All risk management articles – Page 6
-
Article
Parsing the Difference Between GRC & ERM
Image: Lots of executives know the difference between compliance and risk management conceptually. But the difference between “governance, risk, and compliance” and “enterprise risk management”—not so much. This week, we pick apart both acronyms. “Compliance is typically what 90 percent of GRC software does,” says Steven Minsky, CEO of software ...
-
Blog
How Audit Committees Really Think About Risk
Image: Enterprise risk management is a hot subject in boardrooms across America these days, with big consequence for corporate compliance and audit professionals. Still, do audit committees have a clear sense of how they want to approach risk and risk management? Compliance Week editor Matt Kelly decided to look at ...
-
Article
Supply Chain Risk Continues to Challenge Companies
Rare is the business these days that can afford to be cavalier about the regulatory scrutiny on its supply chain. So why do so many still struggle so much to gain visibility and control over vendors and suppliers? A lack of sophistication in monitoring third parties (never mind fourth parties ...
-
Article
Shop Talk: Moving From Compliance to ERM
Moving from silos of compliance to enterprise risk management is a complex task under the best of circumstances. Where should ERM sit within the company? How do you win support from business units? How do you get the data you need to make informed decisions about risk? At Compliance ...
-
Article
Taming Vendor Risks Continues to Flummox Compliance Programs
Image: Vendor risks driving you crazy? Well, you are not alone. In a recent survey compliance and audit professionals gave their vendor risk management programs an overall score of only 2.8 on a 1 to 5 scale. Thankfully, corporate boardrooms are paying more attention now. “It’s risen to a level ...
-
Blog
Breaking Risk Management Down to Manageable Size
Effective risk management may seem daunting, and many companies say they fell victim to misconduct because nobody ever considered whatever risk event came to pass. The reality, Compliance Week columnist Rick Steinberg writes, is that many risks have happened before, and companies can anticipate them. Inside, he reviews the building ...
-
Article
Compliance Officers as Strategic Partners
Lots of people talk about the compliance function as crucial to business strategy today, but gaps remain: According to one PwC survey of chief executives, 78 percent of CEOs say overregulation is the top threat to growing their business; at the same time, only 35 percent of CCOs in PwC’s ...
-
Blog
OCC: Cyber-Security Priorities for 2015
Comptroller of the Currency Thomas Curry last week provided an overview of the top cyber-security priorities that the Office of the Comptroller of the Currency will be focusing on for the remainder of 2015. These priorities include the release of a new cyber-security assessment tool that financial institutions can use ...
-
Article
Demystifying the Risks of Board-Level Risk Committees
Image: In the wake of the financial crisis, many large financial institutions created new, board-level risk committees to oversee their most critical risk issues. For other industries, the decision to create a risk committee isn’t so simple—and isn’t without some risk-taking itself. “You have to guard against the risk that ...
-
Blog
Canadian Court Shifts Corporate Liability to Managers
A recent decision by the Quebec Superior Court found that Canadian companies can be held criminally liable for the wrongful actions of their middle managers, even when the head office has no knowledge of the misconduct. The decision “mark[s] a fundamental change, if not a revolution, in the law of ...
-
Blog
European Watchdogs Calls for Banks to Revisit Business Models
European regulators are urging banks to revamp their business models to reduce risk and enhance a culture of compliance. A joint report issued by the European Union’s banking, insurance, and market regulators says, “Despite numerous actions already taken by regulators and supervisors, both from prudential and consumer protection perspectives, recent ...
-
Article
Q&A: How E*Trade Recovered From the Financial Crisis
Image: As part of our occasional series of conversations with compliance and risk executives, we caught up with Michael Pizzi, chief risk officer at E*Trade Financial. Prior to the financial crisis, E*Trade had made sizable investments in mortgage-related assets—toxic assets whose value ultimately plummeted, resulting in substantial writedowns for the ...
-
Article
Eliminating Cyber-Threats From the IT Supply Chain
Image: The longer a global supply chain grows, the less assurance corporations have in the integrity and security of their products and operations. Now NIST is trying to pierce that fog with new guidance, and compliance officers in the private sector might want to take notice. “Cyber-supply chain risk management ...
-
Blog
Better Ways for Boards to Care About Reputation Risk
Reputation risk is never far from a board’s mind, and rightly so. That doesn’t necessarily mean boards should make management of reputation risk their first priority—despite many examples of reputation failures leading to catastrophe. Rather, Compliance Week columnist Rick Steinberg writes, boards need to obsess over culture and operational details ...
-
Article
Shop Talk: Managing Vendor Risk
Pop quiz: Try to name a recent example of corporate misconduct that did not somehow include a company’s vendors or third parties. It’s not easy, and third parties are now a huge part of the compliance officer’s responsibility. In our latest Compliance Week executive forum, we gathered a dozen CCOs ...
-
Article
Q&A: Talking Insurance Industry Compliance
Image: As part of our occasional series of conversations with compliance executives, we caught up with Lee Augsburger, chief ethics and compliance officer at Prudential Financial and vice chairman of the newly established Global Insurance Chief Compliance Officers Forum. Inside, Augsburger talks about the objectives of the group and how ...
-
Article
Gap Analysis: C-Suite Struggling to Define Risks
Image: Despite consensus that risk is a big deal—something companies should manage aggressively—recent academic research suggests that boardroom leaders focus on vastly different risks than compliance, audit, and risk executives do. “I wonder if there is a lack of understanding of the views of risk across the management team,” says ...
-
Article
When Enterprise Legal Management and GRC Collide
Software vendors offer a range of products known as “enterprise legal management” to help the legal department analyze spending, discern patterns, and manage costs. Given that many legal costs are the result of some governance or compliance risk, is there an opportunity to use enterprise legal data to improve your ...
-
Blog
ELM Arrives as New Compliance Buzzword
Image: We try to look cynically upon any slick new marketing campaign from the GRC software vendors, but occasionally something appears that does seem to have real substance. That may have happened earlier this month at LegalTech 2015 with its extensive discussion of “enterprise legal management.” The concept is a ...
-
Blog
Survey: Cyber-Risk Is Big, but Regulatory Risk Trumps Again
Image: In a recent poll by Protiviti and North Carolina State University of 277 board members and top executives, 67 percent identified regulatory risk as the top concern for the third time since the survey began. Protiviti managing director Jim DeLoach says, “The fact that this is so top of ...