentiments with the messenger, rather than seriously considering the information being provided.
Some managers may not even want to know about the risks in a particular area, in an attempt to avoid responsibility if
things go wrong.
Suggested Action Steps: Think about how agency attitudes about risk influence its internal controls. Here are some
internal control framework examples:

Control Environment – Do employees generally feel that they can come to management if they uncover a
potential weakness or problem?

Risk Assessment – Are certain risks being downplayed or ignored?

Control Activities – Are some controls easily circumvented without anyone raising the alarm?

Information and Communication – Can employees communicate concerns easily, without fear of reprisal?

Monitoring – Is high value placed on knowing both the strengths and the weaknesses of the agency’s internal
control structure?
If you have questions, please contact Brennan Coatney, Internal Control
Specialist at (651) 201-8127 or Brennan.Coatney@state.mn.us.
COSO Pyramid used with permission. Copyright 1992-2009. The Committee of Sponsoring Organizations of the Treadway Commission. All rights
reserved.
a
nt logo
Distributed by Minnesota Management & Budget
658 Cedar Street | Centennial Office Building
St. Paul, Minnesota 55155
Related documents
Sample4
Sample4
Agreement for Student Classroom Participation
Agreement for Student Classroom Participation
Sample5 - Evergreen Park Public Library
Sample5 - Evergreen Park Public Library
KAREN ANN JONES - Evergreen Park Public Library
KAREN ANN JONES - Evergreen Park Public Library
Food Preservation Recordbook Form
Food Preservation Recordbook Form
Panelists and Presenters
Panelists and Presenters
COSO 2013 - Raven Global Training
COSO 2013 - Raven Global Training
Developing Effective Internal Controls Using the COSO Model
Developing Effective Internal Controls Using the COSO Model
Scheduling - Project Management
Scheduling - Project Management
COSO Framework
COSO Framework
The Alchemist - Bibliotheca Alexandrina
The Alchemist - Bibliotheca Alexandrina
revisiting sarbanes-oxley - Thomson Reuters Risk Management
revisiting sarbanes-oxley - Thomson Reuters Risk Management
Download