ERM

Maintaining an Effective Compliance Program

May 22, 2012

Building out a first-rate compliance program is no easy task, but it's still only the start of the process. Maintaining its effectiveness by keeping up with rapidly changing regulations, assessing compliance gaps and filling them, and mitigating ongoing compliance risks are all necessary to ensuring that a compliance program stays on track. Details inside.
 

Integrating Risk Appetite and Risk Management

May 15, 2012

Three years after the financial crisis, it's clear that companies still struggle with how to manage risk in the organization; just ask JPMorgan. Part of the difficulty: Getting a handle on risk across the organization is a complex undertaking which requires a careful balancing act. Integrating a formal statement of risk appetite with the risk-management program is an important step. Details inside.
 

Enterprise GRC Systems: Ready When You Are

May 01, 2012

After years of industry consolidation, integrated enterprise governance, risk, and compliance systems are ready for prime time. The systems can produce sophisticated risk analytics, real-time reports, and alerts on control failures. To take advantage of these GRC system features, however, internal processes must be thoroughly understood and cataloged. Details inside.
 

E&Y Draws Link from Risk Practices to Performance

March 07, 2012

It pays to pay attention to risk. A recent study found that companies with solid risk practices produce better revenue and earnings. The study, conducted by Ernst & Young, found that companies with the most mature risk practices generated up to three times better financial performance.
 

Rethinking Supply Chain Risk Management Strategies

February 22, 2012

Companies such as Cisco Systems are working to get more visibility into, and control over, supply chain disruption risks. The strategy: invest heavily in analytics and build risk management into the design and planning phase of that. Other businesses, alas, still lag. "Overall, most companies don't have a strategy for managing supply chain risks," says Jerry O'Dwyer, a principal at Deloitte.
 

COSO Offers Insights on Setting Risk Appetite

January 26, 2012

The Committee of Sponsoring Organizations has developed guidance to help companies identify and define their risk appetites, including tips on developing a risk appetite statement and questions for management and the board to consider while working to define appropriate levels of risk. Details inside.
 

COSO Framework Update Strives for Incremental Change

January 03, 2012

The Committee of Sponsoring Organizations' proposal to modernize its landmark framework to govern internal controls is finally here—and is being praised as much for what it doesn't change as for what it does. "I don't see companies that have already used COSO having to change anything very much," says Norman Marks, vice president at SAP. A look at the tech-centric, globalized overhaul is inside.
 

Boards Continue to Struggle With Oversight of Risk Management

September 27, 2011

A new report suggests that boards haven't done all they would like to tackle risk-management issues. More than half of those surveyed say they don't spend enough time on them, and about the same amount say their companies still don't have a chief risk officer. Meanwhile, more than 60 percent say that personal liability risks for directors are increasing. More survey results inside.
 

Getting a Grip on 'People Risk'

September 07, 2011

A new report from the Conference Board analyzes the emerging category of "human capital risk" and how compliance departments can help steer management clear of that strategic business threat. "There is a huge opportunity for the business, HR, and risk and compliance to think much more strategically about human capital," says Mary Young, one of the authors of the report.
 

DeVry Seeks Intelligent Approach to Managing Risk

May 31, 2011

Motivated by some key internal and external drivers, DeVry Inc. decided to amp up its focus on risk so that discussions about risk would be engrained in every strategic conversation surrounding product development and capital spending.
 

Integrating Compliance, ERM Takes Planning, CSC Says

May 26, 2011

When Computer Sciences Corp. decided to get more aggressive with compliance, ethics and enterprise risk management, Chris DePippo found himself holding a job title he never expected.
 

New Guidance on Risk Appetite

May 04, 2011

The London-based Institute of Risk Management has released draft guidance aimed at helping organizations to quantify and communicate how willing they are to take risks. The guidance explains how an organization can determine its risk appetite and what role its board of directors should play in the process.
 

Internal Audit Pulled in Two Directions at Once

March 29, 2011

A recent study finds that internal auditors are increasingly acting as advisers to operations, while at the same time they must retain their independence to perform objective assessments. "There's a tension inherently in internal audit because you're assessing operations and looking for ways to improve things," says Jeff Browning, who leads internal audit at Duke Energy. More details inside.
 

The 'Mundane' World of Internal Control

March 22, 2011

Because of misunderstandings and a lack of board oversight, critical elements of the internal control system are woefully lacking at some companies. Inside, Columnist Richard Steinberg dispels some of the myths of internal controls and explains why it's not enough to simply comply with Section 404 of the Sarbanes-Oxley Act.
 

Study: Internal Audit Needs to Expand Its Horizons

March 22, 2011

A sweeping new study from the Institute of Internal Auditors paints quite a picture for the future of internal auditors: a world of younger, better-educated professionals who should focus more on risk and governance—and on their communications skills. Full details inside.
 

Using the New COSO Risk-Management Guidance

February 15, 2011

Last month the Committee of Sponsoring Organizations issued two reports designed to help companies improve their enterprise risk management processes. Inside, Columnist Richard Steinberg culls the reports for valuable nuggets for getting ERM started or for improving an existing program.
 

Directors Still Failing to Bring Risk Oversight Up to Par

February 01, 2011

Two new studies published by COSO indicate that boards still lag when carrying out their risk oversight responsibilities. The reports say directors are too confident in management's ability to manage risk and that risk management processes are still too informal. More survey results inside.
 

Securities Regulation Institute, Day 1

January 21, 2010

Covering the news of corporate compliance is a ceaseless job, and one to which I sacrifice myself constantly. Therefore, when the Securities Regulation Institute’s annual conference rolled around this week, I immediately headed to the airport. That it is held in sunny San Diego every winter is mere coincidence.The first...
 

Metrics for Compliance, Metrics for Risk

November 18, 2009

Compliance Week had another one of its editorial roundtables this week, and as usual I had the privilege of leading an excellent discussion with compliance and risk executives facing some of the most formidable governance challenges out there. Our full coverage of the forum will appear in Compliance Week’s Dec....
 

The Myth of the Black Swan

November 10, 2009

Perhaps it’s time to start shooting those black swans.For the last several months we’ve all heard more and more about risk management, primarily because a class of supposed geniuses on Wall Street ruined the economy for the rest of us. Now the buzzword in Washington is risk management, all the...
 

Shooting the Breeze About Internal Auditing

October 21, 2009

Yesterday I had the pleasure of hosting another of Compliance Week’s occasional editorial roundtables, where we gather a small group of compliance or governance executives to discuss issues of the day in corporate compliance. We hosted a dozen internal audit executives in New York, to talk about internal auditing’s transformation...
 

The Confusing Cross-Over Between ERM, Internal Audit

March 24, 2009

Another week, another study lamenting the angst-filled uncertainty of the internal audit department.The latest dispatch comes from the Institute of Internal Auditors, which has published a survey of more than 500 auditing executives at large U.S. companies. The 15-page report contains the usual useful tips, on how to run your...
 

Compliance Week Conference Update

February 25, 2009

Do you thirst for fame? Looking for a chance to strut your compliance expertise in front of your peers? (Not a bad idea, considering the precarious job market these days.)Well, Compliance Week has just the opportunity for you.We’re planning the agenda of our annual conference coming in June, and we’re...
 

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor