I recently read the following article title.
“Focus on Blockchain’s
Risks Before the Rewards”
I didn’t read the article, so I cannot tell you if it was
the most brilliant piece of writing since Charles Dickens or merely comparable
to the mindless tweets of uninformed liars. But that title, in a nutshell, is
the problem with many internal auditors.
Because of the work we do, we spend a lot of time focusing
on risks — identifying and reducing those risks. Unfortunately, the result is
that our worldview becomes skewed toward risk aversion.
Not that there’s anything wrong with risk aversion. Applied
judiciously, it is a key to an organization’s success. Unfortunately, many
internal auditors seem to think “judiciously” means every possible situation, losing
sight of the fact that accepting risk (sometimes what seems to be uncomfortably
large risk) is necessary for the organization’s success.
To place the identification of risks before rewards is effectively
starting out with the premise, “This will not work because…” And approaching any
project with such a negative attitude is not conducive to success.
Risks should not be considered before rewards. However, neither
should rewards be considered without an understanding of the risks. Ultimately,
the two should never be separated. They must work together for an organization
to achieve success. And internal auditors must recognize the symbiotic
relationship, ensuring the department’s work considers both risks and rewards in