From Bolt-on to Built-in: Integrating Risk Management

Global Knowledge Gateway

Risk Management & Internal Control

From Bolt-on to Built-in: Integrating Risk Management

by Vincent Tophoff, Senior Technical Manager, IFAC | January 31, 2014 | 1

Good risk management and internal control is good management—not compliance. With the increased volatility in the modern business environment and the financial and economic crises, the effective application of risk management and internal control in organizations has taken on even greater importance. Adequate risk management, including effective internal control, is fundamental to supporting the achievement of an organization’s objectives and creating, enhancing, and protecting stakeholder value.

However, in some cases, the risk management and internal control activities in organizations have deviated from their original purpose: to support those who make decisions and enable them to properly set and achieve their objectives. In addition, organizations are often distracted by typical risk management and internal control compliance requirements with little direct relation to their every day work. Therefore, risk management and internal control have often become objectives in themselves and a whole industry has formed around them.

IFAC’s Risk Management and Internal Control Advisory Group, which is part of IFAC’s Professional Accountants in Business Committee, believes it is time to recognize that risk management and related controls form natural parts of an organization’s activities to set and achieve its objectives. Good risk management and effective internal control, if practiced in an integrated way, are cost efficient and require less effort than dealing with the consequences of a missed opportunity or a threat that has gone out-of-control.

For that reason, the Advisory Group is currently developing guidance that aims to address the perceived complexity of risk management and internal control and bring it back to where it primarily belongs—not as a separate unit but as a strategic, managerial, and operational tool for all those involved (boards, managers, other employees) to set and achieve the organization’s objectives.

We are very interested in the thoughts of professional accountants working with these issues. Would such guidance be useful? What practical advice needs to be included?

Vincent Tophoff is senior technical manager with the Professional Accountants in Business (PAIB) Committee of IFAC. Previously, he was a partner at INTE-Q Integration Management, a management accountancy consulting firm in The Netherlands and senior lecturer at the postgraduate accountancy program of the Vrije University in Amsterdam. 
See more by Vincent Tophoff


Help IFAC improve the Global Knowledge Gateway.
Click to recommend this article.

Join the Conversation

To leave a comment below, login or register with

Alpaslan Menevse
May 9, 2014

Some my say, shouldn't it be the way of managing risks currently as described above? Unfortunately, not. IFAC took a good step forward by taking the initiative of putting it to the right track.


Recent News


Get the latest updates delivered straight to your inbox

Keep Updated
Get the latest updates delivered straight to your inbox.



Suggest a Resource, News Item, Event, or Discussion Topic

Knowledge Section
Why should we include this?