All ERM articles – Page 2

  • Blog post

    COSO ERM update will seek to elevate risk discussions

    2016-02-23T14:45:00Z

    Image: When COSO unveils the draft update to its Enterprise Risk Management framework (possibly by late April), it will propose companies take risk considerations to the highest level in an entity’s strategy-setting and decision-making processes. The framework update exercise is expected to advance the idea, says COSO Chairman Robert Hirth, ...

  • Blog post

    Analyzing Your Risks in the Banking Sector

    2015-12-16T16:15:00Z

    Image: Now that the Federal Reserve has raised interest rates for the first time in seven years, it’s as good a time as any to worry about risks in the banking system; and thankfully two different regulators—the U.S. Office of the Comptroller of the Currency, and the International Organizations of ...

  • Article

    For Internal Audit, Is Emerging Technology More Trouble Than It’s Worth?

    2015-12-15T10:00:00Z

    Image: IT audit is challenged not only by persistent talent shortages and rapid changes in technology, but also by concerns about reporting lines that raise questions about independence and the frequency of risk assessments. “Changes in security remain top of mind,” says Robert Stroud, immediate past president of ISACA and ...

  • Blog post

    Report Card on This Year, and Governance Predictions for 2016

    2015-12-15T09:45:00Z

    As one year closes and another begins, so does the cycle of talk on what corporate governance issues will challenge Corporate America in 2016. Inside, columnist Richard Steinberg reviews what he thought the big issues of 2015 would be (cyber-risk, shareholder proxy access, CEO succession, etc.), and how those subjects—and ...

  • Article

    Cloud Security Is a Challenge for Users and Providers

    2015-11-24T13:30:00Z

    As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added ...

  • Blog post

    Compliance Versus ERM

    2015-11-24T10:15:00Z

    Compliance programs need to be part of comprehensive enterprise risk management, yes, but ERM does not displace the roles of internal audit and the compliance program. This week, columnist Jose Tabuena discusses risk management as a distinct discipline that auditors and compliance officers can work with. He describes the resources ...

  • Blog post

    What Went So Wrong at VW

    2015-11-17T10:15:00Z

    The full consequences of Volkswagen’s “emissions evasion” scandal are just starting to be understood. The governance failures that led to the misconduct, however, are not new. Pressure from the chief executive, ineffective directors, a workforce that does not take compliance seriously; we have heard all that before. This week, columnist ...

  • Article

    Parsing the Difference Between GRC & ERM

    2015-11-03T13:15:00Z

    Image: Lots of executives know the difference between compliance and risk management conceptually. But the difference between “governance, risk, and compliance” and “enterprise risk management”—not so much. This week, we pick apart both acronyms. “Compliance is typically what 90 percent of GRC software does,” says Steven Minsky, CEO of software ...

  • Blog post

    COSO Expects First-Quarter Release of ERM Update Draft

    2015-10-19T12:30:00Z

    Image: COSO expects to publish a draft of its Enterprise Risk Management Integrated Framework in the first quarter of 2016. First released more than a decade ago, COSO opted to make updates in light of modern business conventions and practices. COSO Chairman Bob Hirth says, “It will be ...

  • Blog post

    How Audit Committees Really Think About Risk

    2015-10-19T09:30:00Z

    Image: Enterprise risk management is a hot subject in boardrooms across America these days, with big consequence for corporate compliance and audit professionals. Still, do audit committees have a clear sense of how they want to approach risk and risk management? Compliance Week editor Matt Kelly decided to look at ...

  • Blog post

    A Smarter Way to Address Disclosure Overload

    2015-10-06T10:45:00Z

    That companies are besieged with requests to disclose information is not news; nor is the awkward truth that most disclosures (think MD&A in your annual report) are not, ahem, brimming with specifics. This week, columnists Stephen Davis and Jon Lukomnik consider new ways to make your disclosure more manageable. One ...

  • Article

    Supply Chain Risk Continues to Challenge Companies

    2015-09-29T13:30:00Z

    Rare is the business these days that can afford to be cavalier about the regulatory scrutiny on its supply chain. So why do so many still struggle so much to gain visibility and control over vendors and suppliers? A lack of sophistication in monitoring third parties (never mind fourth parties ...

  • Article

    Shop Talk: Moving From Compliance to ERM

    2015-09-29T10:45:00Z

    Moving from silos of compliance to enterprise risk management is a complex task under the best of circumstances. Where should ERM sit within the company? How do you win support from business units? How do you get the data you need to make informed decisions about risk? At Compliance ...

  • Blog post

    Thoughts on Bridging the Gap From Compliance to ERM

    2015-09-21T15:45:00Z

    Image: Compliance Week held its latest executive roundtable in Florida last week, to talk about moving from compliance programs to broader enterprise risk management. Inside, editor Matt Kelly has a first recap of what was discussed: how much ERM companies already do, how you can overcome some (not all) of ...

  • Blog post

    Culture Ate Strategy at Toshiba

    2015-09-15T09:45:00Z

    Management guru Peter Drucker famously said culture eats strategy for breakfast. This time around, we examine Toshiba’s $1.2 billion financial fraud to see how true that saying is. Inside, columnist Richard Steinberg looks at the cultural patterns of Japan generally and Toshiba specifically that led to this meltdown, which reinforce ...

  • Blog post

    More ‘C’mon, Man’ Moments

    2015-08-18T10:15:00Z

    It’s that time again: time for another roundup of flawed characters, flawed controls, and poor outcomes. Columnist Rick Steinberg offers his latest look at sloppy thinking and risk management that led to some truly dumb ideas, from allowing guns on airplanes to losing your career over a skipped subway fare ...

  • Blog post

    Flying Into Uncontrollable Regulatory Trouble

    2015-08-10T15:45:00Z

    Image: At a theoretical level, effective compliance programs are fairly straightforward: Risky activity is found; control is implemented; regulatory compliance is achieved. In practice … well, compliance officers may have tougher times ahead. This week, Editor Matt Kelly takes the example of the humble unmanned drone and looks at a ...

  • Article

    Taming Vendor Risks Continues to Flummox Compliance Programs

    2015-07-21T10:15:00Z

    Image: Vendor risks driving you crazy? Well, you are not alone. In a recent survey compliance and audit professionals gave their vendor risk management programs an overall score of only 2.8 on a 1 to 5 scale. Thankfully, corporate boardrooms are paying more attention now. “It’s risen to a level ...

  • Blog post

    Breaking Risk Management Down to Manageable Size

    2015-07-14T14:00:00Z

    Effective risk management may seem daunting, and many companies say they fell victim to misconduct because nobody ever considered whatever risk event came to pass. The reality, Compliance Week columnist Rick Steinberg writes, is that many risks have happened before, and companies can anticipate them. Inside, he reviews the building ...

  • Blog post

    Mid-Year Look at Corporate Compliance in 2015

    2015-07-06T12:45:00Z

    Image: Six months ago Compliance Week Editor Matt Kelly picked six events to watch in corporate compliance for 2015: political risk, Republican activism, confusion over revenue recognition, and more. With the year half over—and in the interests of holding people accountable, including Compliance Week editors—now seems a good time to ...