Steven Minsky's Blog (228)

What Your Board Should Know About IT Risk Management

Recently organizations have been faced with the increasing threat of cyber attacks, whether from external hackers such as lulzsec or from internal attacks such as wikileaks.  Your customers' personally identifiable information, organization's intellectual property, and confidential files are all vulnerable to attack.

How prepared is your IT Risk…


Added by Steven Minsky on July 8, 2011 at 7:00am — No Comments

Risk Managers: What should you report to the Board?

Boards are under pressure like never before to assure their organization has an effective risk management program.  The SEC, through the Proxy Disclosure Enhancements amendment,  is holding them personally responsible for risk management.

If your board hasn't already come knocking on your door for a briefing on the effectiveness of risk…


Added by Steven Minsky on June 20, 2011 at 4:30pm — No Comments

Risk Managers: Why Spreadsheets are Failing You

While spreadsheets are still an excellent tool for data manipulation and one-dimensional analysis, they fall significantly short of delivering the capabilities a risk manager really needs to analyze trends and see the relationships the job entails.

The limitations of spreadsheets verses ERM software are systemic and largely stem from the…


Added by Steven Minsky on May 20, 2011 at 9:00am — No Comments

How do you audit a risk management program?

With so many risk management standards and government regulations out there that require risk assessments, how should internal audit evaluate the effectiveness of your organization’s risk management program?  How would you apply any one of these frameworks to an audit?  How do you meet the reporting requirements of so many external stakeholders from regulators to investors…


Added by Steven Minsky on April 29, 2011 at 3:30pm — No Comments

5 Reasons to put ERM tools on your GRC shortlist

If you’re considering automating your governance, risk, and compliance (GRC) program there are dozens of choices out there and choosing the one that’s best for your program can be challenging.

While many tools out there can document controls and test compliance, managing enterprise-wide governance, risk, and compliance is about much more.  It’s about adding…


Added by Steven Minsky on April 25, 2011 at 3:30pm — 4 Comments

5 Ways to put Risk Appetite into action

An organization-wide risk appetite can be a powerful statement that gives your risk or compliance program direction.  However, like any policy, risk appetite without accompanying action is nothing more than an idea.

So how do you give your risk appetite teeth?  How do you make it an actionable guide for your…


Added by Steven Minsky on April 12, 2011 at 7:00am — 2 Comments

Japanese Nuclear Crisis: lessons for risk managers

The nuclear crisis still unfolding at Fukushima Daiichi continues to threaten a meltdown as core temperatures and radiation leaks continue to fluctuate.  The disaster is one of the worst nuclear disasters in history.  However the vulnerabilities at the power station are not isolated to Japan or utility companies; they are common risk management shortcomings in operational practices seen in every country and every…


Added by Steven Minsky on April 1, 2011 at 9:00am — 8 Comments

Is your GRC program overly focused on compliance?

No company falls out of compliance over-night.  It’s a gradual process resulting from a combination of overlooked issues, that together create a serious problem.  Strangely enough, compliance issues often result from taking an overly compliance-focused approach to risk management; a common problem for Governance, Risk, and Compliance (GRC) programs.

Take for example J&J who, after a series of product recalls in 2009, has once again fallen out of compliance and now…


Added by Steven Minsky on March 29, 2011 at 9:00am — 7 Comments

Monthly Archives










Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service