Recently organizations have been faced with the increasing threat of cyber attacks, whether from external hackers such as lulzsec or from internal attacks such as wikileaks. Your customers' personally identifiable information, organization's intellectual property, and confidential files are all vulnerable to attack.
How prepared is your IT Risk…Continue
Added by Steven Minsky on July 8, 2011 at 7:00am — No Comments
Boards are under pressure like never before to assure their organization has an effective risk management program. The SEC, through the Proxy Disclosure Enhancements amendment, is holding them personally responsible for risk management.
If your board hasn't already come knocking on your door for a briefing on the effectiveness of risk…
Added by Steven Minsky on June 20, 2011 at 4:30pm — No Comments
While spreadsheets are still an excellent tool for data manipulation and one-dimensional analysis, they fall significantly short of delivering the capabilities a risk manager really needs to analyze trends and see the relationships the job entails.
The limitations of spreadsheets verses ERM software are systemic and largely stem from the…
Added by Steven Minsky on May 20, 2011 at 9:00am — No Comments
With so many risk management standards and government regulations out there that require risk assessments, how should internal audit evaluate the effectiveness of your organization’s risk management program? How would you apply any one of these frameworks to an audit? How do you meet the reporting requirements of so many external stakeholders from regulators to investors…
Added by Steven Minsky on April 29, 2011 at 3:30pm — No Comments
If you’re considering automating your governance, risk, and compliance (GRC) program there are dozens of choices out there and choosing the one that’s best for your program can be challenging.
While many tools out there can document controls and test compliance, managing enterprise-wide governance, risk, and compliance is about much more. It’s about adding…Continue
An organization-wide risk appetite can be a powerful statement that gives your risk or compliance program direction. However, like any policy, risk appetite without accompanying action is nothing more than an idea.
So how do you give your risk appetite teeth? How do you make it an actionable guide for your…Continue
The nuclear crisis still unfolding at Fukushima Daiichi continues to threaten a meltdown as core temperatures and radiation leaks continue to fluctuate. The disaster is one of the worst nuclear disasters in history. However the vulnerabilities at the power station are not isolated to Japan or utility companies; they are common risk management shortcomings in operational practices seen in every country and every…Continue
No company falls out of compliance over-night. It’s a gradual process resulting from a combination of overlooked issues, that together create a serious problem. Strangely enough, compliance issues often result from taking an overly compliance-focused approach to risk management; a common problem for Governance, Risk, and Compliance (GRC) programs.
Take for example J&J who, after a series of product recalls in 2009, has once again fallen out of compliance and now…Continue