From Bolt-on to Built-in: Integrating Risk Management

Vincent Tophoff | January 31, 2014 | 1

Good risk management and internal control is good management—not compliance. With the increased volatility in the modern business environment and the financial and economic crises, the effective application of risk management and internal control in organizations has taken on even greater importance. Adequate risk management, including effective internal control, is fundamental to supporting the achievement of an organization’s objectives and creating, enhancing, and protecting stakeholder value.

However, in some cases, the risk management and internal control activities in organizations have deviated from their original purpose: to support those who make decisions and enable them to properly set and achieve their objectives. In addition, organizations are often distracted by typical risk management and internal control compliance requirements with little direct relation to their every day work. Therefore, risk management and internal control have often become objectives in themselves and a whole industry has formed around them.

IFAC’s Risk Management and Internal Control Advisory Group, which is part of IFAC’s Professional Accountants in Business Committee, believes it is time to recognize that risk management and related controls form natural parts of an organization’s activities to set and achieve its objectives. Good risk management and effective internal control, if practiced in an integrated way, are cost efficient and require less effort than dealing with the consequences of a missed opportunity or a threat that has gone out-of-control.

For that reason, the Advisory Group is currently developing guidance that aims to address the perceived complexity of risk management and internal control and bring it back to where it primarily belongs—not as a separate unit but as a strategic, managerial, and operational tool for all those involved (boards, managers, other employees) to set and achieve the organization’s objectives.

We are very interested in the thoughts of professional accountants working with these issues. Would such guidance be useful? What practical advice needs to be included?

Vincent Tophoff

Senior Technical Manager

Vincent Tophoff is senior technical manager with the Professional Accountants in Business (PAIB) Committee of IFAC. Previously, he was a partner at INTE-Q Integration Management, a management accountancy consulting firm in The Netherlands and senior lecturer at the postgraduate accountancy program of the Vrije University in Amsterdam.  See more by Vincent Tophoff

Join the Conversation (1)

To leave a comment below, login or register with


Alpaslan Menevse May 9, 2014

Some my say, shouldn't it be the way of managing risks currently as described above? Unfortunately, not. IFAC took a good step forward by taking the initiative of putting it to the right track.

Thank you for your interest in our publications. These valuable works are the product of substantial time, effort and resources, which you acknowledge by accepting the following terms of use. You may not reproduce, store, transmit in any form or by any means, with the exception of non-commercial use (e.g., professional and personal reference and research work), translate, modify or create derivative works or adaptations based on such publications, or any part thereof, without the prior written permission of IFAC.

Our reproduction and translation policies, as well as our online permission request and inquiry system, are accessible on the Permissions Information web page.

For additional information, please read our website Terms of Use. ALL RIGHTS RESERVED.