board - Blog - Global Risk Community2024-03-29T08:48:38Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/boardThe COSO Framework: An Organization's Guide to an Effective Internal Control Systemhttps://globalriskcommunity.com/profiles/blogs/the-coso-framework-an-organization-s-guide-to-an-effective2020-08-08T05:32:10.000Z2020-08-08T05:32:10.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p></p><p>As the business and operating environment changes, there has been a greater demand for transparency and accountability as to the <a href="https://flevy.com/blog/wp-content/uploads/2020/06/pic-1-COSO-Framework-300x208.jpeg" target="_blank"><img src="https://flevy.com/blog/wp-content/uploads/2020/06/pic-1-COSO-Framework-300x208.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-COSO-Framework-300x208.jpeg?profile=RESIZE_710x" /></a>integrity of internal control. This has become very critical today as businesses drive to enhance the likelihood of them achieving their objectives and be able to adapt to changes in the global business environment.</p><p>The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released in 1992 the <a href="https://flevy.com/browse/flevypro/coso-framework-5086">Integrated Internal Control Framework</a> that will enable organizations to effectively and efficiently develop and maintain systems of internal control. It also includes enhancements and clarifications that will provide organizations the ease of using and applying the Framework.</p><h3><strong>An Overview of the COSO Framework</strong></h3><p>The COSO Framework is the globally recognized framework for designing, implementing, conducting, and assessing internal control. It is recognized as the definitive standard against which organizations measure the effectiveness of internal control systems.</p><p>If we look at the internal control, this is not a serial process but a dynamic and integrated process. It is a process effected by an organization’s <a href="https://flevy.com/business-toolkit/board-of-directors">Board of Directors</a>, Management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. It can be considered an enabler when it comes to achieving <a href="https://flevy.com/operational-excellence">Operational Excellence</a>.</p><p>The COSO Framework provides for 3 categories of objectives. These categories allow organizations to focus on different aspects of internal control. It ensures that the internal control system is operationally efficient and effective, reporting reliable data, and remain compliant to laws and regulations.</p><h3><strong>The 5 Components of the COSO Framework</strong></h3><p>In an effective internal control system, <a href="https://flevy.com/browse/flevypro/coso-framework-5086">5 Components of the COSO Framework</a> must be present to support the achievement of an organization’s mission, strategies, and related business objectives.</p><p><a href="https://flevy.com/browse/flevypro/coso-framework-5086" target="_blank"><img src="https://flevy.com/blog/wp-content/uploads/2020/06/pic-2-COSO-Framework.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-2-COSO-Framework.png?profile=RESIZE_710x" /></a></p><p><strong>Component 1: Control Environment</strong>. This is a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.</p><p><strong>Component 2: Risk Assessment</strong>. This forms the basis for determining how risks will be managed. It involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. It determines the possibility that an event will occur and adversely affect the achievement of objectives.</p><p><strong>Component 3: Control Activities</strong>. The 3rd component ensures that Management’s directives to mitigate risks to the achievement of objectives are carried out. These are actions that are established through policies and procedures. It may be preventive or detective in nature.</p><p><strong>Component 4: Information and Communication</strong>. This component focuses on the generation of relevant and quality information to support the functioning of other components. It is a continuous iterative process of providing, sharing, ad obtaining the necessary information. This is necessary to enable businesses to carry out internal control responsibilities to support the achievement of its objectives.</p><p><strong>Component 5: Monitoring Activities</strong>. Monitoring activities, as a component, ascertains whether each of the 5 components of internal control is present and functioning. It includes the conduct of ongoing evaluations, separate evaluations, or a combination of both.</p><p>The 5 Components of the COSO Framework are essentially important as they represent what is required to achieve the objectives and the organizational structure of the organization. Each component has its underlying principles and key elements to better guide organizations in putting the components in place.</p><h3><strong>Additional Key Considerations</strong></h3><p>The COSO Framework sets the requirements for an effective system of internal control. An effective system reduces, to an acceptable level, the risk of not achieving the organization’s objectives.</p><p>There are additional key considerations that organizations must take note of. One consideration is that each of the 5 components and relevant principles is present and functioning. Present refers to the determination that the components and relevant principles exist in the design and implementation of the system of internal control to achieve specified objectives. Functions refer to the determination that the components and relevant principles continue to exist in the operations and conduct of the system of internal control to achieve specified objectives.</p><p>Interested in gaining more understanding of the <a href="https://flevy.com/browse/flevypro/coso-framework-5086">COSO Framework</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/coso-framework-5086">editable PowerPoint about <strong>COSO Framework</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>All You Need To Know About Wireless Charging And The Emerging Trendshttps://globalriskcommunity.com/profiles/blogs/all-you-need-to-know-about-wireless-charging-and-the-emerging2020-05-18T11:21:30.000Z2020-05-18T11:21:30.000ZKBV Researchhttps://globalriskcommunity.com/members/KBVResearch<div><p>Wireless charging, also known as wireless power transfer (WPT), is commonly used in compact and wearable electronic products such as laptops, athletic bands, shavers, and electric toothbrushes. However,<span> </span><a href="https://www.kbvresearch.com/wireless-charging-market/">Wireless charging</a><span> </span>also has benefits for commercial applications. Industrial technologies include electric motors, robots, warehouse automation, mobile terminals, contactless loading of subsea vehicles, and many more.</p><p></p><p><a href="{{#staticFileLink}}8028319857,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8028319857,original{{/staticFileLink}}" class="align-center" alt="8028319857?profile=original" /></a></p><p></p><p>Wireless charging can be found anywhere, in smartphones and IoT devices, but most notably in medical equipment. This is one business that can be changed with the use of chargers. Then there are the electric vehicles (EVs), which will benefit from the technology. The network must have been easy to set up. Not unexpectedly, the first uses of electromagnetic induction were for automobiles, but internal combustion engines were more common.</p><p></p><h2><strong>Wireless charging: What, Why, and How?</strong></h2><h3><strong>What is wireless charging?</strong></h3><p>Any wireless charging technology consists of two parts, a transmitter (the actual charging station) and a receiver. The receiver collects the transmitted energy and then charges the battery to the device. When individual electronic devices are growing in number and decreasing in scale, the need for a more efficient charging method is becoming increasingly common.</p><p></p><p>Inductive charging uses the electromagnetic field produced by the magnetic coil to cause voltage in the receiver within the device. This voltage is used to charge the battery. A form of wireless charging is most often used on charging pads, such as the tablet you may have on your computer. This technology, however, is by no means modern. For example, many electrical toothbrushes use induction to charge wirelessly. For induction, both the unit and the charging pad must have the coils to move the power wirelessly.</p><p></p><h3><strong>Why do we need wireless charging?</strong></h3><p>The biggest benefit of wireless charging lies in the phrase-wireless. For wireless charging, you reduce the congestion of charging cords and restrict it to only the power cord of the charging pad. You don't need to worry about the issue of plugging in your wire, either-just place your phone on the charging pad and start charging right away. Advanced development implementations are now getting interesting. Manufacturers like Huawei and Samsung are introducing reverse wireless charging, enabling phones to charge other phones and smaller devices wirelessly.</p><p></p><h3><strong>The functionalities of wireless charging</strong></h3><p>Essentially, wireless charging uses a loop of coiled wires circling a bar magnet — known as an inductor. As the electrical current travels through the coiled wire, it generates an electromagnetic field around the magnet, which can then be used to shift the voltage or charge to anything nearby.</p><p></p><p>Most wireless power stations still use a pad with an inductor inside, while electronic toothbrushes, for example, have long had wireless charging installed on their bases. As the intensity of the electromagnetic field decreases dramatically at a distance (as the square of the distance between the objects), the system must be very close to the charging station in order to get a lot of power this way.</p><p></p><p>However, although the fundamental principle of wireless charging has been known for more than 100 years, scientists have not yet developed a method of efficiently transmitting vast quantities of electricity using this technique. The amount of electrical charge transmitted is proportional to the number of coils that can be looped around the small bar magnet as well as the magnet power. Before recently, cables and devices could not be made lightweight enough and inexpensive enough to make wireless charging viable.</p><p></p><h2><strong>Industries standing on the receiving end of advancements in wireless charging:</strong></h2><h3><strong>Automotive</strong></h3><p>Vehicle pollution has been a significant source of air pollution-induced diseases. And this induces worldwide demand for the electric vehicle. However, if most of the electric cars on the market today will need to be plugged in for recharging, wireless charging will soon change that.</p><p></p><p>Since people normally park their vehicles in one place, such as a garage or a parking space, electric cars may use wireless charging from that space. Electric vehicles (EVs) are another area in which wireless charging will revolutionize the technologies used. Nevertheless, while the industry has taken several strides forward, EVs are still trapped in the production process.</p><p></p><h3><strong>Electronics</strong></h3><p>Using wireless charging to charge your cell phone is perhaps the most common use for inductive wireless charging today since this form of wireless charging works better with larger and flat surface devices. Because of this, you can only place your phone down on a charging pad without having to plug it in.</p><p></p><p>Technical developments in mobile devices, such as integrated wireless charging technologies, build awareness among customers of wireless charging. The number of mobile device manufacturers who incorporate the wireless charging feature in a smartphone, wearable, laptop, and notebook high-end models is growing, accelerating the adoption of wireless charging technologies.</p><p></p><h3><strong>Healthcare</strong></h3><p>Wearables and other portable gadgets work well for (radio frequency) RF wireless charging because they are not limited to the scale and form of the coils in the same manner because of inductive charging. As wearables become more and more common, it becomes more and more irritating to have yet another wire or rope in our lives. That is where wireless charging comes in.</p><p></p><p>The implantable medical devices market has a very significant place in the healthcare industry. These machines that are used as hip, knee, or heart implants now use a wireless charger, which further reinforces the demand for wireless charging. Several cardiac devices use implanted battery packs, such as pacemakers. Others, such as cardiac assist pumps, use wires to provide the device with energy. Such wires tend to cross the barrier to the skin and are at risk of being removed. The areas where the surface layer is breached by the wire are also at high risk for bacterial contamination. A modern, wireless solution will have tremendous benefits for this area.</p><p></p><h2><strong>What’s trending in the industry?</strong></h2><h3><strong>Qi technology</strong></h3><p>The number of uses for wireless charging is increasing exponentially – as is the number of devices with wireless charging capabilities. Qi technology from the Wireless Power Consortium (WPC) tends to be the industry leader. In addition to Qi technology, radiofrequency (RF) and infrared (IR) technologies are also becoming increasingly prevalent.</p><p></p><h3><strong>Wireless-charging-enabled smartphones</strong></h3><p>Wireless charging is the norm these days and everyone makes some amazing wireless charging mobiles due to wireless charging that is compliant with phones. The adoption of wireless charging technology has been gaining pace and is being deployed in many devices, particularly with smartphones following Apple’s commitment in 2018, and this adoption rate is much higher than Bluetooth’s adoption into technology. Wireless charging systems now make up nearly half of the high-end smartphones sold, and that innovation is now in the hands of the consumers and employees.</p><p></p><h3><strong>Copper in EV charging</strong></h3><p>While the appeal of electric cars continues to grow, the rising competition also highlights the charging problems faced by owners. Charge stations are not easily accessible or available, so many of them allow the driver to link the cable to the vehicle. Nevertheless, in comparison to liquid fuels, electrical electricity does not require a physical connection to the vehicle, and as wireless charging technology advances, it would be easy to charge in several more locations without using cables.</p><p></p><p>Wireless charging is an important part of the transition to the future, where hybrid vehicles predominate. High-power, high-speed chargers can be important for anyone commuting long distances, but for regular everyday driving, the option to quickly recharge the batteries while shopping, working, or visiting a restaurant is a convenience.</p><p></p><h2><strong>Summing up</strong></h2><p>The wireless charging market is becoming increasingly mainstream as more companies begin to integrate technology into their products. Even though wireless charging is slow to catch on the market, Samsung and several Android vendors have already started incorporating it into their smartphones, and Apple is believed to be focusing on wireless charging functionality as well. Places like Ikea and Starbucks have already started to incorporate wireless charging pads into their services.</p><p></p><p><strong>Free Valuable Insights:</strong><span> </span><a href="https://www.kbvresearch.com/news/wireless-charging-market/">Global Wireless Charging Market to reach a market size of USD 25.6 billion by 2026</a></p><p></p><p>Wireless charging is approaching a turning point. It's no longer just about setting a mobile on a pad; now it is all about the next wave of applications. It may take some time, but wireless charging is undoubtedly on the horizon. So next time an individual learns of wireless charging, they can associate the trends with potential devices, be it wearables or IoT apps that are easily or wirelessly connected to the charging stations part of your daily life.</p></div>Board Excellence 101: Your Guide to Building A Forward-looking Boardhttps://globalriskcommunity.com/profiles/blogs/board-excellence-101-your-guide-to-building-a-forward-looking2020-03-23T06:00:00.000Z2020-03-23T06:00:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>The amount of time the <a href="https://flevy.com/business-toolkit/board-of-directors">Board of Directors</a> spend on their work and commit to strategy is rising. Directors say they dedicate more time now<a href="http://flevy.com/blog/wp-content/uploads/2020/01/pic-1-Board-Excellence-Primer-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2020/01/pic-1-Board-Excellence-Primer-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-Board-Excellence-Primer-300x200.jpeg?profile=RESIZE_710x" /></a> to their Board duties than ever before. In fact, since 2011, the directors have cut in half the gap between the actual and ideal amount of time they spend on Board work.</p><p>In the newest <a href="https://www.mckinsey.com/featured-insights/mckinsey-global-surveys">McKinsey Global Survey</a> on <a href="https://flevy.com/business-toolkit/corporate-board">Corporate Boards</a>, the results showed that strategy, on average, is the main focus of many Boards. Yet, directors still want more time for strategy when they consider their relative value to their companies. This is more than any other area of the Board work.</p><h3><strong>The Evolving Trends Influencing Board Work</strong></h3><p>In recent years, the amount of time the Board of Directors spends on Board work has increased. Compared to 2011, directors now spend five more days per year on Board work. Another trend that is happening is the increase in time. As the number of days has grown, so has the amount of time spent on strategy.</p><p>Based on the survey, a total of 772 days was spent on Board work in 2013. This has increased to 1,074 in 2015. Subsequently, 8.91% was spent on strategy in 2015 compared to 7.85% in 2013. With an increased focus on strategy, directors are dedicating more time on <a href="https://flevy.com/strategic-planning">Strategic Planning</a> and to discuss strategic issues.</p><p>In the next three years, directors would like to dedicate more time to <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a> and on organizational health and talent management. Directors want to increase the time spent on strategy due to its relative value to their companies.</p><h3><strong>The 3 Types of Boards</strong></h3><p>Performance of Boards based on overall impact, performance, and operation showed that there are <a href="https://flevy.com/browse/flevypro/board-excellence-primer-3995">3 types of Boards</a>.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-primer-3995" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2020/01/Pic-2-Board-Performance-Excellence-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="Pic-2-Board-Performance-Excellence-1024x768.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Ineffective</strong>. Ineffective Boards report the lowest overall impact and non-performance of tasks. They have the lowest overall impact on long-term value creation. Ineffective Boards are least effective at the 37 tasks required of the Board and they do not execute some of the tasks at all. Only a few are found to be effective at any one task.</li></ol><ol start="2"><li><strong>Complacent</strong>. Complacent Boards have a much more favorable view of their over-all contributions. Half of the directors considered their Board having a very high impact on long-term value creation. Complacent Boards have been found to be effective in the performance of tasks on management review of financial performance, setting the company’s overall strategic performance, and formally approving the management team’s strategy.</li></ol><ol start="3"><li><strong>Excellent</strong>. Excellent Boards are the most well-rounded of the 3 types of Board of Directors. Their overall impact is very high. Significantly, they project greater effectiveness in the performance of tasks than peers on every single task. Further, they are effective in strategy and performance management.</li></ol><h3><strong>Achieving Board Excellence: What Does It Take</strong></h3><p>Those <a href="https://flevy.com/browse/flevypro/board-excellence-primer-3995">boards that reach Excellence</a> are found to be effective at 30 of the 37 tasks undertaken by the Board. Compared to others, they stand out in the ways they operate. They have an especially strong culture and mechanism for feedback. They are more than twice as likely to conduct regular evaluations and ask for input after each meeting.</p><p>While this may sound daunting, achieving a value-creating Board is achievable. There are just fundamental principles that the Board needs to follow to achieve Board Excellence. One of these guiding principles is spending more time. Across-the-board increases are often achieved with more time spend on Board work.</p><p>Interested in gaining more understanding of <a href="https://flevy.com/browse/flevypro/board-excellence-primer-3995">achieving Board Excellence</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-primer-3995">editable PowerPoint about <strong>Board Excellence</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>How to Achieve Board Excellence? Here's a Guide to Engaging Your Boardhttps://globalriskcommunity.com/profiles/blogs/how-to-achieve-board-excellence-here-s-a-guide-to-engaging-your2020-03-18T06:30:00.000Z2020-03-18T06:30:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>The business has become more challenging as the global market becomes more demanding. This change in the global market is putting<a href="http://flevy.com/blog/wp-content/uploads/2019/12/pic-2-Board-Excellence-Engagement-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-2-Board-Excellence-Engagement-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-2-Board-Excellence-Engagement-300x200.jpeg?profile=RESIZE_710x" /></a> pressure not only on Management but also on the Board. <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a> now demands that organizations should not only be effective but there should also be <a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997">Board Excellence.</a></p><p>Today, the demand has ceased to be about spending more time. Boosting the effectiveness of the Board is not anymore about spending more time. The urgent call now is to focus on changing the nature of engagement between directors and the executive teams that they work with.</p><h3>The Importance of Board Engagement</h3><p>Changing the nature of the <a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997">Board Engagement</a> will lead Directors and CEOs to make effective use of their limited time. It will build the capacity of the Board Members to bring disparate points together. This is critical when keeping a Board functional rather than dysfunctional.</p><p>There are no shortcuts to building and maintaining a well-attuned Board and executive mechanics. These require hard work from the Board Members and a CEO with a thick skin. But a good Director will provide the extra effort, and an effective CEO will make the most of an engagement board’s limited time.</p><h3>Achieving Board Engagement</h3><p>Board Engagement can be built and it can be improved. The nature of engagement between the Directors and Management need not remain at a standstill. There are <a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997">5 areas to improve Board Engagement</a>.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Board-Excellence-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-1-Board-Excellence-1024x768.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Engagement between Board Meetings</strong>. This is more than just meetings. It is about touching based between meetings. When this is undertaken, it keeps Board Members informed and strengthens the Board’s hand on the company pulse. Engagement between Board Meetings minimizes the background time that slows up regular Board meetings.</li></ol><ol start="2"><li><strong>Engagement for Strategy Formulation</strong>. This area of improvement enables the Board to actively participate in the formation of strategy and be proactive. Participation is already encouraged right at its early formation and stress-testing of strategy.</li></ol><ol start="3"><li><strong>Engagement for Talent Development</strong>. When this is put in place, Board Members get to act like a highly effective search firm. This happens as a result of a change in focus from simply observing talent to actively activating them. This area of improvement raises the bar to actively cultivate talents.</li></ol><ol start="4"><li><strong>Engagement in the Field</strong>. This area of improvement may be something that may be new to Board Members. Often, the Board has been used to taking a role in policy making however they have not been part of operations. Engagement in the field is focused on assigning Directors specific operational areas to engage on. This will require the Board to visit at least one business site every 12 months. Doing this will bring a load of advantages as the Board gets to be more knowledgeable about the organization.</li></ol><ol start="5"><li><strong>Engagement on Tough Decisions</strong>. The main focus of this area is on the value of probing difficult, strategic <a href="https://flevy.com/business-toolkit/decision-making">decision making</a>. One may wonder how can this build Board Engagement. Every Board Member need not have industry experience. Yet, they must have the courage to ask difficult questions. When this happens, you get to raise your Board from being dysfunctional to being functional and involved.</li></ol><p>Board Engagement is very crucial at this point in time. It is not enough that they spend more time in Board meetings. It is not enough that they continue to assume roles that they have been doing before. The <a href="https://www.forbes.com/sites/dorieclark/2013/07/09/how-to-stay-relevant-in-a-changing-business-environment/">changing business environment</a> has raised its spectrum when it comes to performance and effectiveness. And this does not only include Management or its employees. This now also involves the Board. Hence, the Board of today more be more engaged and take an active part in areas that are crucial to the organization to remain competitive.</p><p>Interested in gaining more understanding of <a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997">Board Excellence through Engagement</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-engagement-3997">editable PowerPoint about <strong>Board Excellence: Engagement</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>Modernize Your Board’s Role in M&A and Achieve the Greatest Dealshttps://globalriskcommunity.com/profiles/blogs/modernize-your-board-s-role-in-m-amp-a-and-achieve-the-greatest2020-03-11T06:00:00.000Z2020-03-11T06:00:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>Many large corporations depend on <a href="https://flevy.com/business-toolkit/manda-mergers-and-acquisitions-ma">M&A</a> for growth and executives can boost the value that deals create. But poorly executed M&A<a href="http://flevy.com/blog/wp-content/uploads/2019/12/pic-2-Board-Excellence-MA-300x208.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-2-Board-Excellence-MA-300x208.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-2-Board-Excellence-MA-300x208.jpeg?profile=RESIZE_710x" /></a> can saddle investors with weak returns on capital for details. In fact, the margin between success and failure is slim.</p><p>Many Boards are reluctant to cross the line between governance and management. The level of engagement is often outside the comfort zone for some executives and directors. As such, they miss opportunities to help senior executives win at M&A.</p><p>There is a need to modernize the Board’s role in M&A. <a href="https://flevy.com/browse/flevypro/board-excellence-manda-3988">Modernizing the role of the Board in M&A</a> can result in the alignment of the Board and management on the need for bolder transactions with more upside potential. Further, this is essential in achieving a competitive advantage.</p><h3>The 3 Core Opportunities in M&A</h3><p>There are 3 core opportunities for the Board to play an impactful role in M&A.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-manda-3988" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/Pic-1-Board-Excellence-MA-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="Pic-1-Board-Excellence-MA-1024x768.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Potential for Value Creation</strong>. The first core opportunity, potential for <a href="https://flevy.com/business-toolkit/value-creation">Value Creation</a> enables the Board to challenge the executive’s thinking on potential transactions. This is an opportunity for the Board to maintain constant touch with the company’s M&A strategy, the pipeline of potential targets, and emerging deals.</li></ol><ol start="2"><li><strong>PMI Plans</strong>. This is an essential core opportunity that enables the Board to boost value creation to as much as 2-3x the net value. <a href="https://flevy.com/business-toolkit/pmi-post-merger-integration-pmi">Post-merger Integration (PMI) Plans</a> representat an opportunity to pressure test against stretch growth and cost goals before and after a deal. Greater variation in the quality of post-merger plans exist compared to financial analysis and pricing of transactions.</li></ol><ol start="3"><li><strong>Competitive Advantage in M&A</strong>. <a href="https://flevy.com/business-toolkit/competitive-advantage">Competitive Advantage</a> is a core opportunity that is unrelated to a transaction’s deadline. This is an opportunity to create a competitive advantage through M&A skills. These are corporate assets that can be difficult to copy. Making that decision to create a competitive advantage through M&A can lead to bolder decisions with more upside results.</li></ol><p>The 3 core opportunities can promote greater Board engagement. When this happens, discrete deals can be converted into ongoing deal processes and dialogues that can deliver greater value from M&A.</p><h3>Maximizing Core Opportunities to Attain the Greatest Deal</h3><p>The potential of the 3 Core Opportunities to embolden the role of the Board in M&A is great. Organizations just need to have a good understanding of each core opportunity and the underlying key areas or dimensions of each key area. Let us take a look at the 1st Core Opportunity: Potential for Value Creation.</p><p>The Potential for Value Creation has 3 critical key areas that can challenge that lead opportunistic transaction to succeed. One critical key area is Strategic Fit.</p><p>Strategic Fit is key to determining why a company is a better owner than competing buyers. Deals driven by strategy succeed more often when they are part of a stream of similar transactions that support that strategy. This is a key element in <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a>.</p><p><em><strong>How can we enhance the role of the Board relative to this key area?</strong></em> The Board can play a vital role in clarifying the relationship between a potential transaction and <a href="https://flevy.com/strategic-planning">strategic planning</a>. They are also in the best position to define how the deal will support organic-growth efforts in target markets and provide complementary sources of value creation.</p><p>The other key areas under the Potential for Value Creation are <a href="https://www.investopedia.com/terms/f/financial-statements.asp">Financial Statements</a> and Risks vs. Rewards. The Financial Statements is a key area that can correct the Board’s tendency to put emphasis on price-to-earnings multiples which can be limiting. The Risks vs. Rewards, on the other hand, is a key area that challenges the Board to acknowledge uncertainties in pro forma.</p><p>The other 2 Core Opportunities also have their own essential points or dimensions the Board must focus on. Only then can these core opportunities be of the maximum potential of modernizing the Board’s role in M&A and gaining the greatest value.</p><p>Interested in gaining more understanding of achieving <a href="https://flevy.com/browse/flevypro/board-excellence-manda-3988">Board Excellence through M&A</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-manda-3988">editable PowerPoint about <strong>Board Excellence: M&A</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>How to Achieve Board Excellence? Have A High Impact, Strategic Boardhttps://globalriskcommunity.com/profiles/blogs/how-to-achieve-board-excellence-have-a-high-impact-strategic2020-03-11T06:00:00.000Z2020-03-11T06:00:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>The pressure on <a href="https://flevy.com/business-toolkit/board-of-directors">Boards and Directors</a> to raise their game has remained acute. A survey of more than 770 directors from public and <a href="http://flevy.com/blog/wp-content/uploads/2019/11/pic-1-HIgh-Impact-Strategic-Boards-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/11/pic-1-HIgh-Impact-Strategic-Boards-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-HIgh-Impact-Strategic-Boards-300x200.jpeg?profile=RESIZE_710x" /></a>private companies across the industries around the world suggested that some are responding more energetically than others.</p><p>There is a dramatic difference between how directors allocate their time among boardroom activities and the effectiveness of the Boards. One in four directors assessed their impact as moderate or lower, while others reported as having a high impact across Board functions.</p><p>Today, the call to become more forward-looking and achieving <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">Board Excellence</a> is further highlighted. This is further emphasized when the Board and Management are pressured to find the best answers to global business concerns and issues. In <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a>, this becomes invaluable. It does not only lead to clearer strategies but also the creation of alignment essential in making bolder moves.</p><p>While these are essential, there is a need to raise the quality of engagement on strategy between the Board and Management for each group to achieve smarter options. This is possible only if organizations have <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">high impact, strategic Boards</a> in place.</p><p>High impact, strategic Boards have a greater impact as they move beyond the basics and face increasing challenges.</p><h3>The Challenges that Today’s Board Face</h3><p>Business is fast-changing and rapidly transforming. The global economy is increasingly pushing businesses, as well as the Board to face a gamut of challenges.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/11/pic-2-High-Impact-Strategic-Board-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-2-High-Impact-Strategic-Board-1024x768.png?profile=RESIZE_710x" /></a></p><p>What are the 2 main challenges facing Boards today?</p><p><strong>First is Time Commitment.</strong> Working at a high level takes discipline – and time. In fact, the greater time commitment is expected on <a href="https://hbr.org/2014/05/from-purpose-to-impact">high impact activities</a>. The Board often have 6 to 8 meetings a year. As a result, they are often hard-pressed to get beyond the compliance-related topics to secure the breathing space needed for developing a strategy.</p><p>Often, it is the very high impact Directors who invest more time compared to moderate or lower average Directors.</p><p>Who are your very high impact Directors? They are those spend a total of 40 days a year working for the Board compared to 19 days of low impact Directors. An extra 8 workdays a year is invested in strategy and an extra 3 workdays a year are spent on <a href="https://flevy.com/business-toolkit/performance-management-perf">Performance Management</a>, <a href="https://flevy.com/business-toolkit/manda">M&A</a>, <a href="https://flevy.com/business-toolkit/organizational-health">Organizational Health</a>, and <a href="https://flevy.com/business-toolkit/risk-management">Risk Management</a>.</p><p>High impact Directors who believe that their activities have greater impact spend significantly more time on these activities compared to low impact Boards.</p><p><strong>Second is Strategy Understanding.</strong> Why is Strategy Understanding a challenge for the Board? Limited understanding of the organization’s strategy can result in the Board’s limited engagement with the organization. Based on the survey made, only 21% of the Directors have a complete understanding of the current strategy. Often, Board members have a better understanding of the company’s financial position rather than its risks or industry dynamics.</p><p>If we look at high impact Directors, they invest more time in dealing with strategic issues. In fact, they invest 8 extra workdays a year on <a href="https://flevy.com/strategic-planning">Strategic Planning</a> and discussing strategy compared to low impact Directors. High impact Directors center on <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">Strategy Focus Areas</a> which can, in turn, spur high-quality engagement from the Board on strategy development. The quality of Board engagement on strategy is enhanced, both when the engagement is deep and during the regular course of business.</p><p>The Board just needs to focus on 3 areas of discussion for the Board to enhance Strategy Development. One of them is <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">Industry and Competitive Dynamics</a>.</p><p>Interested in gaining more understanding of <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">Board Excellence via High Impact, Strategic Boards</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-high-impact-strategic-boards-3986">editable PowerPoint about <strong>Board Excellence: High Impact, Strategic Boards</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>The 3 Effective Tests of Assessing Human Dynamics of the Boardhttps://globalriskcommunity.com/profiles/blogs/the-3-effective-tests-of-assessing-human-dynamics-of-the-board2020-03-06T06:36:07.000Z2020-03-06T06:36:07.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>Many Boards have improved their structures and processes. Yet, despite all the corporate-governance reforms undertaken, many <a href="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Board-Excellence-Human-Dynamics-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Board-Excellence-Human-Dynamics-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-Board-Excellence-Human-Dynamics-300x200.jpeg?profile=RESIZE_710x" /></a>Boards failed the test of the financial crisis. This shows that even if the <a href="https://flevy.com/business-toolkit/board-of-directors">Board of Directors</a> is stacked with high qualified members and best practices, these are not enough.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999">Human Dynamics</a> has come to fore in today’s highly volatile business environment. Without the right Human Dynamics, there will be a little constructive challenge between independent Directors and Management, no matter how good the Board’s processes are.</p><p>Without Human Dynamics, the Board’s contribution to the company’s fortune is likely to fall short of what it could and should. This is also a concern for executives who are not Directors but report to the Board. Without Human Dynamics, it makes it difficult for them to develop healthy and productive relationships with their Boards. This can have a dire effect on <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a> or when organizations are undergoing <a href="https://flevy.com/browse/stream/transformation">Business Transformation</a>.</p><h3>The Importance of Human Dynamics</h3><p>Human Dynamics is an organizational state where collaborative CEO and Directors think like owners and guard their authority. Without the right Human Dynamics, there will be a little constructive challenge between independent Directors and Management.</p><p>Why is Human Dynamics important? When there is a lack of Human Dynamics between CEO and Directors, this can lead to an ineffective performance in the Boardroom. Board’s contribution to the company’s fortunes will fall short of what it could and should be. Non-director executives will have difficulty developing a healthy and productive relationship with the Board. Most importantly, aspiring Directors will be unable to learn what it means to be a good corporate Director.</p><p>This can be detrimental to the organization and can direly affect its competitive advantage. However, achieving the right Human Dynamics is not easy. Understanding and identifying the contours of such a fluid interpersonal exchange can be a challenge to both the Board and the CEO.</p><h3>The 3 Tests in Assessing the Board’s Human Dynamics</h3><p>While it may be a challenge, building the right Human Dynamics between the CEO and the Directors is essential. There are 3 Tests executives can use to guide them in assessing the <a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999">Board’s Human Dynamics</a>.</p><p><a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Human-Dynamics-3-Tests-1024x746.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-1-Human-Dynamics-3-Tests-1024x746.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Board Ownership Mindset</strong>. Currently, outside Directors continue to be passive participants. They do not challenge Management beyond asking a few questions during Board meetings. This test is focused on building Boards to be vital stewards of the organization.</li></ol><ol start="2"><li><strong>CEO Collaborative Mindset.</strong> CEOs nowadays are failing to inform or involve the Board on critical developments such as merger discussions. As a result, there can be a breach of trust which can cost the CEOs their job. The second test ensures that a collaborative CEO is in place.</li></ol><ol start="3"><li><strong>Board Authority & Independence</strong>. The third test is focused on enabling the Board to protect its stand and independence. This is necessary when the authority of the Board is being chipped away as the CEO experiences greater success. There is also less robust questioning of Management’s proposal or worst, the readiness of the Board to agree to unreasonable demands on executive remuneration.</li></ol><p>The 3 Tests for Boards is an effective guiding principle in developing the right <a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999">Human Dynamics between the Board and the CEO</a>. When it comes to well-functioning Boards, best practice structures are not enough. It is essential that the right Human Dynamics exists as it can help the Board and Management to fulfill their potential.</p><p>Interested in gaining more understanding of <a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999">Board Excellence through Human Dynamics</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-human-dynamics-3999">editable PowerPoint about Board <strong>Excellence: Human Dynamics</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>The 4 Tactics our Board Should Adopt for a Long-term, Strategic Mindsethttps://globalriskcommunity.com/profiles/blogs/the-4-tactics-our-board-should-adopt-for-a-long-term-strategic2020-03-06T05:51:35.000Z2020-03-06T05:51:35.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>When things go wrong on a grand scale, often we direct our attention to the role of the Board. Debate exudes and often gets heated up<a href="http://flevy.com/blog/wp-content/uploads/2019/11/pic-1-Long-term-Mindset-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/11/pic-1-Long-term-Mindset-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-Long-term-Mindset-300x200.jpeg?profile=RESIZE_710x" /></a> and intensifies. This often happens when the Board spends more time looking in the rearview mirror and not enough scanning the road ahead. When this happens, governance suffers.</p><p>Often, the <a href="https://flevy.com/business-toolkit/board-of-directors">Board of Directors</a> spend a bulk of its time on quarterly reports, audit reviews, budgets, and compliance. However, with the change in the business environment, there is a greater need to redirect the Board’s attention on matters crucial to the future prosperity and direction of the business. One of this is <a href="https://flevy.com/browse/stream/strategy-development">Strategy Development</a>. Achieving this requires the development of a dynamic <a href="https://flevy.com/browse/flevypro/board-excellence-long-term-mindset-3985">Board with a long-term mindset</a> capable of creating forward-looking agenda and activities that get sufficient time over a 12-month period.</p><h3><strong>The Changing Board Agenda</strong></h3><p>The <a href="https://flevy.com/browse/flevypro/board-excellence-long-term-mindset-3985">Board Agenda</a> is changing. It is becoming more dynamic and it has increasingly highlighted forward-looking activities. Long-term economic, technological, and demographic trends are radically shaping the global economy. The second Industrial Revolution now requires the Board to shift focus. The Board is now challenged to focus on matters crucial to achieving <a href="https://flevy.com/operational-excellence">Operational Excellence</a> and the future direction of the organization. Directors must devote more time to strategic and forward-looking aspects of the agenda. They must cease seeing the job as supporting the CEO, but instead, be strategic in making sure long-term goals are formulated and met.</p><p>Having a forward-looking Board has now become every organization’s imperative. However, this can only be achieved if there is a solid foundation that is anchored on three guiding principles. Organizations must have the right Board Member, a clear definition of the Board’s role, and greater time commitment from members. At this time when a long-term mindset has come to a fore, these have become essential.</p><h3><strong>Developing a Long-term Mindset: The 4 Essential Tactics</strong></h3><blockquote><p>“Strategy without tactics is the slowest route to victory. Tactics without strategy are the noise before defeat.” - <a href="https://en.wikipedia.org/wiki/Sun_Tzu">Sun Tzu</a></p></blockquote><p>Organizations can undertake 4 essential tactics to encourage the Board to have a long-term mindset.<a href="https://flevy.com/browse/flevypro/board-excellence-long-term-mindset-3985" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/11/pic-2-LOng-term-MIndset-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-2-LOng-term-MIndset-1024x768.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Study the External Landscape</strong>. This is the starting point of creating a forward-looking mindset. The primary purpose of this tactic is to expose the Board to new technologies and market developments relevant to the company’s strategy. Studying the external landscape will challenge management with critical questions.</li></ol><ol start="2"><li><strong>Participate in Strategy Development</strong>. This tactic focuses on making strategy a vital part of the Board’s DNA. Participating in the <a href="https://flevy.com/strategic-planning">Strategy Planning</a> process will strengthen the Board’s role in co-creating and ultimately agreeing on the company’s strategy.</li></ol><ol start="3"><li><strong>Focus on Long-term Talent Development</strong>. The third tactic, this tactic focuses on unleashing the full power of the people. It will effectively reallocate skills and experience to a business with more potential. To achieve its expected result, the key is the Board must agree with management on a sensible approach to reviewing executive talent.</li></ol><ol start="4"><li><strong>Identify Existential Risks</strong>. This is the tactic that focused on the <a href="https://flevy.com/business-toolkit/risk-management">Risk Management</a> of existential risks. Because of accelerating technological progress, existential risks have become a recent phenomenon. Existential risks have a great detrimental impact not only on business but also on mankind. The Boards have the duty to ensure that management teams pursue bottom-up investigations, identify key risk areas, and act on the results.</li></ol><p>The 4 tactics are essentially effective in creating long-term mindsets. When this is achieved, <a href="https://flevy.com/business-toolkit/board-of-directors">Board Excellence</a> is never far behind.</p><p>Interested in gaining more understanding of achieving <a href="https://flevy.com/browse/flevypro/board-excellence-long-term-mindset-3985">Board Excellence via a Long-term Mindset</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/board-excellence-long-term-mindset-3985">editable PowerPoint about <strong>Board Excellence: Long-term Mindset</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>On-Board Charger Market Analysis and Industry Share (2019-2029)https://globalriskcommunity.com/profiles/blogs/on-board-charger-market-analysis-and-industry-share-2019-20292019-08-08T11:00:00.000Z2019-08-08T11:00:00.000ZBIS Researchhttps://globalriskcommunity.com/members/BISResearch<div><p><a href="{{#staticFileLink}}8028294900,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8028294900,original{{/staticFileLink}}" class="align-full" alt="8028294900?profile=original" /></a></p><p>The report constitutes an in-depth study of the global on-board charger market, including a thorough analysis of the types of propulsion types and power output. The study also presents a detailed analysis of the market dynamics and the estimation of the market size over the forecast period 2019-2029. The industry analysis presents a detailed insight about the major market players in the global on-board charger market using the value chain analysis.</p><p><strong>Browse the Full TOC "On-Board Charger Industry"</strong></p><p><strong><a href="https://bisresearch.com/industry-report/on-board-charger-market.html">https://bisresearch.com/industry-report/on-board-charger-market.html</a></strong></p><p>The market analysis includes an in-depth examination of the key ecosystem players and key strategies and developments taking place in this market. It includes the market dynamics (market drivers, opportunities, and challenges) and industry analysis. The purpose of the study is to gain a holistic view of the global on-board charger market in terms of various factors influencing it. The market has been segmented into ‘propulsion type’, ‘power output’, ‘end market’, and ‘region’.</p><p><strong>Request the Sample @ <a href="https://bisresearch.com/requestsample?id=730&type=download">https://bisresearch.com/requestsample?id=730&type=download</a></strong></p><p><strong>Market Segmentation</strong></p><p>The on-board charger market has been tracked along the lines of propulsion type, power output, and regions (North America, Europe, Asia-Pacific, and Rest-of-the-World). Revenue generated from propulsion type (battery electric vehicle, and plug-in hybrid electric vehicle), and power output (below 7.2 kW, and above 7.2 kW) has been analyzed. The report also covers the on-board charger market on a global scale and consequently provides revenue data of the key regions. A separate segment specifically has been dedicated to the key global regions: North America, Europe, Asia-Pacific (APAC), and Rest-of-the-World (RoW).</p><p><strong>Key Companies in the Global On-Board Charger Market</strong></p><p>The report also formulates the entire supply chain of the market, along with industry trends of on-board charger, technology trends, and competitive scenario. Some of the key players identified in the report are Delphi Technologies PLC, Toyota Motor Corporation, Delta Electronics Inc., and LG Chem Ltd.</p><p><strong>Related Reports:</strong></p><p><strong><a href="https://bisresearch.com/industry-report/automotive-inverter-market.html" target="_blank">Global Automotive Inverter Market – Analysis and Forecast, 2019-2029</a></strong></p><p><strong><a href="https://bisresearch.com/industry-report/electric-vehicle-fast-charging-system-market.html" target="_blank">Global Electric Vehicle Fast Charging System Market – Analysis and Forecast, 2019-2029</a></strong></p><p><strong>About Us:</strong></p><p>BIS Research is a global market intelligence, research and advisory company which focuses on those emerging trends in technology which are likely to disrupt the dynamics of the market over the next five (or ten) years.</p><p>With over 150 market intelligence reports published annually, BIS Research focuses on various technology verticals such as 3D printing, advanced materials & chemicals, aerospace and defense, automotive, healthcare, electronics & semiconductors, robotics & UAV and other emerging technologies.</p><p>Each research report incorporates detailed analysis and subsequent quantification of- market dynamics, market drivers and restraints, opportunities, threats, market shares, current and emerging industry trends as well as detailed competitive landscape and intelligence.</p><p><strong>Contact:</strong></p><p><strong>39111 PASEO PADRE PKWY STE 313,</strong></p><p><strong>FREMONT CA 94538-1686,</strong></p><p><strong>E-mail : sales@bisresearch.com</strong></p><p><strong>Call Us : +1-510-404-8135</strong></p></div>Facebook’s Failure to Mitigate Cyber Risks Could Cost Billionshttps://globalriskcommunity.com/profiles/blogs/facebook-s-failure-to-mitigate-cyber-risks-could-cost-billions2018-11-14T21:12:55.000Z2018-11-14T21:12:55.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><h2 class="graf graf--h4 graf-after--h3 graf--subtitle"><span style="font-size:18pt;"><strong>In late September, Facebook announced that it had discovered a breach in its network that had exposed the personal data of nearly 50 million users to hackers.</strong></span></h2><p class="graf graf--p">The hackers exploited a feature in Facebook’s code to gain access to user accounts, potentially enabling them to take control of them. The <a href="https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html" class="markup--anchor markup--p-anchor" target="_blank">breach</a> was the largest in Facebook’s fourteen years of existence.</p><p class="graf graf--p">The fallout Facebook is facing from this breach is the latest example of the <a href="https://www.logicmanager.com/erm-software/2018/04/26/see-through-economy-risk-management/" class="markup--anchor markup--p-anchor" target="_blank">see-through economy</a> at work. Since September 27, Facebook’s market value has dropped over 8%. However, the string of recent scandals that have occurred since July 20 of this year has reduced Facebook’s market value by nearly 25%. This is the financial cost of Facebook’s <a href="https://qz.com/1171602/facebook-shareholders-filed-a-proposal-that-would-establish-a-risk-oversight-committee/" class="markup--anchor markup--p-anchor" target="_blank">decision</a> to reject an investor proposal for the company to create a separate and independent risk committee. Had Facebook headed this request, this breach would have been avoided.</p><p class="graf graf--p">Furthermore, Facebook could face a fine of as much as $1.63 billion in the European Union for the breach under the GDPR law that went into effect earlier in 2018. This is one of the first major tests of the GDPR. While there have been a number of other breaches, few if any have been on the scale of Facebook’s recent breach.</p><p class="graf graf--p">Under <a href="https://www.logicmanager.com/erm-software/2018/08/16/gdpr-readiness-statistics/" class="markup--anchor markup--p-anchor" target="_blank">GDPR</a>, companies are required to notify regulators within 72 hours of the breach occurring. Facebook could face a fine of up to $850 million if they were found to be outside of the 72-hour window. According to a <a href="https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906" class="markup--anchor markup--p-anchor" target="_blank">report</a> in <em class="markup--em markup--p-em">The Wall Street Journal</em>, it appears Facebook may have notified Ireland’s Data Protection Commission, the lead privacy regulator for Facebook in the EU, within the 72-hour timeline.</p><p class="graf graf--p">The Irish DPC, however, has said that Facebook’s notification “lacked detail.” If EU regulators determine that Facebook failed to take sufficient measures to secure user data prior to the breach, Facebook would face a maximum fine of €20 million ($23 million) or 4% of worldwide revenue, whichever is greater. Based on Facebook’s 2017 revenue, the latter amount would be $1.63 billion.</p><h3 class="graf graf--h3"><span style="font-size:14pt;"><strong>A Risk-Based Approach to GDPR</strong></span></h3><p class="graf graf--p">The GDPR is risk-based, which means that failing to take sufficient measures to mitigate a risk can result in greater penalties for companies. To avoid penalties, companies can use enterprise risk management software to document what the company did, when it did it, and which employees were responsible for the planning and execution. Proper operationalization of <a href="https://www.logicmanager.com/grc-software/risk-management/" class="markup--anchor markup--p-anchor" target="_blank">ERM software</a> would have likely enabled Facebook to avoid most, if not all, the GDPR penalties.</p><p class="graf graf--p"><a href="https://www.logicmanager.com/erm-software/2018/04/26/see-through-economy-risk-management/" class="markup--anchor markup--p-anchor" target="_blank">Reputation risk</a> is also a major factor for both customers and investors. For Facebook, the failure to quickly react to the breach and communicate how they were not negligent in managing data privacy prior to the incident, coupled with its post-breach reaction, is a considerable impediment to its efforts to regain user and investor trust after a <a href="https://www.logicmanager.com/erm-software/2018/03/23/esg-investors-target-facebook-repeat-failures-risk-management/" class="markup--anchor markup--p-anchor" target="_blank">series of privacy and security scandals</a>.</p><h3 class="graf graf--h3"><span style="font-size:14pt;"><strong>Facebook Could Avoid Costly Fines with Enterprise Risk Management</strong></span></h3><p class="graf graf--p">Within an ERM platform like LogicManager, all of a company’s assets containing EU resident data are clearly documented. The company would be able to quickly determine whether or not EU resident data was compromised as a result of a breach and avoid the GDPR penalty by reporting the breach to EU authorities within 72 hours.</p><p class="graf graf--p">Furthermore, a company is able to demonstrate that its efforts to secure EU resident data is commercially reasonable and sufficient with ERM software. Our software aggregates and connects all the separate policy, risk, readiness standards, controls, and monitoring activities, enabling companies to provide authorities with evidence to back up their case. Our solution not only shows what was done but how comprehensive mitigation activities were, according to commercially responsible standards, enabling our customers to prove their <a href="https://www.logicmanager.com/erm-software/plugins/gdpr-compliance/" class="markup--anchor markup--p-anchor" target="_blank">GDPR compliance</a>.</p><p class="graf graf--p">LogicManager is an ERM platform, which, in contrast to a GDPR solution, would also show all the federal and different state jurisdictions in which it has obligations in the United States to also meet those reporting requirements on time.</p><p class="graf graf--p">Facebook, Google, and other technology firms are aggressively opposed to regulators formalizing privacy risk management responsibilities. These companies would be in a much better position with robust ERM software cybersecurity and privacy governance because it would enable them to clearly demonstrate and support their accountability and existing capabilities for protecting their customers, users, and investors.</p><p class="graf graf--p"><em class="markup--em markup--p-em">This blog was originally posted on</em> <a href="https://www.logicmanager.com/erm-software/2018/11/14/facebook-failure-mitigate-cyber-risks-could-cost-billions/" class="markup--anchor markup--p-anchor" target="_blank"><em class="markup--em markup--p-em">LogicManager.com</em></a></p></div>Overcoming Failures in Risk Management: Is Wells Fargo Getting the Message?https://globalriskcommunity.com/profiles/blogs/overcoming-failures-in-risk-management-is-wells-fargo-getting-the2018-09-19T15:30:00.000Z2018-09-19T15:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><h2><span style="font-weight:400;">It’s been a rough two years for Wells Fargo.</span></h2><p><span style="font-weight:400;">Ever since the existence of the bank’s massive cross-selling scandal came to light in 2016, Wells Fargo seemed to be trapped in a downward spiral of failure after failure in risk management. In 2016, we were</span> <a href="https://www.logicmanager.com/erm-software/2016/09/20/wells-fargo-scandal-risk-management/"><span style="font-weight:400;">the first to identify the root-cause of the cross-selling scandal as being a failed risk management program</span></a><span style="font-weight:400;">, and correctly predicted there would be more Wells Fargo risk management mishaps in the future.</span></p><p><span style="font-weight:400;">In 2018, regulator investigations finally concluded that the Wells Fargo failures were, in fact, risk management negligence and Wells Fargo settled the case for an unprecedented $1 billion dollars. Sadly, risk management failures are systemic in nature, typically result in highly visible scandals, and are entirely preventable.</span></p><p><span style="font-weight:400;">Since news of the initial scandal appeared in 2016, Wells Fargo was responsible for failures in risk management scandal after scandal. Let’s look at a timeline of the last two years:</span></p><ul><li style="font-weight:400;"><span style="font-weight:400;">2009-2016 – Wells Fargo perpetrates a</span> <a href="https://www.logicmanager.com/erm-software/2016/09/20/wells-fargo-scandal-risk-management/"><span style="font-weight:400;">massive cross-selling scandal</span></a> <span style="font-weight:400;">in which millions of accounts were created without consumers’ consent</span></li><li style="font-weight:400;"><span style="font-weight:400;">September 2016 – The CFPB levies a $185 million fine, the highest in their operational history</span></li><li style="font-weight:400;"><span style="font-weight:400;">August 2017 – The bank accidentally leaks the PII for over</span> <a href="https://www.logicmanager.com/erm-software/2017/08/09/wells-fargo-saga-continues-part-1/"><span style="font-weight:400;">50,000 accounts</span></a></li><li style="font-weight:400;"><span style="font-weight:400;">August 2017 –</span> <a href="https://www.logicmanager.com/erm-software/2017/08/17/wells-fargo-auto-loan-scandal-saga-continues-part-2/"><span style="font-weight:400;">Wells Fargo charges 800,000 customers for insurance</span></a> <span style="font-weight:400;">they did not need</span></li><li style="font-weight:400;"><span style="font-weight:400;">October 2017 – The bank wrongly charges homebuyers with fees to lock in mortgage rates</span></li><li style="font-weight:400;"><span style="font-weight:400;">March 2017 – The</span> <a href="https://www.logicmanager.com/erm-software/2018/03/12/wells-fargo-sanctions-send-message-to-us-banks-boards-accountable-risk-management-failures/"><span style="font-weight:400;">Federal Reserve imposes unprecedented sanctions on Wells Fargo</span></a> <span style="font-weight:400;">prohibiting them from growing beyond their holdings in 2017.</span></li><li style="font-weight:400;"><span style="font-weight:400;">April 2018 – Wells Fargo nears</span> <a href="https://www.logicmanager.com/erm-software/2018/04/23/wells-fargo-failures-risk-management-cost-1-billion-settlement/"><span style="font-weight:400;">$1 billion settlement with its federal regulators</span></a></li><li style="font-weight:400;"><span style="font-weight:400;">May 2018 – Wells Fargo</span> <a href="https://www.logicmanager.com/erm-software/2018/05/16/wells-fargo-ad-campaign-better-risk-management/"><span style="font-weight:400;">launches a new ad campaign</span></a> <span style="font-weight:400;">called “Re-Established,” with the goal of regaining customer trust after their repeated failures in risk management. The public disagreed, with social media users saying the campaign seemed “insincere and inauthentic.”</span></li><li style="font-weight:400;"><span style="font-weight:400;">September 2018 – News breaks that the</span> <a href="https://www.wsj.com/articles/justice-department-probing-wells-fargos-wholesale-banking-unit-1536244490"><span style="font-weight:400;">Justice Department is probing</span></a> <span style="font-weight:400;">whether Wells Fargo employees in the bank’s wholesale banking unit committed fraud in the aftermath of revelations that employees inappropriately altered customer information.</span></li></ul><p><span style="font-weight:400;">For two years, Wells Fargo tried to explain away these events as isolated, one-off incidents.</span> <span style="font-weight:400;"><br /></span> <span style="font-weight:400;">However, after billions of dollars in fines and financial losses, and penalizing regulatory actions, it seems the bank is finally joining LogicManager in calling these mishaps what they are: risk management failures.</span></p><h3><span style="font-size:14pt;"><strong>Is Wells Fargo Getting the Message?</strong></span></h3><p><span style="font-weight:400;">The bank has begun</span> <a href="https://www.cnbc.com/2018/03/23/wells-fargos-four-top-risk-management-executives-to-retire-dj.html"><span style="font-weight:400;">reorganizing its risk management</span></a> <span style="font-weight:400;">functions. The corporate risk group will be more empowered to modify business activities as it deems necessary.</span></p><p><span style="font-weight:400;">Seemingly part of the reorganization, Wells Fargo announced in March 2018 the retirement of four senior risk management executives. In May, the bank named a new Chief Risk Officer, who joined from J.P. Morgan Chase.</span></p><p><span style="font-weight:400;">Then, in August</span> <a href="https://www.wsj.com/articles/wells-fargo-risk-executive-to-leave-bank-1534256102"><span style="font-weight:400;">it was reported</span></a> <span style="font-weight:400;">that Wells Fargo’s Chief Operational Risk Officer would be leaving the company as the “bank works through [the] Fed enforcement action.” The bank’s new Chief Operational Risk Officer will report to the Chief Risk Officer named in May. These changes should result in a stronger risk culture at Wells Fargo, the question now, however, is what steps will the bank take to ensure this happens?</span></p><h3><span style="font-size:14pt;"><strong>Steps for Wells Fargo’s New Risk Team to Take</strong></span></h3><p><span style="font-weight:400;">Effective risk management is critical for any financial services organization. Newly-hired risk management executives need to start somewhere, but where?</span></p><p><span style="font-weight:400;">For one, proper</span> <a href="https://www.logicmanager.com/erm-software/operational-risk-management-software/banks/"><span style="font-weight:400;">bank risk management software</span></a> <span style="font-weight:400;">is a good starting place. If implemented and utilized properly, such a platform facilitates:</span></p><ol><li><b>The engagement of front-line supervisors and subject matter experts</b></li></ol><p><span style="font-weight:400;">Frontline supervisors and experts serve as the first lines of defense to risk. They are the most familiar with incidents and engaging them in regular incident reporting and risk assessments is crucial to the success of any risk management program.</span></p><ol start="2"><li><b>Connections across business silos.</b></li></ol><p><span style="font-weight:400;">Connecting the dots between risks occurring across silos enables risk managers to identify upstream and downstream dependencies. This brings common root causes to the surface, and ties together existing mitigation and monitoring activities from across the business. Risk teams can then understand the effectiveness of their existing controls, and prevent cascading collateral damage.</span></p><ol start="3"><li><b>The escalation of top risks to the right person.</b></li></ol><p><span style="font-weight:400;">When risks are tied to common root causes and existing controls, organizations can objectively prioritize the risks that would have the greatest impact on their operations, financial performance, and reputation.</span></p><p><span style="font-weight:400;">An effective risk management program has workflows that enable risks to be assigned to individuals who can allocate the right resources to mitigate the risk. This would have allowed Wells Fargo risk managers to prevent one-hundred-percent of the scandals that occurred in the last two years and the financial consequences of these failures.</span></p><p><span style="font-weight:400;">Video training programs for managers and executives are helpful for awareness in a good security culture but are proven to be lacking the mechanism to identify, assess, mitigate and monitor risks. Organizations with ERM programs that utilize ERM software have a 25% market value premium versus their peers without. With the right risk culture, software, infrastructure, and good governance, Wells Fargo could have identified the root causes of its problems and mitigated those risks before they inflicted significant damage.</span></p><p><span style="font-weight:400;">While Wells Fargo can’t go back in time to fix its mistakes, it can take steps to make sure this never happens again. The first of these steps are outlined in a free on-demand video webinar,</span> <a href="https://www.logicmanager.com/register-integrate-governance-areas-webinar/"><span style="font-weight:400;">How to Operationalize Risk Management</span></a><span style="font-weight:400;">, which provides a step-by-step guide to setting up an effective ERM program.</span></p><p><span style="font-weight:400;">The final topic in our series is presenting</span> <a href="https://www.logicmanager.com/grc-software/risk-management/"><span style="font-weight:400;">enterprise risk management</span></a> <span style="font-weight:400;">to the board of directors. We cover everything you need to know in our free on-demand video webinar: “</span><a href="https://www.logicmanager.com/register-presenting-erm-to-the-board-webinar/"><span style="font-weight:400;">Present ERM to the Board</span></a><span style="font-weight:400;">.” This approach would make risk management activities relevant to all employees, ensuring the company’s risks are managed effectively.</span></p><p><span style="font-weight:400;">Wells Fargo appears to be getting the message. Time will tell if the changes being made will allow the bank to successfully rebuild its reputation and regain the trust of its customers, investors, and regulators.</span></p><p><em><span style="font-weight:400;">This blog was originally published on <a href="https://www.logicmanager.com/erm-software/2018/09/19/overcoming-failures-risk-management-wells-fargo-getting-message/" target="_blank">logicmanager.com</a>.</span></em></p></div>New Regulatory Guidance About Cybersecurity Insurancehttps://globalriskcommunity.com/profiles/blogs/new-regulatory-guidance-about-cybersecurity-insurance2018-05-01T16:15:27.000Z2018-05-01T16:15:27.000ZMichael Joneshttps://globalriskcommunity.com/members/MichaelJones<div><p><a href="{{#staticFileLink}}8028270679,original{{/staticFileLink}}"><img width="750" src="{{#staticFileLink}}8028270679,original{{/staticFileLink}}" class="align-full" alt="8028270679?profile=original" /></a></p><p><br />Does your institution need cybersecurity insurance? Is it required? If utilized, are there rules? Cybersecurity insurance can protect against financial loss in the event of a cyber incident, but there are many intricate details.<br /> <br />The Federal Financial Institutions Examination Council (FFIEC) members have provided a joint statement to help financial institutions understand how <a href="https://www.ffiec.gov/press/pdf/FFIEC%20Joint%20Statement%20Cyber%20Insurance%20FINAL.pdf">cyber insurance</a> impacts risk management and what institutions need to do when considering purchasing cyber insurance. The FFIEC statement was issued in conjunction with the OCC, FDIC, Federal Reserve Board, and NCUA.<br /><br /></p><p>So, based on the latest guidance, there is no requirement to obtain cyber insurance, but if you decide to obtain cyber insurance there are three steps to consider:<br /> <br /><strong>1. Assess current coverage.</strong> Don’t assume current general liability or business interruption policies will cover cyber events. One should look for exclusions. If you already have cyber coverage, whether it’s a standalone policy or an additional rider to another policy, make sure you understand its scope. For instance, a policy might cover a cyber breach at the institution but not a third-party vendor breach. It may also exclude cyber terrorism, the FFIEC says.<br /><br /></p><p>Also recognize the difference between first-party and third-party coverage and which types of coverage you have. First-party coverage includes direct expenses, such as “customer notification, event management, business interruption, and cyber extortion.” Third-party coverage includes claims made by customers, partners, or vendors due to a cyber incident. Because cyber insurance is an evolving field, terminology and other elements of underwriting vary between providers and can change. Due diligence of your insurance provider’s financial stability and past claim payouts is especially important, particularly if multiple institutions end up filing a claim to a large-scale event.<br /><br /><strong>2. Understand that cyber insurance only covers financial risk.</strong> Data breaches, fraud, loss of service, and other issues resulting from cyberattacks can be expensive, but the financial impact is just one risk. Cyber incidents also pose reputational, operational, compliance, legal, and strategic risks. <br /><br /></p><p>While cyber insurance can mitigate the financial risk, it’s no substitute for proper risk management, the FFIEC emphasizes, including identifying, measuring, mitigating, and monitoring cyber risk exposure. Strong controls remain critical. <span>Your institution must be able to meet the insurance company’s risk management requirements to remain eligible for coverage and any potential payout. That makes a strong cyber risk management program a must. A strong program that includes all stakeholders can also help an institution make an educated decision about buying cyber insurance by providing the necessary insights into risk exposure.<br /><br /></span><strong>3. Analyze costs vs. benefits.</strong> Once a thorough risk assessment is in place, compare the cost of cyber insurance with its benefits, the FFIEC says. The greater the <a href="https://ncontracts.com/articles/how-to-measure-data-security-glba-risk/">residual financial risk</a>, the greater the potential benefit for a policy. As risk exposure changes, so might the institution’s need for cyber insurance. Keep the board apprised of developments so they can assess this need.<br /><br /></p><p>Cyber insurance is not a one-size-fits all product. Every institution is different, making a careful cyber risk assessment critical when purchasing cyber insurance.</p><p></p></div>ESG Investors Target Facebook for Repeat Failures in Risk Managementhttps://globalriskcommunity.com/profiles/blogs/esg-investors-target-facebook-for-repeat-failures-in-risk2018-03-23T17:30:00.000Z2018-03-23T17:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><h6><span style="font-size:14pt;"><strong>Facebook’s market capitalization dropped as much as $60 billion after reports emerged that Cambridge Analytica, the data consulting firm used by the Trump Campaign, was given the data of around 50 million Facebook users without their consent.</strong></span></h6><p><span>The Cambridge Analytica scandal is the latest in a series of risk management failures that have plagued the social networking company, which has been grappling with its role in the dissemination of fake news propaganda during the 2016 U.S. presidential election.</span></p><p><span>The fallout from these repeated risk management failures is compounded by what I call the see-through economy: a fast-paced, ultra-transparent age of ever-increasing interconnectivity and technological innovation where consumers and investors can speak out when companies and brands fall afoul.</span></p><h3 class="title-heading-left"><span style="font-size:14pt;"><strong>Facebook’s Reputation Risk</strong></span></h3><p><span>Facebook is rapidly losing its reputation in the see-through economy. This means that the Facebook brand is tarnished. When a company’s brand does not meet the expectations of privacy and accountability, their users are more likely to choose an alternative product to make a statement. In Facebook’s case, users have organized themselves into a movement using the #deleteFacebook hashtag.</span></p><p><span>This is where the growing trend of Environmental, Social, and Governance (ESG) investing is a parallel outcropping of the see-through economy. ESG investors are sending a message that they’re tired of negligence and the mishandling of corporate scandals. Already, shareholders are speaking up about their expectations not being met in a corporation’s risk management programs.</span></p><p><span>Trillium Asset Management, on behalf of the Park Foundation (which owns Facebook shares), has </span><a href="https://www.mercurynews.com/2018/03/21/facebook-and-cambridge-analytica-big-shareholders-propose-changes-amid-chaos/"><span>called on the company</span></a><span> to establish a risk oversight committee that would “better review Facebook’s impact on society and how to mitigate risks.”</span></p><p><span>In January, I told Tony Chapelle of The Financial Time’s </span><a href="http://agendaweek.com/c/1858614/217383/facebook_twitter_social_media_risk_vise"><span>Agenda Week</span></a><span>, it’s clear to me that Facebook hasn’t taken a risk-based approach to solving this problem because the Facebook board declined to put critical pieces of the risk management process in place. Risk oversight committees with appropriate infrastructure, software, processes, and governance have been proven to be effective.</span></p><p><span>A risk oversight committee is responsible for the risk management process effectiveness that includes setting a risk tolerance that creates a balance between an adequate level of governance over third-party access. The risk tolerance should be based upon the risk-reward tradeoff of selling data or making it available to third parties versus the protection of the privacy rights of their user community. The risk tolerance framework is both measurable and enforceable.</span></p><h3 class="title-heading-left"><span style="font-size:14pt;"><strong>Harness the Power of the See-Through Economy with Enterprise Risk Management</strong></span></h3><p><span>All corporate scandals are preventable. These scandals are buried deep in the operations of the company, often known for six months to several years ahead of time and typically reported to supervisors and mid-level managers. The problem is that these individuals often can’t identify the root-cause of these incidents, and do not have the means to connect with employees across the silos of their work groups to understand how related risks transpire in other areas of the business. This means systemic risks aren’t addressed, and managers aren’t able to engage the right resources to fix the heart of the problem.</span></p><p><span>These days, companies seem to be in constant fear of the see-through economy. At LogicManager, we find our customers embrace it. Companies can use enterprise risk management to empower employees, making everyone a process improvement specialist. Instead of treating scandals, such as the one Facebook is embroiled in, as reactive one-off incidents, companies should be using enterprise risk management to identify the root causes of their concerns and address them.</span></p><p><span>If you’re a company like Facebook with countless third-party apps and partners that are using your data, there’s no way to manage all of those relationships effectively without enterprise risk management. In vendor management, the primary concern is prioritizing high-risk vendors, while ensuring that all vendors are held to the same standards. The capabilities of traditional audits, by the nature of their mandate, are limited, and can only adequately cover between 5% and 10% of operations at best with an in-depth independent investigation.</span></p><p><span>Implementing an enterprise risk management program is a complementary cost-effective and efficient means of prioritizing and managing all types of risks, including third-party relationship risk, something Facebook failed to do with Cambridge Analytica. This </span><a href="https://www.logicmanager.com/erm-software/product/risk-based-process/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">risk-based approach</a><span> decentralizes the risk identification and monitoring process, allowing front-line employees to bring attention to the vendors and partners they know their company relies on most, and score relationship risks objectively. ERM systems then find the connections between risks, controls, policies, and outcomes and escalate the gaps to the right level.</span></p><p><span>The truth is, it’s not enough to give your employees the power to escalate incidents, although this is an important step that most companies aren’t doing. You must take it further and connect incidents to root cause risks that can be evaluated, prioritized, and addressed accordingly. The effect of doing this brings attention to the root cause of problems and eliminate 100s if not 1000s or more of symptomatic effects, as seen in the </span><a href="https://www.logicmanager.com/case-study-integrating-risk-and-incident-management/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">case study</a><span> we did with Winona Health.</span></p><p><span>When this type of governance is put in place, you are crowdsourcing process improvement to specialist doing the job every day who are dedicated to accelerating the mission and success of their company.</span></p><p><span>Enterprise risk management is not only about preventing corporate scandals but will help organizations to build an operational culture designed around making processes and operations better; it gives all employees a voice and empowers them to initiate change at the right level with the right priority.</span></p><h3 class="title-heading-left"><span style="font-size:14pt;"><strong>Risk Tips to Improve Personal Privacy and Prevent Business Leaks</strong></span></h3><p><span>Have you checked what information you’re sharing and how your data is used by third-party Facebook applications?</span></p><p><span>Third-party apps still collect limited information on users’ friends, and it’s likely you and your friends have no idea it’s happening. </span><span>Here’s how to revoke Facebook app permissions and adjust privacy settings:</span></p><ol><li><span>Once logged onto Facebook, click the down arrow in the upper right corner and select “settings.”</span></li><li><span>Click “apps” on the left menu.</span></li><li><span>Hover over apps and click the “x” to remove permissions from any app you want to revoke permission from or the pencil icon to edit app permissions.</span></li></ol><p><span>To prevent unauthorized leaks at work, review application permissions and access settings for password length, complexity, and enforcement. Also, review user access, permissions, and feature access controls.</span></p><p><em>This was originally published on <a href="https://www.logicmanager.com/erm-software/2018/03/23/esg-investors-target-facebook-repeat-failures-risk-management/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic" target="_blank">LogicManager.com</a>.</em></p></div>Wells Fargo Sanctions Send Message to U.S. Banks: Boards Are Accountable for Risk Management Failureshttps://globalriskcommunity.com/profiles/blogs/wells-fargo-sanctions-send-message-to-u-s-banks-boards-are2018-03-12T14:06:16.000Z2018-03-12T14:06:16.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><div class="fusion-text"><h6><span style="font-size:14pt;">The Federal Reserve’s unprecedented sanctions against Wells Fargo announced on February 2, 2018, is a warning to bank boards: Directors, not just management, will be held accountable for failures in risk management that result from a lack of proper oversight.</span></h6></div></div><div class="fusion-text"><p><span>In addition to having to replace four of its board directors, the sanctions are constraining Wells Fargo’s growth. The Fed is prohibiting Wells Fargo from growing its balance sheet beyond the $1.95 trillion it held at the end of 2017. The bank expects to lose as much as $400 million in profit this year.</span></p><p><span>While Wells Fargo was the target of this “shock-and-awe” enforcement action, the Fed also sent a clear message to banks across the United States: They will hold board members responsible for failures in risk management.</span></p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-title title fusion-sep-none fusion-title-size-three fusion-border-below-title"><h3 class="title-heading-left"><span>The Fed is signaling it will hold boards accountable.</span></h3></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><p><span>The actions were announced in a </span><a href="https://www.federalreserve.gov/newsevents/pressreleases/enforcement20180202a.htm"><span>press release</span></a><span> published on the Federal Reserve’s website on Janet Yellen’s final day as Chairwoman. This is another message to banks: Former investment banker Jerome Powell may be taking the reins as Chair, but banks should nevertheless expect continued demands for improved board oversight and risk management.</span></p><div class="fusion-text"><p><span>As Powell</span><a href="https://www.wsj.com/articles/federal-reserve-aims-to-go-easier-on-bank-directors-1501781762"><span> stated</span></a><span> in August 2017, “Across a range of responsibilities, we simply expect much more of boards of directors than ever before. There is no reason to expect that to change.”</span></p><p><span>Between 2009 and 2016, thousands of Wells Fargo employees signed up more than 3.5 million customers for checking and credit card accounts without their knowledge. In 2017, the bank announced that it had improperly charged about 800,000 auto loan borrowers for auto insurance.</span></p><p><span>Some believe this was due to the pressure associated with the sales process for goal achievement. However, as I’ve outlined in a series of </span><a href="https://www.logicmanager.com/erm-software/2017/08/09/wells-fargo-saga-continues-part-1/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">blog posts on Wells Fargo</a><span>, the employees involved in these failures cannot be seen as bad people doing bad things. They are good people in a bad process with weak controls. The proof of this being a systemic failure in risk management rather than simply an isolated sales problem as Wells Fargo tried to explain it, exists in the multiple recurrences of scandals across so many unrelated business areas. Until Wells Fargo’s board implements mature and effective risk oversight activities and mitigation processes across their organization, they will leave themselves open to more scandals in other departments.</span></p><p></p><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><p></p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-title title fusion-sep-none fusion-title-size-three fusion-border-below-title"><h3 class="title-heading-left"><span>Board accountability is a fundamental requirement of good governance.</span></h3></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><p><span>Boards of directors must, through their risk oversight role, ensure the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are effective at identifying all risks and demonstrating assurance over the most material ones. Board members have a fiduciary responsibility to shareholders, and a moral responsibility to their customers, to do so.</span></p><p><span>As I exposed in my blog series and interviews in</span><a href="http://agendaweek.com/c/1475043/170163/experts_jail_likely_wells_fargo_board"><span> </span><span>Financial Times Agenda</span></a><span> and other publications, failures in risk management indicate negligence in the board’s duties to provide risk management oversight, and a breakdown in the audit risk management assurance process has deservedly resulted in the removal of board members. It is the Board’s fiduciary duty to ensure an effective systematic process supported by infrastructure, such as designated ERM software, in place that organizes, prioritizes and “connects the dots” between risk management activities that reach out to the front lines, across all silos.</span></p><p><span>Organizations must engage all areas of the business to receive the full benefits of enterprise risk management. This cannot be accomplished without support from the board of directors and the engagement of senior leadership.</span></p><p><em>This blog was originally published on <a href="https://www.logicmanager.com/erm-software/2018/03/12/wells-fargo-sanctions-send-message-to-us-banks-boards-accountable-risk-management-failures/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic" target="_blank">LogicManager.com</a>.</em></p></div></div></div></div></div></div></div></div></div></div></div></div>The Highlights of IMPACT 2017https://globalriskcommunity.com/profiles/blogs/the-highlights-of-impact-20172017-11-29T18:33:22.000Z2017-11-29T18:33:22.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028266261,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266261,original{{/staticFileLink}}" class="align-left" alt="8028266261?profile=original" /></a>LogicManager recently hosted IMPACT 2017, our annual ERM conference where risk professionals gather to share their challenges, successes, and insights in the risk management industry. For two days, LogicManager users lead educational sessions on how they’ve made vast improvements to their various risk and governance programs, such as third-party risk management, compliance, audit, and more.</p><p>This year, we heard from a particularly diverse group of experienced professionals hailing from Boston to Hawaii in industries such as banking, energy, and healthcare. While each attendee’s company and program were unique, their advice was universal to developing a strong ERM program that protects, adds values, and drives success.</p><p>Among the countless moments of knowledge sharing, there were a few highlights that stood out to me throughout IMPACT 2017:</p><p></p><h2><strong>Highlight 1: Reputation is everything in today’s see-through economy</strong></h2><p>I opened the conference by addressing an undeniable trend: our <a href="https://www.logicmanager.com/erm-software/2017/11/10/shift-grc-consumers-reputation-ethics/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">see-through economy</a>. Empowered by social media and ever-advancing technologies, consumers have the means to monumentally impact a company’s reputation. This is of serious consequence to the business world considering intangible assets, such as brand and reputation, account for <a href="https://www.forrester.com/report/GRC+Vision+20172022+Customer+Demands+Escalate+As+Regulators+Falter/-/E-RES136452">87% of the net worth of the S&P 500</a>.</p><p>Instead of treating risk management as a means to meeting hard and fast regulations, the CEOs and Boards of every company will need to build their ERM programs in a way that manages reputational risk. This means listening and responding to the needs of customers, not just regulators.</p><p>This theme resonated with many IMPACT attendees. For example, our third-party risk management panelists unanimously agreed that while you can outsource a process, you can’t outsource its risk. Equifax served as a poignant example of companies failing to properly manage their third parties, and suffering immense reputational consequences because of it.</p><p></p><h2><strong>Highlight 2: The increasing importance of cybersecurity</strong></h2><p>Events like <a href="https://www.logicmanager.com/erm-software/2017/05/16/methods-protect-ransomware-attack/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">WannaCry</a>, <a href="https://www.logicmanager.com/erm-software/2017/09/13/equifax-data-breach-point-of-no-return/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">Equifax</a>, and countless other breaches in recent months have awoken companies to the importance of managing cybersecurity risk. I delivered my opening keynote at IMPACT 2017 on the topic of <a href="https://www.logicmanager.com/watch-webinar-manage-cybersecurity-risks/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">operationalizing cybersecurity</a>, that is, aligning the policies you have in place with the risk and procedures that are carried out across the enterprise to manage and report on that risk.</p><p><a href="{{#staticFileLink}}8028266292,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266292,original{{/staticFileLink}}" class="align-right" alt="8028266292?profile=original" /></a>Many think that more technology is needed to protect their organizations. But if you look at recent events, technology is rarely the root cause of a cyber-related scandal. 81% of breaches leveraged weak or stolen passwords, and only 20% of employees will strengthen their passwords after training. The same is true for following-through on patching, asset management, access rights, and other governance activities with risk-based task management, monitoring and reporting. The weak links in our corporations are now the people, policies, and procedures.</p><p>Fortunately, many attendees spoke towards how they’ve been able to identify gaps between their policies and procedures, and consistently improve their cybersecurity measures.</p><p>Some users shared their experience in the aftermath of <a href="https://www.logicmanager.com/erm-software/2017/09/21/equifax-data-breach-what-businesses-should-be-doing-in-the-aftermath/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">Equifax</a>, which was a big concern for their Boards. One attendee explained how it was important to anticipate the concerns of Board members using LogicManager to gather existing data across many departments and to address those concerns, such as which personnel were impacted, who has access to critical company data, and what their authentication procedures are.</p><p></p><h2><strong>Highlight 3: How to engage the Board of Directors</strong></h2><p>Perhaps one of the hottest topics of discussion at this year’s ERM conference was how to present information to the Board so they can make strategic, risk-based decisions.</p><p><a href="{{#staticFileLink}}8028265686,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028265686,original{{/staticFileLink}}" class="align-left" alt="8028265686?profile=original" /></a>A lot of the advice came down to <a href="https://www.logicmanager.com/erm-software/product/dashboard-reports/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">reporting</a>. One attendee shared that she went from presenting her Board with a 15-page report of the company’s top 25 risks to presenting a 2-page report with the top 10 risks and a heatmap using LogicManager. Many attendees agreed that their reports are easier to read and act on when they incorporate high-level summaries, graphs, and dashboards.</p><p>When <a href="https://www.logicmanager.com/ebook-presenting-erm-to-the-board/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">engaging the Board</a>, one presenter said, you have to present risk in a way that resonates with their concerns. The consensus was risk managers need to take the time to understand what matters to their boards, what their goals are, and ultimately, how risks in every area of the business impact those goals.</p><p>One user agreed that although “building tone-at-the-top support is essential” for building an effective, sustainable ERM program, providing actionable results each 90 days is an expected return. Others shared their tips for building this support. One attendee advised creating an analogy between sports and risk management to make the topic more relatable. Another mused over the idea of showing a slide with nothing more than a banana peel on it as an ice breaker to get the conversation started!</p><p></p><h2><strong>Highlight 4: Tips for ERM implementation</strong></h2><p>IMPACT 2017 attendees were in various stages of implementing ERM programs at their companies. Those in the later stages were a great resource for those in earlier stages.</p><p>Here are some of their top tips:</p><ol><li>Have a plan. Start and finish one project at a time. Don’t take on too many tasks right away, and carry your first initiative through to completion.</li><li>Begin with one governance area. When other departments see what you’ve done, they’ll want to be a part of it.</li><li>Consider engaging select leaders, who will then be happy to train others.</li><li>Get to know your business from the inside.</li></ol><p>This last point was presented in a particularly interesting fashion. One presenter compared getting to know a business area to the animated film “How to Tame Your Dragon.” The presenter said, “Once you find out dragons are like puppy dogs, your world is forever changed.”</p><p>The parallel here is that many employees operate in silos, unaware that there are other silos surrounding them, seemingly isolated, but in every way connected to their own. Understanding how the business really works, how these silos are connected, and how they roll up to achieve the company’s core objectives is at the heart of implementing a successful ERM program.</p><p></p><h2><strong>Highlight 5: LogicManager: Looking Ahead</strong></h2><p><a href="{{#staticFileLink}}8028266097,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266097,original{{/staticFileLink}}" class="align-right" alt="8028266097?profile=original" /></a>IMPACT 2017 closed with a look towards the future of LogicManager in 2018 and beyond. The team presented some exciting enhancements to the product inspired by advances in Artificial Intelligence (AI), Robotic Process Automation (RPA) and Business Intelligence (BI) technology and our customers’ needs.</p><p>We gave a live demonstration of the platform’s future, including visibility rules, automation rules, a UI face lift, and more. The goal of these enhancements is to continue to streamline the data collection process, automate manual activities, and make the user experience more intuitive than ever. I speak for all of LogicManager when I say that we’re excited to share more about these advances in future posts and press.</p><p></p><h2><strong>Highlight 6: A unique learning opportunity</strong></h2><p>Perhaps our favorite takeaway from IMPACT 2017 is that our customers saw this conference as a unique learning opportunity. IMPACT is by risk managers, for risk managers. It’s a place for our users to come together and encourage each other to improve.</p><p>As one attendee put it, GRC is a hard, often thankless profession. But IMPACT is a place where risk professionals can collaborate and remind each other that they really are laying the groundwork for a better tomorrow.</p><p>We couldn’t be more excited to hear more insights from our customers at IMPACT 2018!</p></div>Learn how our Directors and Serial Entrepreneurs are leveraging NBN and Friction Free Capitalismhttps://globalriskcommunity.com/profiles/blogs/learn-how-our-directors-and-serial-entrepreneurs-are-leveraging2017-07-20T20:24:36.000Z2017-07-20T20:24:36.000ZCharles David Dreherhttps://globalriskcommunity.com/members/CharlesDavidDreher<div><p><strong>Friction Free Capitalism</strong></p><p>First coined in 1995 by Bill Gates, <strong>Friction Free Capitalism</strong> is, simply, the “enhanced efficiency of markets due to the ‘coming’ Internet revolution”.</p><p> </p><p>Learn how our Directors and Serial Entrepreneurs are leveraging NBN and Friction Free Capitalism visit: <a href="{{#staticFileLink}}8028256891,original{{/staticFileLink}}"><img width="750" src="{{#staticFileLink}}8028256891,original{{/staticFileLink}}" class="align-full" alt="8028256891?profile=original" /></a><a href="https://www.newbusiness.network/friction-free-capitalism">https://www.newbusiness.network/friction-free-capitalism</a></p></div>Interested in Pre-IPO Companies?https://globalriskcommunity.com/profiles/blogs/interested-in-pre-ipo-companies2017-07-14T21:43:06.000Z2017-07-14T21:43:06.000ZCharles David Dreherhttps://globalriskcommunity.com/members/CharlesDavidDreher<div><p>If you are an expert in your field, especially in the legal, accounting, commercial or investment banking / venture capital industries, your expertise is critical to their success.</p><p> </p><p>Are you ready to give back and build equity at the same time with limited risk, as an independent Director?</p><p> </p><p>We invite you to become the mentor we know you are, with ease.</p><p> </p><p>Please go to <a href="https://sprocketnetwork.com/">https://sprocketnetwork.com</a> and Click on “Directors” to find out more. </p><p> <a href="https://www.SprocketNetwork.com" target="_blank">Interested in Pre-IPO Companies</a><a href="{{#staticFileLink}}8028259666,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8028259666,original{{/staticFileLink}}" width="343" class="align-full" alt="8028259666?profile=original" /></a></p></div>Are you Directorship material?https://globalriskcommunity.com/profiles/blogs/are-you-directorship-material2017-06-19T20:00:00.000Z2017-06-19T20:00:00.000ZCharles David Dreherhttps://globalriskcommunity.com/members/CharlesDavidDreher<div><p>What's your area of expertise?</p><p> </p><p>Do you have a desire to support exciting new companies?</p><p> </p><p>Are you an expert in your field or a professional in the legal, accounting, commercial or investment banking / venture capital industries?</p><p> </p><p>Are you ready to elevate to the next level of professionalism?</p><p> </p><p>We’ve been capitalizing start-up or early stage companies since 1998 and have many exciting opportunities you may want to consider. If you think you may qualify, please go to <a href="https://www.sprocketnetwork.com/">https://www.SprocketNetwork.com</a> and Click on “Directors” to start the process. </p><p></p><p><a href="{{#staticFileLink}}8028258074,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8028258074,original{{/staticFileLink}}" width="457" class="align-full" alt="8028258074?profile=original" /></a></p></div>Expert Chuck Brooks Offers A Cybersecurity “Cheat Sheet” For The C-Suitehttps://globalriskcommunity.com/profiles/blogs/expert-chuck-brooks-offers-a-cybersecurity-cheat-sheet-for-the-c2017-04-13T11:00:00.000Z2017-04-13T11:00:00.000ZChuck Brookshttps://globalriskcommunity.com/members/ChuckBrooks<div><blockquote><span style="font-size:2em;">Expert Chuck Brooks Offers A Cybersecurity “Cheat Sheet” For The C-Suite</span></blockquote><div class="et_post_meta_wrapper"><p class="post-meta">by <span class="author vcard"><a href="https://highperformancecounsel.com/author/zachale/" title="Posts by Zac Hale">Zac Hale</a></span> | <span class="published">Apr 12, 2017</span> | <a href="https://highperformancecounsel.com/category/fearlesslaw/">#FearlessLaw</a>, <a href="https://highperformancecounsel.com/category/legal-content/cyber-security/">Cyber Security</a>, <a href="https://highperformancecounsel.com/category/legal-content/legal-tech/">Legal Tech</a> | </p></div><div class="entry-content"><div id="attachment_5339" class="wp-caption alignright"><img class="wp-image-5339 size-medium" src="https://highperformancecounsel.com/wp-content/uploads/2017/04/chuck-brooks-300x215.jpg" alt="" width="300" height="215" /><br /><p class="wp-caption-text">Chuck Brooks: VP of Government Relations and Marketing, Sutherland Global Solutions</p></div><p>The Internet was invented in a government laboratory and later commercialized in the private sector. The hardware, software, and networks were originally designed for open communication. Cybersecurity initially was not a major consideration. That mindset has surely changed due to the explosion of connectivity and commerce on the Internet. And also from the threats. A recent McAffee study disclosed that there was one new cyber-threat every three seconds in the fourth quarter of 2016.</p><p>Corporate board director roles have been traditionally reserved for those with expertise and leadership experience in management and best practices. Cybersecurity expertise historically has not been a primary concern for Directors. but it has become an evolving requirement for accountability in the era of digital connectivity.</p><p>The bottom line is that almost every type of business, large and small, touches aspects of cybersecurity whether it involves finance, transportation, retail, communications, entertainment, healthcare, or energy. Cyber-threats are ubiquitous.</p><p>The frequency and maliciousness (including Ransomware and Distributed Denial of Service attacks to networks) of cyber-attacks has become alarming. There are growing cyber-threats to corporate operations, reputation, and theft of IP that not only can affect stock prices, but the viability of a company.</p><p>The growing threat of data breaches from hackers has made cybersecurity a global urgency. According to IBM, the cost of an average data breach has now risen to about $4 million. According to Gartner, spending on cybersecurity to try to ameliorate data breaches is expected to reach $90 billion in 2017.</p><p>Dr. Chris Brauer, Director of Innovation in the Institute of Management Studies, sums up the state of cybersecurity for board members succinctly: “overcoming the threat boils down to two things: accepting that you will be breached (awareness) and the ability to do something (readiness).”</p><p>Targets of the increasing incidence of phishing and other types of social engineering breaches include many corporate giants, such as Target, Anthem, and Yahoo. Even the federal government has been targeted, most notably the breach at the Office of Personnel Management where 22 million personnel records were taken.</p><p>In spite of this, there is still a lack of awareness and specialized knowledge on most corporate boards. For example, according to a National Association of Corporate Directors (NACD) survey, only 14% of the board members queried expressed a deep knowledge of cybersecurity topics.</p><p>The cybersecurity landscape is complex, and it is extremely difficult to encapsulate all the various aspects that may confront a corporate board. Suzanne Vautrinot, President of Kilovolt Consulting and Major General and Commander, United States Air Force (retired), does provide a very good framework for addressing the landscape: “The board’s role is to apply the principles of risk oversight, to advise on strategy and help push to overcome challenges—in this case, cybersecurity gaps and challenges.”</p><p>Following that strong lead from General Vautrinot, I developed a condensed “cheat sheet” with themes to hopefully provide boards with insights and impetus to address the cybersecurity threat at the C-Suite level. The four themes include: risk management, responsibility, communication, and expertise.</p><h4><strong><img class="alignright size-medium wp-image-5337" src="https://highperformancecounsel.com/wp-content/uploads/2017/04/cybersec-300x146.png" alt="cybersecurity graphic" width="300" height="146" /><br /></strong></h4><ul><li>At its very core, the practice of cybersecurity is <strong>r</strong><strong>isk management</strong>. It requires being vigilant and encompasses educating employees, identifying gaps, assessing vulnerabilities, mitigating threats, and having updated resilience plans to respond to incidents. Board directors should have a working understanding of risk management (and risk exposure) and have context on the different array of threats and threat actors. They should also be knowledgeable on the guiding axiom of the National Institute of Standards and Technology (NIST) Framework: <u>Identify, Protect, Detect, Respond, Recover.</u></li></ul><ul><li>Cybersecurity is a <strong>responsibility</strong>. Elements of cybersecurity include policies, processes, and technologies. Every company is unique in culture, mission and capabilities, but in terms of cybersecurity, the management (including board members) and employees are accountable for overseeing those elements. A requirement for every board member should be that cybersecurity must be treated as a company priority.</li></ul><ul><li>Cybersecurity’s backbone is effective<strong> communication</strong>. The CISO, CTO, CIO, and executive management must align strategies, collaborate, and regularly assess their information security programs, controls, and safety of networks. Communication enables readiness by the sharing intelligence on threats and new security innovations. Security awareness training is also an important mandate for everyone at any company, especially the board.</li></ul><ul><li>Cybersecurity requires<strong> expertise</strong>. Ideally, a corporate board should include a blend of internal and outside subject matter experts. It is always useful for executive management to get perspectives and ideas from experts on the outside. It helps avoid complacency. Areas of special knowledge should incorporate: legal compliance, cybersecurity technology solutions and services, training, liability insurance, governance, and policy. Information security management should include people with an ISO 27001 standard expertise and a knowledge of best practices.. Prudent policy advice necessitates that companies develop strong relationships with government. The recent passage of The Cybersecurity Information Sharing Act promotes public/private cooperation on data threat sharing, especially with the Department of Homeland Security.</li></ul><p>Of course my cheat sheet is just a starting point. There is certainly room for more items and description. I highly recommend a new book written by <a href="http://www.weil.com/people/paul-ferrillo">Paul A. Ferrillo</a> of the Weil Gotshal law firm and <a href="https://www.linkedin.com/in/chrisveltsos">Christophe Veltsos</a> of Minnesota State University, Mankato, entitled “Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives” for an in depth analysis of cybersecurity and corporate board issues. With the backdrop of the startling NACD survey that found 80% of boards’ members lack deep cybersecurity expertise, hopefully the issue of the lack of board cybersecurity competency will get more of the attention that is needed.</p><hr /><p><em><strong>Chuck Brooks</strong> is Vice President of Government Relations & Marketing for Sutherland Government Solutions. In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 450 million members. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law. </em></p></div><div class="et_post_meta_wrapper"></div></div>Increased Board Accountability is Realhttps://globalriskcommunity.com/profiles/blogs/increased-board-accountability-is-real2016-05-19T14:27:16.000Z2016-05-19T14:27:16.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028244294,original{{/staticFileLink}}"><img width="300" src="{{#staticFileLink}}8028244294,original{{/staticFileLink}}" class="align-left" alt="8028244294?profile=original" /></a>By this point, the Volkswagen scandal is old news (<span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/2015/10/05/volkswagen-enterprise-risk-management-accountability/">we first blogged about it</a></span> last October). Yet details about the case continue to emerge, most recently about board accountability. <a href="http://www.wsj.com/articles/volkswagen-says-emissions-probe-finds-board-didnt-breach-duty-1462974444">As of </a>last week, a Volkswagen “internal probe into its emissions-cheating scandal found no evidence of wrongdoing by members of senior management…” In other words, VW’s Board didn’t know about the deception until it was too late.</p><p>This might appear to be a good thing, but actually VW is making its situation worse. Why? As we discussed in last week’s webinar, <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/2009/07/22/sec-requires-accountability-for-erm/">regulators now consider risk management negligence an offense equal to fraud</a></span>. We also discussed this issue last November, when we blogged about how <a href="http://www.logicmanager.com/erm-software/2015/11/17/poor-board-oversight/"><span style="text-decoration:underline;">ignorance is no longer an excuse for poor board oversight</span>.</a></p><p>The alternative to negligence (besides upping the ante and adopting a robust risk management program) is full disclosure of poor risk management. Thanks to the <span style="text-decoration:underline;"><a href="http://www.sec.gov/news/press/2009/2009-268.htm">SEC’s 2010 disclosure rule</a></span>, boards won’t be considered negligent if they publicize their company’s lack of risk management.</p><p>As I discussed at <span style="text-decoration:underline;"><a href="https://www.linkedin.com/pulse/major-enterprise-risk-management-thought-leadership-paul-l-">April’s Enterprise Risk Management Thought Leadership Summit at St. John’s University</a></span>, up until 2010, board accountability for risk management extended only to actions executed at the executive level. Starting in 2010, a number of federal and state regulations extended liability for material risks to any level. The requirement for accurate disclosure of their effectiveness in managing risk also appeared. Boards suddenly found themselves accountable for much more than they had been.</p><p>The Volkswagen saga is far from the first example. Consider the following recent events:</p><ul><li>Nordion Inc., a global health science company, failed to adhere to its internal controls procedures, which is negligence. Even though the company self-reported to and cooperated with the SEC, <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/2016/04/05/internal-controls-procedures-not-enough/">it still paid $375,000 in penalties</a></span> related to board accountability.</li><li>Chipotle’s <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/2016/02/09/chipotle-case-study-risk-management/">inadequate quality controls</a></span>, which weren’t disclosed, led to a host of salmonella outbreaks linked to multiple locations. The company suffered regulatory penalties, a major hit in market value, and is being sued by its shareholders for risk management negligence.</li><li>Dwolla, a small, private company, paid a civil penalty of $100,000 for risk management negligence, <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/2016/04/13/risk-management-negligence/">even though no incident occurred</a></span>. This case is particularly illustrative of the importance of risk management (or disclosure of its inadequacy); it doesn’t take a data breach or bacterial outbreak for the ax to fall.</li><li>Volkswagen reported the “innocence” (i.e. negligence) of its board regarding the emissions scandal. As a result, thousands of workers walked off numerous plants, <span style="text-decoration:underline;"><a href="http://www.wsj.com/articles/volkswagen-says-emissions-probe-finds-board-didnt-breach-duty-1462974444">asserting that</a></span> “‘Responsibility for the diesel crisis lies with decision makers at headquarters and not with the workforce.’”</li></ul><p>All of these events line up with what we’ve been anticipating. Boards that don’t perform their due diligence regarding risk management are now being held accountable.</p><p></p><p><strong><em>Tune in to our </em></strong><span style="text-decoration:underline;"><a href="http://www.logicmanager.com/live-webinar-characteristics-best-erm-programs/"><strong><em>next live webinar on June 1<sup>st</sup></em></strong></a></span><strong><em> for more info about ERM programs and related current events. Then, download our </em></strong><span style="text-decoration:underline;"><a href="http://www.logicmanager.com/streamlining-governance-activities-ebook/"><strong><em>free eBook</em></strong></a></span><strong><em> on streamlining governance activities to learn more about information collection, effective communication, and increased transparency.</em></strong></p><p></p></div>Volkswagen Side-Steps Enterprise Risk Managementhttps://globalriskcommunity.com/profiles/blogs/volkswagen-side-steps-enterprise-risk-management2015-10-05T16:21:22.000Z2015-10-05T16:21:22.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p>Volkswagen has been side-stepping environmental compliance standards by “programming some diesel-fueled cars to turn on emission controls only when being tested.” In the days since this discovery, Volkswagen has been hit with over 30 federal lawsuits and 40%+ decline in stock value, all stemming from the same source—<a href="http://money.cnn.com/2015/09/21/investing/vw-emissions-cheating-shares/">poor Enterprise Risk Management</a>.</p><p>In this case, poor risk management regarding their investment in diesel, without developing a mitigation plan for if the technology didn’t meet emissions performance objectives, led to a second risk management failure in not uncovering a scheme to hide the non-performing emissions problem. In 2010, requirements for Enterprise Risk Management were put into place by the SEC requiring senior leadership teams and boards to know their risks and disclose them. In the case of Volkswagen, the CEO was removed for not-knowing about their emissions risk.</p><p></p><h2>How can boards be successful and protect themselves from employee misconduct?</h2><p></p><p>Executive teams, boards and internal audit groups are obligated to know their company’s’ major risks and disclose these risks to their investors. Without an <a href="http://www.logicmanager.com/erm-software/product/">Enterprise Risk Management software system</a> to support an effective ERM process, they risk being found negligent in risk management, and subsequently being exposed to maximum legal penalties. Will Volkswagen’s executive team, board, and internal audit department be able to prove they were doing something to correct the situation prior to getting caught? If they can, most of the punitive damages and shareholder lawsuits could be greatly reduced as part of a robust protection package afforded to corporations practicing strong <a href="http://www.logicmanager.com/erm-software/product/">Enterprise Risk Management</a>.</p><p>However, it appears unlikely that Volkswagen performed enterprise-wide risk assessments, which could have identified the scheme to cover engine emissions performance. With the thousands of employees involved, routine risk assessments as part of an Enterprise Risk Management program would have detected these issues in time for corrective action to be put into place. Risk assessments would also have helped connect and prioritize the separate risks of technology failure with compliance fraud. In order to do so, the company would have needed to utilize some form of an ERM solution to record and track data cross-functionally, something that spreadsheets cannot achieve.</p><p><a href="{{#staticFileLink}}8028237489,original{{/staticFileLink}}"><img width="250" src="{{#staticFileLink}}8028237489,original{{/staticFileLink}}" class="align-left" alt="8028237489?profile=original" /></a>Unlike informal documentation with office products, an ERM system provides an avenue for individuals to demonstrate that they were doing everything possible to follow best practices and mitigate these types of risks. It provides transparency into what decisions are being made, based on what information is available at the time. It also allows for the tracking of these decisions as a trigger to reevaluate when new regulations are passed or new technologies are developed.</p><p>With an ERM platform, individuals can record risks, document controls, and set sign offs and approvals. Furthermore, an ERM solution allows individuals to prioritize top risks, carry over risk scores, and identify which controls compensate for those risks. The monitoring of these controls, through testing or metric collection, ensures they remain effective.</p><p>Moreover, <a href="http://www.logicmanager.com/erm-software/product/">Enterprise Risk Management software</a> creates a method to explicitly lay out risk management procedures, and how and when risks were reviewed by a subject matter expert. This opens the door for innocence validation. With a solution, workflows are simple to set-up, tracing clear approval processes which ensure that proper steps and actions are taken. This in turn improves risk management at an enterprise level.</p><p>In an industry driven by customer satisfaction, loyalty, and trust, did Volkswagen adequately assess the risks of undermining the general public as well as regulators? A relationship with a car is not momentary, it can steam throughout a lifetime.</p><p>Winterkorn <a href="http://www.nytimes.com/2015/09/24/business/international/volkswagen-chief-martin-winterkorn-resigns-amid-emissions-scandal.html?_r=1">still claims</a>, “I am not aware of any wrongdoing on my part.” Winterkorn could have learned a lesson from the BP Oil Spill tumultuous downfall. As the CEO, as has been required by the SEC since 2010, Winterkorn needed to know about the risks his corporation faced down as many levels as to the front lines. Winterkorn could have protected his career and the Volkswagen brand by implementing a formal, well documented Enterprise Risk Management process.</p><p></p><p><b>To learn more, download our complimentary eBook “</b><a href="http://www.logicmanager.com/ebook-5-steps-for-better-risk-assessments/"><b>5 Steps for Better Risk Assessments</b></a><b>” and our</b> <a href="http://www.logicmanager.com/free-best-practices-risk-assessment-template/"><b>Risk Assessment Template</b></a><b>.</b></p><p></p></div>How ERM Integration Creates Efficiencieshttps://globalriskcommunity.com/profiles/blogs/how-erm-integration-creates-efficiencies2014-04-30T19:00:00.000Z2014-04-30T19:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028228089,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028228089,original{{/staticFileLink}}" class="align-right" alt="8028228089?profile=original" /></a>Lack of transparency makes risk, performance and compliance information hard to discover, collect and maintain. Within every organization, governance areas are conducting activities, each based on different assumptions with different standards, all of which contain a risk component.</p><p>While these are typically not thought of as risk activities, when the responsibilities of each governance area are compared to a risk based process – identifying & assessing, mitigating, and monitoring – you find that the activities within vendor management, business continuity, financial reporting compliance, etc. are actually exercises in risk management.</p><p>An example of risk intelligence that collected in these silos are the Business Impact Assessments (BIAs) and Vendor Assessments conducted by the <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/grc-software/business-continuity-planning/" target="_blank">Business Continuity</a></span> and <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/grc-software/vendor-management/" target="_blank">Vendor Management</a></span> departments within your organization.</p><p>These activities often necessitate overlap, especially when BCP/DR is tasked with identifying the key vendors that must be utilized in a disaster recovery scenario. Both groups might take on the exercise in identifying vendor relationships to core business processes, with a vastly different set of assumptions, without ever leveraging the expertise of the other business area.</p><p>When risk activities (like Business Impact Assessments and vendor due diligence) are carried out on the same standards and assumptions and thought of as a <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/product/risk-based-process/" target="_blank">common framework</a></span>, they can be compared and utilized cross-functionally. Business Continuity Managers and Vendor Management will have a common language to use when identifying critical vendors to the disaster recovery process. Since these activities are already taking place anyway, no new work is added, the standardization in language has allowed both groups to be more efficient and utilize the expertise and insight of the other business silo.</p><p>Few organizations operate in this manner because functions track their data in their own spreadsheets with standards they’ve developed for their specific business silo. Knowing which vendors are considered critical by business continuity makes vendor managers better at their job, and likewise in the opposite direction. It also decreases time spent on tactical activities, freeing these groups up to focus on the strategic elements of their profession that make them most effective.</p><p><strong>To learn more on how to develop an ERM framework, check out the complimentary webinar titled '<a href="http://www.logicmanager.com/watch-webinar-actionable-erm-framework">5 Key Principles for an Actionable ERM Framework.</a>'</strong></p></div>How GRC Fails to Capture Enterprise Riskhttps://globalriskcommunity.com/profiles/blogs/how-grc-fails-to-capture-enterprise-risk2014-04-23T20:30:00.000Z2014-04-23T20:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028226857,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028226857,original{{/staticFileLink}}" class="align-right" alt="8028226857?profile=original" /></a>Governance functions are designed to manage risks that organizations face in operational and back office silos - financial misstatements, fraud, vendor management, disaster recovery, and other activities are all designed to address a subset of an organization’s risk profile. The concept of Enterprise Risk Management is not to create another function that exists in parallel to these areas, but rather creates a standardized methodology and language to objectively prioritize across functions and levels.</p><p></p><p>In other words, Enterprise Risk Management is a framework.</p><p> </p><p>GRC often positions risk as side-by-side, squished in between Governance and Compliance. Ideally, risk should be the overarching theme across all business areas, of which non-compliance is one of many risks that organizations face. </p><p> </p><p>When ERM is misunderstood and instead treated as a silo, an additional governance area that focuses on high level assessments and interviews with senior management, the result is that ERM inevitably fails to live up to the expectations of Senior Management. High level risk assessments , while a valuable tool, cannot be all that risk management provides because it does not accomplish the bottom line results management is look for.</p><p> </p><p>Instead, ERM’s goal should be to leverage all of the risk information that is already known (though probably not explicit) in other governance areas. This is accomplished by creating a common language and structure so that business areas can better transfer knowledge to each other where beneficial. This provides transparency and a true risk profile to senior management, allowing business’s to uncover risks and mitigation information in process areas that are less formalized, and revealing overlapping controls where governance areas should be working together.</p><p> </p><p>This approach to enterprise risk management is what results in efficiency, engagement, and the risk culture that’s evident in successful organizations. The ERM process helps process owners do their own jobs better, while adding their own insight and expertise into the larger risk picture.</p><p></p><p><i>It sounds like a big challenge, but we have experience implementing ERM frameworks, and we're happy to share our insights. Check out our educational video on <strong><a href="http://www.logicmanager.com/streamline-governance-activities-erm-video" target="_blank">Integrating Governance with ERM</a> </strong>to learn more.</i></p></div>Hurricane Sandy and the RIMS ERM Conference 2012https://globalriskcommunity.com/profiles/blogs/hurricane-sandy-and-the-rims-erm-conference-20122012-10-31T18:00:00.000Z2012-10-31T18:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">This week I faced the ultimate personal test of my risk management skills, where I had to soul search “do I practice what I preach as an ERM expert.”. Sunday, the night before the storm of the century Hurricane Sandy hit, I had tickets to fly to Texas as a speaker and expert on ERM. What would become of my home and family? Had I applied the same risk principles in my work as a CEO of the leading</span> <span style="text-decoration:underline;"><a title="enterprise risk management software company" href="http://www.logicmanager.com/" style="color:#5f8bb3;text-decoration:underline;">enterprise risk management software</a></span><span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;"> company in my personal life? Had I done put a personal</span> <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/grc-software/business-continuity-planning/">business continuity plan</a></span> <span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">in place for my family? Did I trust my risk assessment?</span></p><p><span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">I thought back over my hurricane/nor’easter weather season</span> <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/product/assess/" style="font-family:Arial, Helvetica, sans-serif;font-size:14px;">risk assessment</a></span><span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">,</span> <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/product/mitigate/" style="font-family:Arial, Helvetica, sans-serif;font-size:14px;">mitigation</a></span> <span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">and</span> <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/product/monitor/" style="font-family:Arial, Helvetica, sans-serif;font-size:14px;">monitoring activities</a></span><span style="color:#303437;font-family:Arial, Helvetica, sans-serif;font-size:14px;">. Our house is not next to the ocean and is on a hill so we didn't face the risk of flooding from Sandy. In May, I had installed a whole house back-up generator that would automatically switch over if a loss of power were to take place. Over the summer I hired an arborist to inspect all the large trees around our property. Two 120 ft pines were identified as sick and weak and the mitigation plan was executed to take them down. In September, I had the slate roof inspected and repaired to seal all cracks and possible leaks. Friday and Saturday, we followed a check-list of the usual items like water, batteries, food and stored any yard items and furniture that could become airborne. I called our neighbors to update our contact info just in case something went wrong. I was confident I had identified the key risks in my assessment and I had executed mitigation and monitoring activities to cover these key risks. So I went on my pre-scheduled business trip with confidence. That’s ERM upfront and personal!</span></p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">So that brings us to the RIMS ERM Conference 2012 in San Antonio, TX. What is ERM all about? Why nearly 200 executives gathered from all over the country for two days of intensive learning of ERM best practice and technology application case studies?</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;"><strong>What is the problem:</strong> How do we know what is happening to our businesses where the rubber hits the road? For a really recent example, let’s look at what most of us did to learn about what is going on when Hurricane Sandy crashed into our lives. We first turned to the people we know and trust, our friends, colleagues, and family. But that gives us an incomplete picture, so we typically turn to the news. Generally we see a top down view from a satellite, that shows the whole of the storm, but that also does not give us an understanding of what is really going on. So we also see reporters out on the front line with windblown hair and the rage of the storm behind them to put it in perspective. In ERM terms, the view of the process owner, the person on the front line most familiar with what is going on in a particular area. Since our reporters cannot be everywhere at once, we use ireporters that send us snapshots and videos from the field where the action is to understand what is happening on the front line. This is how we get a clear picture of the storm, top down and bottom up.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;"><strong>Why is this important?</strong> ERM has evolved in stature from a proactive good idea and best practice to a regulatory requirement that has significant teeth for non-compliance. Since the <span style="text-decoration:underline;"><strong><a href="http://www.logicmanager.com/erm-software/2012/10/25/erm-compliance-and-enforcement/">landmark SEC ruling</a></strong></span> that made risk disclosures mandatory, boards are personally accountable for effective ERM programs or they face fraud or negligence charges if they cannot demonstrate and measure effectiveness.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;"><strong>What the BOD needs to know:</strong> The Board of Directors and regulators need to know their real state of ERM. How effective is their ERM program, means can they demonstrate that all material risks are identified and sufficiently mitigation and monitored. How do they do this? First they need to reach all business process owners and identify their material risks. Then for those material risks, the actual mitigation activities need to be documented and monitoring activities need to be conducted on a regular basis, typically quarterly.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;"><strong>How to build an effective ERM program?</strong> Get the requirements from the <span style="text-decoration:underline;"><strong><a style="color:#5f8bb3;text-decoration:underline;" title="RIMS Risk Material Model" href="http://www.rims.org/ERM/Pages/RiskMaturityModel.aspx">RIMS Risk Material Model</a></strong></span>, a comprehensive set of building blocks of what exactly needs to be done in actionable and measurable terms.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">When I came home from the conference, while the neighborhood was a mess with fallen trees and a blackout for two days, everything was fine at my household. My family had electricity, heat and hot meals. Everything sounded like business as usual to an outsider, but an ERM professional knows what it takes to achieve business as usual in the face of adversity. This is what good ERM is all about.</p></div>Presenting Risk Management to the Boardhttps://globalriskcommunity.com/profiles/blogs/presenting-risk-management-to-the-board2012-10-09T11:30:00.000Z2012-10-09T11:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">The first shoe to drop was government regulations holding the Board of Directors personally responsible for the effectiveness of enterprise risk management programs at their organizations. Boards are given a choice between proving their risk management programs are effective or disclosing their ineffectiveness in risk management to the public. If they do neither, it is considered fraud, as not knowing about a risk is no longer a defense.</p><center><img width="300" height="113" alt="risk_to_the_board" src="http://logicmanager.com/wp-content/uploads/2013/08/risk_to_the_board-300x113.jpg" /></center><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">What does enterprise risk management effectiveness mean? Not being involved in the day-to-day running of the company where most operational risks actually occur means Boards of Directors must, through their risk oversight role, satisfy themselves that the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are effective at identifying all risks and demonstrating assurance over the most material ones.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">Risk is viewed at its highest level by the board. Some people make the mistake of inferring that this risk information should then also be collected at only this high level, but this is ineffective because of the gap between senior management and the front line activity level where risks first arise. The key to determining the effectiveness of a risk management program is the ability to collect risk information from the <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/business-process-improvement/">business process-level</a> and aggregate this information, while preserving the effects of related upstream and downstream dependencies.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">Since the liability for error is so high, Internal Audit has now been tasked to do the fact-checking on the risk management information being presented to the board to ensure its integrity at the front line business process level. The Institute of Internal Auditors (IIA) <a title="announced this week" style="color:#5f8bb3;" href="https://na.theiia.org/news/press-releases/Pages/Revisions-to-Internal-Audit-Standards-Approved.aspx">announced this week</a> it has revised its International Professional Practices Framework (IPPF), effective Jan. 1, 2013. These mandated changes require auditors to validate the most timely and most significant risks, especially those that impact the achieving of the organization’s <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/performance-management-with-erm/">strategic objectives</a>.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">The role of the enterprise risk manager has now finally become clear to close the gap between strategic level risk and all the operational risks at the activity level at the front line of organizations. The risk manager is responsible for setting the standards, practices and procedures for effective risk management and embedding them in all existing business processes. The risk manager is now accountable <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-metrics-for-governance-effectiveness/">risk metrics</a>. This requires putting a mechanism in place to collect this risk information at level where most operational risks materialize and aggregate this risk information to a level the Board cares about, while preserving the links to the front line and the resources involved and then tie together the risks in related business processes—all at the activity level so an audit trail is clear for internal audit to follow.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">Organizations have realized that their board level attestations on the effectiveness of <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-identification/">risk identification</a> and assessment can no longer just be a facilitated interview at the senior management level; instead, there needs to be a rigorous process at the activity level through the lens of what is material, not just in isolation of a single business silo, but overall as all the pieces come together at the top. The goal is to identify and objectively assess operational risks and ensure <a href="http://www.logicmanager.com/erm-software/product/mitigate/">risk mitigation</a> is in place at the activity level independently and then collectively. This integrity of this risk information needs to be preserved when aggregating and summarizing by the strategic goals of the organization.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;">A <a href="http://www.logicmanager.com/erm-software/product/">ERM Software</a> or <a href="http://www.logicmanager.com/grc-software/">GRC Software</a> with a risk based approach is the only way this process will work effectively and the <a href="http://www.logicmanager.com/erm-software/knowledge-center/ensuring-erm-sustainability/">RIMS Risk Maturity Model</a> spells out each of the 25 requirements that must be met to put a risk taxonomy in place for an effective and efficient enterprise risk management program that meets the rigor of compliance and now internal auditors review.</p><p style="font-size:14px;color:#303437;font-family:Arial, Helvetica, sans-serif;line-height:normal;background-color:#ffffff;"><strong>Click here to watch a free On Demand Webinar, “<a title="Presenting Risk Management to the Board" style="color:#5f8bb3;" href="http://www.logicmanager.com/register-presenting-erm-to-the-board-webinar">Presenting Risk Management to the Board</a>”.</strong></p></div>Risk Leadership - Should a Board have a Risk Committee?https://globalriskcommunity.com/profiles/blogs/risk-leadership-should-a-board-have-a-risk-committee2012-09-13T01:23:51.000Z2012-09-13T01:23:51.000ZBryan Whitefieldhttps://globalriskcommunity.com/members/BryanWhitefield<div><p></p><p><b>In November 2009 I contemplated </b><a href="http://www.rmpartners.com.au/risk-management-blog/entry/should-audit-and-risk-committees-be-separate.html" target="_blank"><b>"Should Board Audit and Risk Committees be Separate?"</b></a><b> </b> <b>and today I question "Should a Board have a risk committee at all?"</b></p><p></p><p>In 2009 I concluded:</p><ul><li><b>Management's responsibility</b> is to identify, manage and report on risk with a predefined risk appetite which has been established in consultation with the oversight body, most commonly a Board of Directors or an Advisory Board.</li></ul><ul><li><b>The Board</b> has an <b><i>"assurer role"</i></b> to provide stakeholders with assurance that management has done their job on risk.</li></ul><ul><li><b>The Board</b> has a <b><i>"mentoring role"</i></b> to provide oversight of the risk management process.</li></ul><ul><li>Therefore <b><i>there should be separate Audit and Risk committees</i></b> fulfilling different roles, in particular for larger organisations with much larger amounts of information to process.</li></ul><p> </p><p>Since 2009 a few things have caught my attention that have caused me to consider whether the Board should have a risk committee at all. An example is APRA's requirement for Boards "... to understand the risks of the institution, including its legal and prudential obligations, and to ensure that the institution is managed in an appropriate way taking into account these risks."<br clear="none" /><br clear="none" />Although APRA's requirement only applies to organisations they regulate, I believe it is applicable to all boards. How then can a Board delegate risk to a sub-committee of the Board? Surely it is necessary for each and every director to understand the risk profile of the organisation.</p><p> </p><p>My advice to Boards is:</p><p></p><ul><li>Have a <b>Board Assurance Committee</b> which, through audits and other means, is responsible for ensuring the risk management framework put in place by management is appropriate and working, just as it does with all the other key processes of the business.</li></ul><p> </p><ul><li><b>The Board collectively should be in discussion with management</b> to ensure the Board and Management understand the implications of strategic, business unit and major project risk profiles presented to the Board and whether or not risk levels are within the risk appetite set by the Board and Management.</li></ul><p> </p><p><a href="http://www.rmpartners.com.au/">www.rmpartners.com.au</a></p><p> </p></div>What is Risk Appetite?https://globalriskcommunity.com/profiles/blogs/what-is-risk-appetite2012-03-05T10:30:00.000Z2012-03-05T10:30:00.000ZRebecca Beardhttps://globalriskcommunity.com/members/RebeccaBeard<div><p>Risk Appetite Explained <br />In the face of the many recent failures of financial institutions, following market and asset crises and in the context of mounting regulatory demands from Basel 3, Solvency 2 and Dodd Frank, risk management is a topic high on the executive agenda. In particular, much emphasis has been placed on risk appetite and the role it has to play in an enterprise risk management approach, as part of an overall strategy execution process. <br /><br />But what is Risk appetite? <br />First and foremost, risk appetite is a necessary dimension of an organisation’s policy that sets the boundaries within which their executive team and others within the business execute strategy and take risk. It is set at board level and it is not something that can or should be delegated, either to the executive team or risk team. <br /><br />What the Standards Say<br />The Committee of Sponsoring Organisations of the Treadway Commission’s (COSO) Enterprise Risk Management – an Integrated Framework, 2004 defines risk appetite as the amount of risk, on a broad level an entity is willing to accept in pursuit of value. COSO makes two key points related to appetite. Firstly, it states that [risk appetite] reflects the entity’s risk management philosophy, and in turn influences the entity’s culture and operating style. Secondly, COSO establishes the link between appetite and strategy, stating explicitly: risk appetite is directly related to an entity’s strategy. <br /><br />The Risk Management Code of Practice from the British Standards institution, BS31100:2008 defines risk appetite as the amount and type of risk that an organisation is prepared to seek, accept or tolerate. This standard also relates appetite to strategy and governance stating: considering and setting a risk appetite enables an organisation to increase its rewards by optimising risk taking and accepting calculated risks within an appropriate level of authority. <br /><br />What Manigent Says <br />Manigent, a Strategy Execution and Risk Management Consultancy Firm, provides a slightly broader definition of risk appetite as: the amount and type of risk that an organisation is willing to accept, and must take, to achieve their strategic objectives and therefore create value for shareholders and other stakeholders. By adding ‘and must take’, Manigent’s definition expresses that taking risk is an inherent part of strategy execution and value creation. Risk is not just about avoiding potential losses, but also about exploiting opportunities. <br /><br />Why is Risk Appetite Important? <br />Many times, history has demonstrated that companies having a ‘performance-only’ approach to strategy execution, were they are prone to losses and failures once adverse circumstances emerge. The cascade of bank failures trapped into excessive credit derivatives exposures in 2008, the hard landing of the US economic after a widely identified, yet widely disregarded, asset bubble, the gigantic losses of the insurance sector in the aftermath of the technological bubble burst, the current struggle of continental banks stuck with excessive exposure to European sovereign debt, billions of rogue trading losses at Société Générale and UBS, the failure of MF Global after a strategy push for proprietary trading. Examples pleading for a risk based approach to strategy execution are countless. <br /><br />This implies, at Board level, a decision on the amount of risk the organisation is capable and is willing to take, that translate into a Risk Appetite Statement. <br /><br />The Necessary Features <br />Risk appetite statement needs to be defined at the top, in line with the strategy and the value drivers of the business, transparent, unambiguous, and cascaded down through all decision levels of the organisation. <br /><br />Rather than “are we on track to hit our targets?, board members and executives must ask a different question: “is the organisation operating within appetite?”. This question puts the alignment of risk-taking to strategy at the heart of the strategic conversation and incorporates both the performance and risk dimensions of strategy execution. <br /><br />As a board level tool, Manigent believe that the definition of risk appetite must be closely coupled with the definition of strategy. Therefore, one of the first steps in the risk appetite definition process is to define a clear set of business drivers related to the organisation’s business model and strategy. Once the board and executive have determined the business drivers, those few key determinants of success, these should then be used to define the organisational risk appetite. <br /><br />Board involvement in setting and monitoring adherence to firms’ risk appetite and the presence of actionable elements that articulate firms’ intended responses in cases of breaches in limits are two key features highlighted by the Senior Supervisors Group in their report on the risk management lessons from the 2008 crisis. <br /><br />A Risk Appetite Statement is a set a limits within which a company is allowed to operate. Any breach of those limits during the execution of the strategy must be reported to the Board that will either allow an exception or revise its risk appetite based on due justification, or take appropriate actions to reduce to risk exposure and realign the exposure of the business within its appetite. Manigent fully supports and helps his clients adhering to these good principles of corporate governance, widely recommended to the financial services industry. <br /><br />If you are interested in learning more or simply have a question surrounding Risk Appetite please email: becky@manigent.com</p></div>Risk Managers: What should you report to the Board?https://globalriskcommunity.com/profiles/blogs/risk-managers-what-should-you2011-06-20T14:30:00.000Z2011-06-20T14:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><div style="margin:20px 30px;"><p>Boards are under pressure like never before to assure their organization has an effective risk management program. The SEC, through the <span style="text-decoration:underline;"><a href="http://www.sec.gov/news/press/2009/2009-268.htm">Proxy Disclosure Enhancements amendment</a></span>, is holding them personally responsible for risk management.</p><p>If your board hasn't already come knocking on your door for a briefing on the effectiveness of risk management, they will be soon. So the $64,000 question remains:</p><p><strong><span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/product/dashboard-reports/" target="_blank">ERM Risk Reporting</a></span>: What should you present to the board?</strong></p><p>The short answer is the larger picture of risk with a connection directly to the front-line. This is the crux of the problem. As you know, the board makes strategic decisions by viewing your organization from a 35,000-foot perspective. They aren't interested in a list of hundreds of risk indicators, or even the top 10 operational risks. </p><p>Your board needs to understand the sources of uncertainty that could impair continuing operations or reaching your organization's strategic goals. The risk is not the event of a lawsuit, but rather the uncertainty that employees are acting appropriately that the board needs to know about. It's not the event of supply chain disruption, but rather the uncertainty of preparedness for changes in weather patterns. The board needs to understand trends in uncertainty, that is the larger risk picture, on the commitments they have endorsed.</p><p>Sounds simple enough, so how do you assemble this information?</p><p>You need to take these big picture issues one by one, and connect them to the real activities that materially contribute to each issue.</p><p><strong>How to connect operational risks to strategic goals:</strong></p><ol><li>Choose one of the board's <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/performance-management-with-erm/"><span style="text-decoration:underline;">strategic imperatives</span>.</a></li><li>Identify the <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/business-process-improvement/">business processes</a></span> that contribute to that goal.</li><li>Assess the <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-identification/">root cause</a></span> of risk for each corresponding process.</li><li>Connect the corresponding <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-assessment-templates/" target="_blank">risk assessment templates</a></span> to that strategic goal.</li><li>Repeat steps 1 through 4 for each of the board's strategic goals.</li><li>Report the impact of risk on each strategic goal to the board.</li></ol><p>Any one of these steps can be a challenge for risk managers. Find out how ready you are to present to the board, evaluate your risk program with the <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/erm-software/knowledge-center/ensuring-erm-sustainability/">RIMS Risk Maturity Model Assessment</a></span>.</p><p>You can also learn more about what the board requires by watching this on-demand webinar <span style="text-decoration:underline;"><a href="http://www.logicmanager.com/register-what-is-strategic-erm-webinar" target="_blank">What is Strategic ERM?</a></span></p></div></div>Real time banking and risk jobs all over the world. Be ahead of your competition!https://globalriskcommunity.com/profiles/blogs/real-time-banking-and-risk2010-03-05T09:03:23.000Z2010-03-05T09:03:23.000ZBoris Agranovichhttps://globalriskcommunity.com/members/BorisAgranovich<div><a href="http://www.globalriskconsult.com/job-board">http://www.globalriskconsult.com/job-board</a></div>