Working with a range of multinational companies over the years, I’ve had the privilege of collaborating with knowledgeable senior executives and directors who “get” risk management. On occasion, however, I’ve encountered extraordinarily self-confident business leaders who spout what they consider truisms about risk management that are simply false.
In one such instance, a board member of a multinational technology company emphatically insisted that because his company was complying with the Sarbanes-Oxley Act’s Section 404 provision on internal control, it was guaranteed to have an effective, broad-based risk-management process. Despite feeling my blood begin to boil, I like to think I maintained a professional posture as I explained how he had been misinformed.
