Having a good risk management plan (RMP) is something as basic as having a breakfast every day. It helps you steer potential risks before they become actual problems that can cost you time and money. As a part of the RMP, risk review or risk audit serves to inform the fault tree analysis (FTA) about the project’s risk, and provide the grantee with recommendations to strengthen the project. What confuses some is the distinction between risk “audit” and “review.” What are the real differences?
It’s the Matter of Language
The answer is that there are no solid differences. It’s all about different wordings that convey different feelings—some companies use “review” because “audit” sounds more task-instrumental and serious, which may scare folks away (you know tax audit, right?). Review by comparison is something people are expected to do anyway. However, “review” isn’t just a euphemism to deceive project managers. “Review” is believed to convey a sense of collaboration and cooperativeness, so in order to create a collaborative and supportive culture to project managers, employers choose to employ a terminology that better describes their work culture and culture ethics.
J. LeRoy Ward, in a blog post for IIL Blog, tells his story about when he worked for the federal government on some challenged programs regarding Native American lands that were constantly being subjected to audits. He points out that language makes a big difference in doing business, and shaping others’ perception:
Their job was to ferret out “waste, fraud, and abuse” and they did their best to find all three. In all programs on which I was working, they just found “waste,” meaning we didn’t do things as perfectly as they thought they should have been done. While you could argue (in writing), it didn’t do much good. They always had the final opportunity to write their rebuttals. After all, they published the reports.
You can view the original post here: http://blog.iil.com/risk-audit-vs-risk-review/