All risk management articles – Page 6
-
Article
Taming Vendor Risks Continues to Flummox Compliance Programs
Image: Vendor risks driving you crazy? Well, you are not alone. In a recent survey compliance and audit professionals gave their vendor risk management programs an overall score of only 2.8 on a 1 to 5 scale. Thankfully, corporate boardrooms are paying more attention now. “It’s risen to a level ...
-
Blog
Breaking Risk Management Down to Manageable Size
Effective risk management may seem daunting, and many companies say they fell victim to misconduct because nobody ever considered whatever risk event came to pass. The reality, Compliance Week columnist Rick Steinberg writes, is that many risks have happened before, and companies can anticipate them. Inside, he reviews the building ...
-
Article
Compliance Officers as Strategic Partners
Lots of people talk about the compliance function as crucial to business strategy today, but gaps remain: According to one PwC survey of chief executives, 78 percent of CEOs say overregulation is the top threat to growing their business; at the same time, only 35 percent of CCOs in PwC’s ...
-
Blog
OCC: Cyber-Security Priorities for 2015
Comptroller of the Currency Thomas Curry last week provided an overview of the top cyber-security priorities that the Office of the Comptroller of the Currency will be focusing on for the remainder of 2015. These priorities include the release of a new cyber-security assessment tool that financial institutions can use ...
-
Article
Demystifying the Risks of Board-Level Risk Committees
Image: In the wake of the financial crisis, many large financial institutions created new, board-level risk committees to oversee their most critical risk issues. For other industries, the decision to create a risk committee isn’t so simple—and isn’t without some risk-taking itself. “You have to guard against the risk that ...
-
Blog
Canadian Court Shifts Corporate Liability to Managers
A recent decision by the Quebec Superior Court found that Canadian companies can be held criminally liable for the wrongful actions of their middle managers, even when the head office has no knowledge of the misconduct. The decision “mark[s] a fundamental change, if not a revolution, in the law of ...
-
Blog
European Watchdogs Calls for Banks to Revisit Business Models
European regulators are urging banks to revamp their business models to reduce risk and enhance a culture of compliance. A joint report issued by the European Union’s banking, insurance, and market regulators says, “Despite numerous actions already taken by regulators and supervisors, both from prudential and consumer protection perspectives, recent ...
-
Article
Q&A: How E*Trade Recovered From the Financial Crisis
Image: As part of our occasional series of conversations with compliance and risk executives, we caught up with Michael Pizzi, chief risk officer at E*Trade Financial. Prior to the financial crisis, E*Trade had made sizable investments in mortgage-related assets—toxic assets whose value ultimately plummeted, resulting in substantial writedowns for the ...
-
Article
Eliminating Cyber-Threats From the IT Supply Chain
Image: The longer a global supply chain grows, the less assurance corporations have in the integrity and security of their products and operations. Now NIST is trying to pierce that fog with new guidance, and compliance officers in the private sector might want to take notice. “Cyber-supply chain risk management ...
-
Blog
Better Ways for Boards to Care About Reputation Risk
Reputation risk is never far from a board’s mind, and rightly so. That doesn’t necessarily mean boards should make management of reputation risk their first priority—despite many examples of reputation failures leading to catastrophe. Rather, Compliance Week columnist Rick Steinberg writes, boards need to obsess over culture and operational details ...
-
Article
Shop Talk: Managing Vendor Risk
Pop quiz: Try to name a recent example of corporate misconduct that did not somehow include a company’s vendors or third parties. It’s not easy, and third parties are now a huge part of the compliance officer’s responsibility. In our latest Compliance Week executive forum, we gathered a dozen CCOs ...
-
Article
Q&A: Talking Insurance Industry Compliance
Image: As part of our occasional series of conversations with compliance executives, we caught up with Lee Augsburger, chief ethics and compliance officer at Prudential Financial and vice chairman of the newly established Global Insurance Chief Compliance Officers Forum. Inside, Augsburger talks about the objectives of the group and how ...
-
Article
Gap Analysis: C-Suite Struggling to Define Risks
Image: Despite consensus that risk is a big deal—something companies should manage aggressively—recent academic research suggests that boardroom leaders focus on vastly different risks than compliance, audit, and risk executives do. “I wonder if there is a lack of understanding of the views of risk across the management team,” says ...
-
Article
When Enterprise Legal Management and GRC Collide
Software vendors offer a range of products known as “enterprise legal management” to help the legal department analyze spending, discern patterns, and manage costs. Given that many legal costs are the result of some governance or compliance risk, is there an opportunity to use enterprise legal data to improve your ...
-
Blog
ELM Arrives as New Compliance Buzzword
Image: We try to look cynically upon any slick new marketing campaign from the GRC software vendors, but occasionally something appears that does seem to have real substance. That may have happened earlier this month at LegalTech 2015 with its extensive discussion of “enterprise legal management.” The concept is a ...
-
Blog
Survey: Cyber-Risk Is Big, but Regulatory Risk Trumps Again
Image: In a recent poll by Protiviti and North Carolina State University of 277 board members and top executives, 67 percent identified regulatory risk as the top concern for the third time since the survey began. Protiviti managing director Jim DeLoach says, “The fact that this is so top of ...
-
Article
What Critics Say on Three Lines of Defense
The Three Lines of Defense model for risk oversight—business units in the first line, compliance in the second, internal auditors in the third—has been hugely popular in recent years. Proponents love it, and regulators have come to expect it. Critics, however, say the Three Lines model is too simplistic a ...
-
Blog
FDIC Refreshes Guidance on High-Risk Customers
Gun merchants, strippers, and payday lenders rejoice! The Federal Deposit Insurance Corp. has signaled an end to its effort to restrict industries deemed as “high risk” from banking access. The FDIC tells banks to take a risk-based approach in assessing individual “customers, rather than declining to provide banking services to ...
-
Article
COSO Tacks Toward Cyber-Security
As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways that its frameworks for internal control and risk management can be a starting point for companies to anticipate fast-emerging risks. “Just as the board is responsible for enterprise risk management, this is very similar,” says Mike ...
-
Article
How M&A Due Diligence Goes Wrong
According to data compiled by Bloomberg, $390 billion in merger deals fell apart last year. M&A plans can collapse for many reasons, from regulatory disapproval to clashing CEO egos. Most painful, however, is a deal is consummated quickly that later proves to be a mistake—thanks to poor due diligence. Inside, ...