Book Review: “Auditing the Risk Management Process” by K.H. Spencer Pickett
I started reading this book a couple of days ago and I have not finished reading it. But, a friend asked me to write a short review for his blog and I decided to post it here as well.
1) For someone who has limited experience with the Risk Management process, and auditing Risk Management processes, the book provides a well structured starting point. For those who have experience in Risk Management it serves as a reference to a well structured methodology, with a COSO ERM framework.
2) The book is well written and logically structured with 8 chapters. Each chapter builds on the previous and finally leads to audit best practice recommendations, as well as “Poor Practice Models” to avoid. The author uses case studies throughout the book to make his points.
All the major operational and IT ERM processes are covered (but not the financial ones) and I think the book is excellent for both auditors and those who will have hands on involvement with ERM. Risk Management is in a process of transition, and new rules and regulations are coming down the road. This book can give new or mid level practitioners a good picture of the methodologies and frameworks used in the field today, and likely to be expanded upon in the near future.
Critique: The book is not focused on Financial Risk Management, and does not cover the important domains in that type of RA. Persons interested in understanding Financial Risk Assessment are advised to look at books like “The Essentials of Risk Management,” and to visit the PRMIA website for additional resources.
I recommend the book to all auditors, specially if they expect to be tasked with new Risk Assessment auditing duties in the near future.
The photo above is of an auditor performing a Risk Assessment at one of the top credit Risk Agencies in New York City.