All ERM articles – Page 2

  • Blog post

    6 more ‘C’mon, man!’ moments


    Regular followers of CW columnist Richard Steinberg will recognize his ‘C’mon, man, moments’—those peculiar business world goofs that leave us all perplexed. From overboarding to outlandish expense reporting, enjoy this latest installment.

  • Blog post

    COSO offers up new ERM framework for review


    The Committee of Sponsoring Organizations of the Treadway Commission, or COSO, has unveiled a proposed redraft of its 2004 ERM framework. “We wanted to create a more robust focus on risk in the strategic planning process,” says PwC Partner Dennis Chesley, a lead partner for the revision project. Tammy Whitehouse ...

  • Blog post

    Global risks driving transformational change


    As risk management in general improves, we are seeing more CEOs embracing risk management as a concept and as a practice. But we also see misdirected focus and lack of attention to some of the greatest risks and opportunities facing their companies. Where companies are getting it right, they’re driving ...

  • Blog post

    COSO ERM update will seek to elevate risk discussions


    Image: When COSO unveils the draft update to its Enterprise Risk Management framework (possibly by late April), it will propose companies take risk considerations to the highest level in an entity’s strategy-setting and decision-making processes. The framework update exercise is expected to advance the idea, says COSO Chairman Robert Hirth, ...

  • Blog post

    Analyzing Your Risks in the Banking Sector


    Image: Now that the Federal Reserve has raised interest rates for the first time in seven years, it’s as good a time as any to worry about risks in the banking system; and thankfully two different regulators—the U.S. Office of the Comptroller of the Currency, and the International Organizations of ...

  • Article

    For Internal Audit, Is Emerging Technology More Trouble Than It’s Worth?


    Image: IT audit is challenged not only by persistent talent shortages and rapid changes in technology, but also by concerns about reporting lines that raise questions about independence and the frequency of risk assessments. “Changes in security remain top of mind,” says Robert Stroud, immediate past president of ISACA and ...

  • Blog post

    Report Card on This Year, and Governance Predictions for 2016


    As one year closes and another begins, so does the cycle of talk on what corporate governance issues will challenge Corporate America in 2016. Inside, columnist Richard Steinberg reviews what he thought the big issues of 2015 would be (cyber-risk, shareholder proxy access, CEO succession, etc.), and how those subjects—and ...

  • Article

    Cloud Security Is a Challenge for Users and Providers


    As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added ...

  • Blog post

    Compliance Versus ERM


    Compliance programs need to be part of comprehensive enterprise risk management, yes, but ERM does not displace the roles of internal audit and the compliance program. This week, columnist Jose Tabuena discusses risk management as a distinct discipline that auditors and compliance officers can work with. He describes the resources ...

  • Blog post

    What Went So Wrong at VW


    The full consequences of Volkswagen’s “emissions evasion” scandal are just starting to be understood. The governance failures that led to the misconduct, however, are not new. Pressure from the chief executive, ineffective directors, a workforce that does not take compliance seriously; we have heard all that before. This week, columnist ...

  • Article

    Parsing the Difference Between GRC & ERM


    Image: Lots of executives know the difference between compliance and risk management conceptually. But the difference between “governance, risk, and compliance” and “enterprise risk management”—not so much. This week, we pick apart both acronyms. “Compliance is typically what 90 percent of GRC software does,” says Steven Minsky, CEO of software ...

  • Blog post

    COSO Expects First-Quarter Release of ERM Update Draft


    Image: COSO expects to publish a draft of its Enterprise Risk Management Integrated Framework in the first quarter of 2016. First released more than a decade ago, COSO opted to make updates in light of modern business conventions and practices. COSO Chairman Bob Hirth says, “It will be ...

  • Blog post

    How Audit Committees Really Think About Risk


    Image: Enterprise risk management is a hot subject in boardrooms across America these days, with big consequence for corporate compliance and audit professionals. Still, do audit committees have a clear sense of how they want to approach risk and risk management? Compliance Week editor Matt Kelly decided to look at ...

  • Blog post

    A Smarter Way to Address Disclosure Overload


    That companies are besieged with requests to disclose information is not news; nor is the awkward truth that most disclosures (think MD&A in your annual report) are not, ahem, brimming with specifics. This week, columnists Stephen Davis and Jon Lukomnik consider new ways to make your disclosure more manageable. One ...

  • Article

    Supply Chain Risk Continues to Challenge Companies


    Rare is the business these days that can afford to be cavalier about the regulatory scrutiny on its supply chain. So why do so many still struggle so much to gain visibility and control over vendors and suppliers? A lack of sophistication in monitoring third parties (never mind fourth parties ...

  • Article

    Shop Talk: Moving From Compliance to ERM


    Moving from silos of compliance to enterprise risk management is a complex task under the best of circumstances. Where should ERM sit within the company? How do you win support from business units? How do you get the data you need to make informed decisions about risk? At Compliance ...

  • Blog post

    Thoughts on Bridging the Gap From Compliance to ERM


    Image: Compliance Week held its latest executive roundtable in Florida last week, to talk about moving from compliance programs to broader enterprise risk management. Inside, editor Matt Kelly has a first recap of what was discussed: how much ERM companies already do, how you can overcome some (not all) of ...

  • Blog post

    Culture Ate Strategy at Toshiba


    Management guru Peter Drucker famously said culture eats strategy for breakfast. This time around, we examine Toshiba’s $1.2 billion financial fraud to see how true that saying is. Inside, columnist Richard Steinberg looks at the cultural patterns of Japan generally and Toshiba specifically that led to this meltdown, which reinforce ...

  • Blog post

    More ‘C’mon, Man’ Moments


    It’s that time again: time for another roundup of flawed characters, flawed controls, and poor outcomes. Columnist Rick Steinberg offers his latest look at sloppy thinking and risk management that led to some truly dumb ideas, from allowing guns on airplanes to losing your career over a skipped subway fare ...

  • Blog post

    Flying Into Uncontrollable Regulatory Trouble


    Image: At a theoretical level, effective compliance programs are fairly straightforward: Risky activity is found; control is implemented; regulatory compliance is achieved. In practice … well, compliance officers may have tougher times ahead. This week, Editor Matt Kelly takes the example of the humble unmanned drone and looks at a ...