Enterprise Risk Management

Enterprise GRC Systems: Ready When You Are

May 01, 2012

After years of industry consolidation, integrated enterprise governance, risk, and compliance systems are ready for prime time. The systems can produce sophisticated risk analytics, real-time reports, and alerts on control failures. To take advantage of these GRC system features, however, internal processes must be thoroughly understood and cataloged. Details inside.
 

Study: Internal Audit Needs to Expand Its Horizons

March 22, 2011

A sweeping new study from the Institute of Internal Auditors paints quite a picture for the future of internal auditors: a world of younger, better-educated professionals who should focus more on risk and governance—and on their communications skills. Full details inside.
 

Using the New COSO Risk-Management Guidance

February 15, 2011

Last month the Committee of Sponsoring Organizations issued two reports designed to help companies improve their enterprise risk management processes. Inside, Columnist Richard Steinberg culls the reports for valuable nuggets for getting ERM started or for improving an existing program.
 

Directors Still Failing to Bring Risk Oversight Up to Par

February 01, 2011

Two new studies published by COSO indicate that boards still lag when carrying out their risk oversight responsibilities. The reports say directors are too confident in management's ability to manage risk and that risk management processes are still too informal. More survey results inside.
 

Driving Business Performance with Enterprise Risk Management

OpenPages November 02, 2010

The capital markets are rewarding companies that manage risk well. Externally, corporations able to demonstrate lower earnings volatility than their competitors are typically rewarded in the financial markets with a higher valuation.
 

Shareholders, Be Careful What You Wish For

October 19, 2010

There’s no doubt shareholders have made great strides in gaining more information and power. They’ve won more disclosure on a series of points, including the experience and skills of director candidates, what the board does to oversee risk management, the role of compensation consultants, and the structure of board leadership, just to name a few. Yes, shareholders have worked long and hard to obtain relevant information, and to wield greater influence on what happens in the boardroom.
 

Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces

Brainloop October 18, 2010

This white paper by Michael Rasmussen describes the rise in collaboration across the extended enterprise, the risks introduced by current document sharing practices, and how compliance and IT security must work together to mitigate information risk while improving their organizations’ efficiency and competitiveness.
 

Did Mark Hurd Deserve to Be Fired From HP? Yes

September 21, 2010

As Compliance Week readers know, Mark Hurd, the hard-charging chief of Hewlett-Packard—who through acquisitions, layoffs, and cost cutting raised the company’s fortunes—was recently fired. The surrounding circumstances are the stuff of tabloids, including allegations of sexual harassment by a female consultant. We may never know exactly what transpired, and we probably don’t need to. But there are some lessons here worth examining.
 

Risk Oversight Tips for Directors, From Directors

September 15, 2010

With the financial crisis focusing increasing attention on corporate risk oversight in general, the topic is top of mind for boards these days. Those grappling with the board's role in overseeing the company's risk exposure can take some tips gathered from other public company directors.In a report published by The...
 

Common Questions About GRC, and Some Answers

August 24, 2010

Earlier this summer I participated on a panel at the Institute of Internal Auditors international conference, held this year in Atlanta. The subject of the panel was governance, risk, and compliance, covering a range of matters raised by the moderator and enthusiastic participants. Compliance Week readers often have similar issues on their minds, so I’d like to share my responses to some of the questions raised. Since I don’t have notes, I’ll do my best in reconstructing my remarks.
 

Common Questions About GRC, and Some Answers

August 24, 2010

Earlier this summer I participated on a panel at the Institute of Internal Auditors international conference, held this year in Atlanta. The subject of the panel was governance, risk, and compliance, covering a range of matters raised by the moderator and enthusiastic participants. Compliance Week readers often have similar issues on their minds, so I’d like to share my responses to some of the questions raised. Since I don’t have notes, I’ll do my best in reconstructing my remarks.
 

Positioning GRC and ERM

Eide Bailly August 23, 2010

Getting GRC and ERM to work together is challenging for those who have been involved with governance, risk management, and compliance during their entire careers.
 

Enhancing the Quality of Your Risk Data

OpenPages August 23, 2010

Several clients have inquired recently about methods to ensure the quality of risk data. Senior management is sold on the benefits of an integrated risk management program, yet realize that unless risk processes collect high-quality data, an accurate view of the organization’s risk landscape is not possible.
 

Coordinated U.S. and U.K. Anti-Corruption Efforts Mean Greater Risks to U.S. Companies

Fenwick & West August 23, 2010

evidenced by several high-profile prosecutions in the past ninety days, the Department of Justice (DoJ) and the Securities and Exchange Commission (SEC) have redoubled efforts to investigate and prosecute violations of the Foreign Corrupt Practices Act (FCPA or “Act”).
 

As Companies Weigh Growth Strategies, Audit Committees Sharpen Focus on Risks and Controls

KPMG August 23, 2010

To quote just one of the 1,200 directors and business leaders attending our recent 28-city Audit Committee Roundtable Series: “Every company should be taking a step back and thinking hard about where it needs to go, and its strategy for getting there.
 

The Globalization of Enterprise Risk Management

Marsh Risk Consulting August 23, 2010

In the wake of the recent global financial crisis, enterprise risk management (ERM) has become a corporate imperative. Not only are regulators, analysts, and lawmakers worldwide calling for improved corporate risk management practices, but the emergence of ISO 31000—the first international standard for best practices in risk identification, analysis, and risk management—also has ushered in a new era in ERM, particularly for non-financial services organizations.
 

The Globalization of Enterprise Risk Management

Marsh Risk Consulting August 23, 2010

In the wake of the recent global financial crisis, enterprise risk management (ERM) has become a corporate imperative. Not only are regulators, analysts, and lawmakers worldwide calling for improved corporate risk management practices, but the emergence of ISO 31000—the first international standard for best practices in risk identification, analysis, and risk management—also has ushered in a new era in ERM, particularly for non-financial services organizations.
 

As Companies Weigh Growth Strategies, Audit Committees Sharpen Focus on Risks and Controls

KPMG August 17, 2010

To quote just one of the 1,200 directors and business leaders attending our recent 28-city Audit Committee Roundtable Series: “Every company should be taking a step back and thinking hard about where it needs to go, and its strategy for getting there. And every audit committee needs to be asking, what are the risks in our growth strategy, and where are the controls?”
 

Shop Talk: When Compliance and Legal Intersect

August 10, 2010

Any chief compliance officer worth his or her salt knows that the compliance function is supposed to report directly to the CEO or the audit committee—and that idea sounds great in theory. Most corporations, however, are not hurrying to achieve that transition.
 

How Did BP’s Risk Management Lead to Failure?

July 20, 2010

We all know the damage caused so far by the explosion of BP’s Deepwater Horizon offshore oil rig in April: 11 workers killed, economic ruin across the Gulf Coast states, environmental ruin along the Gulf Coast itself. And efforts to stop the continuing undersea oil spill keep falling far short of the solution that’s desperately needed.
 

How Did BP’s Risk Management Lead to Failure?

July 20, 2010

We all know the damage caused so far by the explosion of BP’s Deepwater Horizon offshore oil rig in April: 11 workers killed, economic ruin across the Gulf Coast states, environmental ruin along the Gulf Coast itself. And efforts to stop the continuing undersea oil spill keep falling far short of the solution that’s desperately needed.
 

The Need for Standards in Accounting Control Frameworks

Leech, Guest Columnist Tim July 20, 2010

When the Securities and Exchange Commission first published guidance on how to comply with the infamous Section 404 of the Sarbanes-Oxley Act, which requires companies to assess and disclose the strength of their internal control over financial reporting, the agency pointed to the Committee of Sponsoring Organizations’ 1992-era Internal Control-Integrated Framework as an example of a “suitable” control assessment framework. At the time, the agency did also state that other control frameworks met its suitability criteria, but the strong endorsement of the SEC (and the Public Company Accounting Oversight Board) has resulted in the now-dated COSO framework becoming, for all intents and purposes, the only official control criteria public companies use to assess the effectiveness of their accounting controls.
 

Shop Talk: Compliance Risks in New Data Technologies

July 07, 2010

Forward-thinking companies know that the next generation of data technology—online social media services, cloud computing, shared data storage centers, and the like—can be valuable business tools if used wisely.
 

S&P FAQs on ERM Evaluation at Non-financial Cos.

July 02, 2010

Standard & Poor's Ratings Services has issued a set of frequently asked questions about its ongoing initiative to incorporate an evaluation of enterprise risk management practices into its credit ratings of nonfinancial companies.The company has posted a list of 15 FAQs about the initiative, which has been underway since 2008.The...
 

Learning From the Goldman Sachs Debacle

June 29, 2010

I’m pleased to be participating—for the fifth time—in Compliance Week’s annual conference. Saying that makes me feel a bit like Phil Connors, the weatherman played by Bill Murray in the movie “Groundhog Day,” who had to repeat the same day over and over again, until he finally got it right. In my case, I hope the folks at Compliance Week keep inviting me back, based on their assumption that, while I still haven’t gotten it right, I eventually might!
 

When to Consider Splitting CEO, Chairman Roles

June 22, 2010

The question of whether to combine the roles of board chairman and CEO or to separate them generates robust debate, with visceral feelings and often-strained relationships. Many institutional investors and leading governance experts, and indeed many sitting directors, argue in favor of splitting the jobs; many CEOs holding the chairman title insist their authority and the company itself would be badly damaged should they be forced to wear only one hat.
 

SEC Clawback Suit Pushes Liability Under SOX 304

June 22, 2010

A federal district court judge is letting the Securities and Exchange Commission proceed with a novel lawsuit testing just how far the agency can go to claw back compensation executives receive improperly.
 

Breaking Down the Risk-Assessment Process

June 15, 2010

The Compliance Week 2010 conference provided a series of “conversations” on risk assessment that revealed how far along leading companies have come in implementing that process, and gave some valuable insight into how executives can improve the information that boards of directors need to exercise their risk-management role.
 

From Risk Assessment to Risk Scenario Analysis

June 15, 2010

Today’s volatile markets and sluggish economy have strained companies’ traditional risk-forecasting techniques to the breaking point—and many have just outright broken down, according to a recent Webcast hosted by Deloitte.
 

From Risk Assessment to Risk Scenario Analysis

June 15, 2010

Today’s volatile markets and sluggish economy have strained companies’ traditional risk-forecasting techniques to the breaking point—and many have just outright broken down, according to a recent Webcast hosted by Deloitte.
 

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor