Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Recent Coverage Of Risk Assessments And ERM

Below is some of the most recent Compliance Week coverage on issues related to enterprise risk management, risk assessments, continuous auditing, the COSO guidance, and more. Don't forget to access risk-related templates in our Resource Exchange. Also, see ERM columns by Richard Steinberg, who was involved in developing COSO's Enterprise Risk Management—Integrated Framework.

Winning the Battle to Get 'Buy-In' on Compliance

April 01, 2014

Getting executives and middle managers to support the goals of compliance can be an uphill battle at many companies, especially where compliance is viewed as an obstacle to getting things done. To change that view, compliance needs to show that the program can add value. "The stronger the safety controls, the more risks you can take," says Anthony Dell, global chief compliance and ethics officer at investment adviser Ares Management.
 

Studies Find Weaknesses in Data Management Programs

March 04, 2014

Big Data may be here, but lots of companies are still struggling to get a handle on garden variety information. Indeed, two separate benchmarking reports released last month revealed that while most companies claim to have information and records management programs in place, many are not up to par. "Organizations are not doing a great job at managing traditional, unstructured information," says Richard Wolf, founder of GRC advisory firm Lexakos.
 

More Companies Disclosing Measures of Realized and Realizable Pay

March 04, 2014

If you're not familiar with the new compensation metrics—realized and realizable pay—you should be; more and more companies are using them to provide investors with what they consider a more realistic picture of what their top executives are really earning. "As long as they're telling the story properly, it's appropriate to show another measure of pay," says David Eaton, vice president of proxy research firm Glass Lewis.
 

Dodd-Frank Act Still a Work in Progress

February 25, 2014

It's been three and a half years since the Dodd-Frank Act was signed into law and still several efforts are underway to change or repeal certain provisions, including the Volcker Rule and rules on conflict minerals disclosure. Though it remains a work in progress, some say it is already working. "We are much less prone to the irresponsible risk taking we saw before," says Barney Frank, former Congressman and an architect of the law.
 

FCPA Focus Will Test the Compliance Function

February 19, 2014

Thanks to an unending series of Foreign Corrupt Practices Act settlements and costly investigations, companies are working to shore up anti-corruption programs. Senior executives and boards have taken notice too and are heaping more pressure on compliance. Inside, columnist Richard Steinberg looks at the increased level of scrutiny and explains why compliance officers might be in for some sleepless nights.
 

Target's Data Breach Could Spur New Privacy Rules

January 14, 2014

Target is still dealing with the fallout from a massive data breach that could have compromised data for as many as 110 million customers, but the failure could have regulatory consequences for all. Sen. Patrick Leahy (D-Vt.) has already re-introduced data privacy legislation, and more could follow. "A comprehensive national strategy to protect data privacy and cyber-security remains one of the most challenging and important issues facing our nation," Leahy said.
 

Playing the Game of Risk in Workplace Education

November 26, 2013

With the advent of online e-learning and a workforce more familiar with video gaming and role playing, research is demonstrating the value of adding a gaming aspect to compliance training. Well-designed games encourage engagement, which is the key to reinforcement. In the latest installment of our GRC Illustrated Series, we look at how companies can use gaming in effective compliance and risk training programs.
 

Extending Anti-Bribery Compliance to Third Parties

October 29, 2013

As companies continue to pursue new customers in emerging markets, they must constantly weigh the benefits of expansion with the corruption and bribery risks that lurk there. During the Compliance Week Europe Conference earlier this month, several compliance executives, including those from Johnson Controls and International Paper, relayed their experiences with assessing and monitoring such risks.
 

Risk Committees Go Mainstream

October 16, 2013

After the financial crisis, most big financial services firms added risk committees to the board to escalate the oversight of risk management. Indeed, the Dodd-Frank Act requires banks with more than $10 billion in assets to have one. Now companies beyond Wall Street are warming up to the idea and moving oversight of compliance from the audit committee to the risk committee. Some are even establishing a dedicated compliance committee. More on the trend inside.
 

New Breed of Online Businesses Face Unique Transaction Risks

September 16, 2013

Empowered by Web 2.0 and built on the foundation of social media, a new wave of Internet startups is taking shape, described as "next generation" businesses. Companies with names like AirBnB, Uber, Lyft, and Square are raising new compliance and regulatory challenges, including money laundering, fraud, and transaction risks. More details inside.
 

Internal Audit Slowly Shifting to Take on Strategic Risks

June 18, 2013

Internal auditors say they are shifting their attention toward strategic risks, but are still bogged down in the basic financial controls and assurance over financial reporting, according to a recent survey. The shift is happening slowly and not without some growing pains. One of the difficulties is that big, emerging risks are more ambiguous. "They're used to those very black and white, bright lines," says Tom Harper, general auditor at Federal Home Loan Bank of Chicago.
 

The Battle to Balance Vigilance and Suspicion

June 04, 2013

Banks must file a suspicious activity report when they see something that could indicate potential money laundering by clients. Yet what qualifies as suspicious activity is often a difficult question. Reporting too much can overwhelm regulatory agencies, but filing too little and a bank can open itself to significant penalties. In the latest installment of our GRC Illustrated Series, we look at how to balance these competing interests.
 

Special Report: Study Finds Big Gaps In Anti-Corruption Compliance Programs

May 29, 2013

Forty-seven percent of global corporations take no steps to train their third parties on anti-corruption efforts, according to a new survey from Compliance Week and Kroll. The report polled 260 compliance executives on bribery and corruption risks and found wide disparities between large and small companies, as well as U.S. versus overseas businesses. A copy of the report, plus full coverage and analysis, is inside.
 

How Compliance and HR Can Get It Together

April 16, 2013

Compliance and human resources have always had a love-hate relationship. Now some companies are finding that getting them aligned can yield large benefits for both functions and improve the organizational culture. That collaboration, while vital, can be hard won, however. Inside, we look at ways to break down the barriers and foster better communication and cooperation between compliance and HR.
 

Internal Audit Continues a Push Into Risk Management

April 02, 2013

The role of internal audit continues to evolve. New requirements from Nasdaq and the Federal Reserve emphasize practices such as analyzing the effectiveness of risk management, monitoring compliance with stated risk tolerances, and other risk-based responsibilities. "Stakeholders are stepping up their expectations of internal auditors," says Richard Chambers, CEO of the Institute of Internal Auditors.
 

Developing an Effective Approach to Third-Party Due Diligence

March 05, 2013

More than 90 percent of reported Foreign Corrupt Practices Act cases involve third parties, such as sales affiliates and resellers, acting on the company's behalf, yet many companies focus their anti-corruption efforts on their own employees. These companies need to focus in on the riskiest business partners doing business in the riskiest nations. Inside, lessons on building an effective third-party due diligence program.
 

Info Governance: Get Data Classification Right First

March 05, 2013

Data classification is one of the most crucial elements of information governance—yet one that many companies fail to implement well. They want to put adequate security controls around the most sensitive data, but they have no process for determining what that data is, or where it resides. In part three of our six-part series on information governance, we look at common mistakes in data classification.
 

Info Governance: Crafting an Effective Data Security Policy

February 12, 2013

In this first installment of a series on information governance, we look at the hallmarks of a good data security policy. How much should it cover? Should it be tailored to specific regions or business units? Who should have a hand in crafting it? We also look at some common pitfalls, including promising too much. Details inside.
 

Top 10 Global Compliance Trends to Watch in 2013

January 02, 2013

Compliance developments outside the United States continue to have a big influence on the increasingly global operations of U.S. companies. Inside, we take a look at the top ten global compliance trends to watch for in 2013, including more U.K. Bribery Act litigation, deferred prosecutions in Britain, increased global IT attacks, renewed shareholder activism in Europe, and much more.
 

Battling Escalating Risks With Emerging Technology

November 27, 2012

Adapting to the increasing speed and complexity of risk was a common theme throughout the Compliance Week West conference earlier this month in Palo Alto, Calif. While evolving technology was touted as part of the solution, compliance officers also warned about its potential to create new problems. Follow the discussion inside.
 

Internal Audit Departments Preparing for Rapid Change in 2013

November 20, 2012

Chief audit executives are developing their 2013 audit strategy, and the plans are shaping up to look very different than they did in 2012, say audit advisers. Companies expect to devote more resources to internal audit next year, given the larger mandate to focus on areas like data security. "Internal audit is being asked to play a more active role in that space," says Jason Pett, internal audit services leader for PwC.
 

Disclosure Questions Arise After a Cyber-Attack

November 13, 2012

When hit with a cyber-attack, many companies choose to remain tight-lipped on the incident, despite guidance from the SEC that requires disclosure of cyber-security risks and attacks that result in material losses. "Companies may find that the risk of actual disclosure is much higher than the penalties for not disclosing," says Josh Walderbach, senior network security and compliance analyst at data security company LogRhythm.
 

Effective Policy Enforcement Involves Technology

October 30, 2012

Document-centric approaches to policies—that lack technology to manage communication and enforcement—are a recipe for disaster, and could actually cost companies more, since they expose them to ineffective policy management. In the latest installment of our GRC Illustrated series, we look at how IT systems can be put to work for policy management, so the compliance team can, you know, actually enforce things.
 

Managing Compliance Risks in the Supply Chain

October 23, 2012

Lapses in ethics and compliance by major suppliers or contract manufacturers not only cause embarrassment and anger consumers, as companies like Apple and Samsung can attest; they also create exposure to potential violations of anti-bribery and corruption laws. Increasingly, companies are improving processes and systems to manage risk in the supply chain. How? More details inside.
 

Sharpening Third-Party Risk Mitigation

October 16, 2012

Never has third-party risk management been as high a priority as it is in today's stringent anti-corruption enforcement environment. Yet many companies still have not refined the processes used to mitigate third-party risks. The first step is to establish a credible and defensible risk model. More details inside.
 

Identifying Compliance Risks and Trends

October 10, 2012

Analyzing data for emerging risks, trends, and remediation is no easy task. First, companies must know what data they have and where it is, and then how to turn it into useful knowledge. To help get the job done, companies are increasingly turning to governance, risk, and compliance systems that give them more visibility into risks and provide reporting to the units that manage those risks. Details inside.
 

Tyco in Hot Water Once Again After FCPA Settlement

October 02, 2012

Tyco's $27 million settlement on FCPA charges last week could be a bit dispiriting to compliance officers; after all of that company's prior troubles and attempts to improve, it's in trouble again? Take heart in the silver lining that Tyco's vigorous efforts at self-disclosure and cooperation do seem to have led to much less punishment than what could have been meted out. Our full look at the case is inside.
 

Elements of Effective Compliance

September 25, 2012

There's no shortage of guidance from regulators around the world on what a good compliance program should entail. Directives, such as the U.S. Sentencing Guidelines, are becoming more common and can pull companies in different directions. Understanding and effectively applying their shared concepts can help compliance officers meet, or even exceed, the expectations set by government entities across the globe.
 

Anti-Bribery Enforcement on the Rise

September 18, 2012

Tougher enforcement of anti-bribery laws around the world has resulted in more companies facing prosecutions, according to a new report. Globally, there were 144 new open cases related to bribery of foreign officials in 2011. "They're still not enforcing enough, but there is progress," says Gillian Dell, program manager of global outreach at corruption watchdog Transparency International, which conducted the study.
 

AML Compliance Back in the Spotlight

July 31, 2012

One explosive report about drug cartels funneling money through U.S. banks, plus one compliance officer announcing his resignation during a U.S. Senate committee hearing, and presto—anti-money laundering efforts, and the lack thereof, are back in the news. How to take a fresh look at the problem? Which firms must operate what sorts of programs? Details inside.
 

The Evolving Role of Internal Audit

July 24, 2012

Thousands of internal auditors convened in Boston earlier this month, and came away with one basic conclusion: The profession needs to expand its skills and expertise to prosper in today's data-soaked world. "We have a great challenge to push executive management and the board to respond to those changes," said Mark Carawan, chief audit executive for Citigroup. More on the state of internal audit is inside.
 

New COSO Guidance on Managing Risks From Cloud Computing

July 10, 2012

Companies looking for more help on the risks that result from cloud computing got some much needed help when the Committee of Sponsoring Organizations issued new guidance on the topic last month. The paper advises companies on how to conduct a detailed assessment of the internal and external risks long before making any decisions to move data to the cloud. Details inside.
 

FASB Calls for New Liquidity, Interest Rate Risk Disclosures

July 10, 2012

The Financial Accounting Standards Board has proposed a new standard that will require companies to present additional tables in the footnotes to explain liquidity risks, and banks to disclose their risks from potential fluctuations in interest rates. "The tables are trying to achieve a one-stop-shop view of an entity's obligations," says Chris Smith, a partner with audit firm BDO USA.
 

Companies Struggle to Manage Third-Party Corruption Risk

June 19, 2012

Compliance departments are increasingly uneasy about their exposure to bribery risks, and many say they are still not up to snuff when it comes to eliminating facilitation payments and policing third parties. "In general, companies are still incredibly uncomfortable about the process of managing third parties," says Bill Pollard, a partner in Deloitte's Foreign Corrupt Practices Act consulting practice.
 

The Metrics System: Measuring Compliance Effectiveness

June 12, 2012

Compliance officers are under increasing pressure to demonstrate to senior officers, their boards, and regulators that the compliance function works. That means finding ways to measure compliance program effectiveness. At the Compliance Week 2012 conference, compliance executives shared their approaches to capturing and reporting compliance metrics. Details inside.
 

Risk-Management Failures Highlight the Need for More Scrutiny

June 05, 2012

As recent problems at Walmart and JPMorgan indicate, companies still have more work to do on refining risk-management systems. A new survey from research firm Lexakos finds that companies are expanding risk-management committees to include more functions. Yet nearly half of those surveyed say they don't have a dedicated chief risk officer, and 43 percent say it's not a budget priority. More survey results inside.
 

Best Buy Debacle Offers Lessons in Crisis Management

May 30, 2012

When allegations arise against a CEO of an inappropriate relationship or other misdeeds, the compliance officer is often forced into a difficult balancing act. The CCO, in assisting the board, must weigh the need for quick action with the need for a thorough and fair investigation. Best Buy recently faced such a situation, and how the company responded may serve as a model for good crisis management. Details inside.
 

Electronic Information Deluge Putting a Strain on Records Management

May 22, 2012

Despite increased resources and good intentions, companies are still fumbling when it comes to executing a comprehensive information management program that balances the unique needs of physical and electronic documents. A recent survey from Iron Mountain found that nearly three-quarters of respondents said they lacked a cohesive, multi-year strategy for records and information management. More survey results inside.
 

Maintaining an Effective Compliance Program

May 22, 2012

Building out a first-rate compliance program is no easy task, but it's still only the start of the process. Maintaining its effectiveness by keeping up with rapidly changing regulations, assessing compliance gaps and filling them, and mitigating ongoing compliance risks are all necessary to ensuring that a compliance program stays on track. Details inside.
 

JPMorgan Loss Illustrates Difficulties of Adopting the Volcker Rule

May 22, 2012

JPMorgan Chase's $3 billion loss on derivatives trades has reignited a debate over what the final version of the Volcker Rule should include. A problem flagged by the bank's debacle is that there is no clear-cut answer to whether its actions would have violated the rule in its current form. "The fact is that proprietary trades and hedges look very much alike," says Peter Wallison, former general counsel of the Treasury Department.
 

Integrating Risk Appetite and Risk Management

May 15, 2012

Three years after the financial crisis, it's clear that companies still struggle with how to manage risk in the organization; just ask JPMorgan. Part of the difficulty: Getting a handle on risk across the organization is a complex undertaking which requires a careful balancing act. Integrating a formal statement of risk appetite with the risk-management program is an important step. Details inside.
 

Recipe for Anti-Corruption Successes: Due Diligence, Diverse Messaging

May 08, 2012

Much goes into doing anti-corruption properly, but there are four broad categories that top companies focus on: assessing corruption risks, devising controls against them, implementing those controls and procedures with the local workforce, and then following up with constant monitoring. Inside, more lessons for building an effective anti-corruption program.
 

Enterprise GRC Systems: Ready When You Are

May 01, 2012

After years of industry consolidation, integrated enterprise governance, risk, and compliance systems are ready for prime time. The systems can produce sophisticated risk analytics, real-time reports, and alerts on control failures. To take advantage of these GRC system features, however, internal processes must be thoroughly understood and cataloged. Details inside.
 

Finding FCPA Violations in Employee Expense Reports

May 01, 2012

Travel and entertainment expenses have long been a haven for abuse, but since the dollar amounts are often insubstantial, companies don't always pay close attention to them. Companies are now finding, though, that they can be a conduit for bribes. "If T&E goes unchecked, it can make a company susceptible to allegations of corruption," says Andrew Levi, head of the Miami office at investigation firm Nardello & Co. How to root out fraud? More inside.
 

International Compliance Programs: Think Globally, Act Locally

April 24, 2012

Squaring the need for a single global ethics and compliance program with the diverse range of cultures around the world has never been easy. Monitoring and reporting tools help, but there's no substitute for in-person visits. "All too often compliance teams make themselves unapproachable. You have to avoid that at all costs," says Greg Triguba, principal at Compliance Integrity Solutions.
 

Remaking Internal Audit to Focus More on Strategic Risks

April 10, 2012

Once upon a time, internal audit departments were busy enough with reviewing financial statements and Sarbanes-Oxley compliance. But as company risks have exploded in recent years, the modern audit department has had to reconfigure its skills and priorities to match. The emerging result: audit departments pressured to understand what drives the business and to build deeper relationships with top managers. More inside.
 

Risk Study Outlines Strategic Shift

April 03, 2012

A new study of corporate risk-management efforts has spotlighted a burgeoning effort to shift toward a more strategic, board-level, "are we prepared to recover?" approach that might help companies withstand today's risk environment. "Risks are more interconnected, and the ramifications of risk are happening at a faster pace than they ever have in the past," says Ken Coy, U.S. leader for PwC's governance, risk, and compliance practice.
 

Many Struggling With Risk Disclosures

April 03, 2012

Two years after the Securities and Exchange Commission enacted new proxy disclosure rules requiring companies to reveal more about how their boards oversee risk, many companies are still struggling with how to communicate aspects of their risk-management programs effectively. According to a recent study, disclosures are too basic and lack details on the company's approach to risk.
 

A Holistic Approach to Diagnosing Corruption

March 06, 2012

Companies with the most sophisticated anti-corruption capabilities do more than resolve the issue and identify its direct cause; they also periodically examine their entire portfolio of corruption issues to better understand how those issues all interact. Inside, the latest installment of our GRC Illustrated series offers insights on the challenges of corruption issue management.
 

Rethinking Supply Chain Risk Management Strategies

February 22, 2012

Companies such as Cisco Systems are working to get more visibility into, and control over, supply chain disruption risks. The strategy: invest heavily in analytics and build risk management into the design and planning phase of that. Other businesses, alas, still lag. "Overall, most companies don't have a strategy for managing supply chain risks," says Jerry O'Dwyer, a principal at Deloitte.
 
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.





Top Global GRC Risks
Sponsored by NAVEX Global


Thought Leadership

Data: The Tail That Wags the Stress Test
Sponsored by Trillium Software


Conflict Minerals Webcast Series
Sponsored by 3e Co., iPoint, Schulte Roth & Zabel and Source Intelligence


Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.