All ERM articles – Page 3

  • Article

    Taming Vendor Risks Continues to Flummox Compliance Programs

    2015-07-21T10:15:00Z

    Image: Vendor risks driving you crazy? Well, you are not alone. In a recent survey compliance and audit professionals gave their vendor risk management programs an overall score of only 2.8 on a 1 to 5 scale. Thankfully, corporate boardrooms are paying more attention now. “It’s risen to a level ...

  • Blog post

    Breaking Risk Management Down to Manageable Size

    2015-07-14T14:00:00Z

    Effective risk management may seem daunting, and many companies say they fell victim to misconduct because nobody ever considered whatever risk event came to pass. The reality, Compliance Week columnist Rick Steinberg writes, is that many risks have happened before, and companies can anticipate them. Inside, he reviews the building ...

  • Blog post

    Mid-Year Look at Corporate Compliance in 2015

    2015-07-06T12:45:00Z

    Image: Six months ago Compliance Week Editor Matt Kelly picked six events to watch in corporate compliance for 2015: political risk, Republican activism, confusion over revenue recognition, and more. With the year half over—and in the interests of holding people accountable, including Compliance Week editors—now seems a good time to ...

  • Blog post

    Get Ready For the Biggest Stress-Test of Them All

    2015-06-29T14:15:00Z

    Image: Greece in default, China teetering on recession, stock markets shuddering worldwide and interest rates poised for their first increase in years—suddenly, all those exercises in risk management that banks have done in the Dodd-Frank era face their ultimate test. The only problem, writes Compliance Week editor Matt Kelly: Dodd-Frank ...

  • Blog post

    Is CEO Pay Over the Top?

    2015-06-23T15:00:00Z

    Proxy season is now over, littered with the usual adjectives about CEO pay: “supersized,” “outsized,” “piggish,” “outrageous,” and “embarrassing.” This week, columnist Rick Steinberg sounds a cautionary note amid the complaints—that CEOs are still critical to an organization, and hiring the right one encompasses a blizzard of detail. The board ...

  • Article

    Demystifying the Risks of Board-Level Risk Committees

    2015-06-09T09:45:00Z

    Image: In the wake of the financial crisis, many large financial institutions created new, board-level risk committees to oversee their most critical risk issues. For other industries, the decision to create a risk committee isn’t so simple—and isn’t without some risk-taking itself. “You have to guard against the risk that ...

  • Article

    Compliance Trends in 2015: More Authority, More IT Uncertainty

    2015-05-19T12:00:00Z

    Good news for compliance officers in existential crisis: A majority of CCOs are now part of the senior management teams at their businesses, and they have more authority than ever before. Those are two among many findings of the 2015 Compliance Trends Report, the annual survey of compliance leaders conducted ...

  • Blog post

    What Really Serves Shareholders’ Best Interests

    2015-05-12T08:45:00Z

    Proxy season is upon us, which means the annual call in many boardrooms to shake up the board of directors. Replacing directors does occasionally make sense, Compliance Week columnist Rick Steinberg says—but that’s not the same as surrendering to every activist’s demand for new people in the boardroom. Inside, Steinberg ...

  • Article

    Q&A: How E*Trade Recovered From the Financial Crisis

    2015-05-05T13:15:00Z

    Image: As part of our occasional series of conversations with compliance and risk executives, we caught up with Michael Pizzi, chief risk officer at E*Trade Financial. Prior to the financial crisis, E*Trade had made sizable investments in mortgage-related assets—toxic assets whose value ultimately plummeted, resulting in substantial writedowns for the ...

  • Article

    Running in Place or Winning the New Race?

    2015-04-28T11:45:00Z

    Image: Our GRC Illustrated series returns this week, looking at how compliance programs can keep pace with new ways of communicating within business and with the new employees who use them. That will mean addressing multiple audiences through multiple channels, and it will pose new challenges for policy management, training, ...

  • Article

    Shop Talk: Managing Vendor Risk

    2015-04-14T10:30:00Z

    Pop quiz: Try to name a recent example of corporate misconduct that did not somehow include a company’s vendors or third parties. It’s not easy, and third parties are now a huge part of the compliance officer’s responsibility. In our latest Compliance Week executive forum, we gathered a dozen CCOs ...

  • Blog post

    Two Common Misperceptions About Risk Management

    2015-03-17T15:15:00Z

    The “Three Lines of Defense” theory to risk management is very much in vogue today, along with maturity models to understand how strong your risk management program is. This week, columnist Rick Steinberg takes both ideas to task. The three lines concept too often paints risk as something to be ...

  • Article

    How to Impose a Travel Policy Without Strangling Anyone

    2015-03-10T14:00:00Z

    Compliance officers can pick fights with employees over any number of workplace policies. But if you really want daggers drawn and subversive battles at every turn—impose a policy on business travel. Inside, we look at how to defuse that policy management time bomb, as well as the collateral legal damage ...

  • Article

    Gap Analysis: C-Suite Struggling to Define Risks

    2015-03-03T12:30:00Z

    Image: Despite consensus that risk is a big deal—something companies should manage aggressively—recent academic research suggests that boardroom leaders focus on vastly different risks than compliance, audit, and risk executives do. “I wonder if there is a lack of understanding of the views of risk across the management team,” says ...

  • Blog post

    Survey: Audit Execs’ Cyber-Fears Run Deep

    2015-02-25T12:15:00Z

    Image: Nearly 7 in 10 internal audit leaders participating in the IIA’s annual “Pulse of Internal Audit” survey ranked cyber-attacks and other security issues as a major concern, but only about one-third said they have high confidence in their organizations’ ability to address such risks. IIA President Richard Chambers says ...

  • Article

    When Enterprise Legal Management and GRC Collide

    2015-02-24T09:45:00Z

    Software vendors offer a range of products known as “enterprise legal management” to help the legal department analyze spending, discern patterns, and manage costs. Given that many legal costs are the result of some governance or compliance risk, is there an opportunity to use enterprise legal data to improve your ...

  • Article

    Practical Ideas on Managing Reputation Risk

    2015-02-24T09:30:00Z

    Image: Reputation risk is the strategic business issue for many boards and senior executives today, and yet few know how to address it well. “Reputation is an ‘amplifier risk,’ because it attaches itself to other risks,” says Andrea Bonime-Blanc, head of consulting firm GEC Risk Advisory. She and others recommend ...

  • Blog post

    The Logic Behind COSO’s ERM Framework Update

    2015-02-18T10:45:00Z

    Even as compliance officers are still digesting the updated COSO framework for internal controls, COSO has set its sights on what’s next: an update to its enterprise risk management framework, likely to arrive sometime in 2016 or so. Why ERM? Why now? Inside, Compliance Week columnist Rick Steinberg walks us ...

  • Article

    What Critics Say on Three Lines of Defense

    2015-02-10T13:15:00Z

    The Three Lines of Defense model for risk oversight—business units in the first line, compliance in the second, internal auditors in the third—has been hugely popular in recent years. Proponents love it, and regulators have come to expect it. Critics, however, say the Three Lines model is too simplistic a ...

  • Article

    Paths to Globalizing Your Code of Conduct

    2015-02-10T12:30:00Z

    Image: A thoughtful and well-drafted Code of Conduct is the cornerstone of any strong corporate compliance program. Making that cornerstone strong enough to support a compliance program worldwide, spanning all manner of cultures—that’s the tricky part. “We’re constantly trying to figure out better ways to deliver our message while keeping ...