practices - Blog - Global Risk Community2024-03-29T12:07:09Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/practicesWhy SailPoint IdentityIQ has been Trending and Boominghttps://globalriskcommunity.com/profiles/blogs/why-sailpoint-identityiq-has-been-trending-and-booming2020-09-11T05:30:00.000Z2020-09-11T05:30:00.000ZBhupendra Prasadhttps://globalriskcommunity.com/members/BhupendraPrasad<div><p>In the modern era, solutions that deal with identity management should be able to perform two things equally well, first is to deliver smooth access to the business, and second is to provide support of requirements and needs of compliance around safety and security. No matter how much administrative requests and change and develop, or what number of new employees, temporary workers, and different clients come or change jobs, companies must have the option to rely on their identity solutions for economically empower solid and steady controls over admittance to applications and information, permit for convenient access requests and deliver convenient provisioning of access rights.</p><p></p><p><a href="{{#staticFileLink}}8028336473,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8028336473,original{{/staticFileLink}}" class="align-center" alt="8028336473?profile=original" /></a></p><p>In the new age, well-coordinated and compliant companies should successfully implement identity and access controls to limit business hazards and avert security breaks or misuse of information while enhancing audit performance and smoothing out compliance to decrease IT costs.</p><p>To deal with these difficulties, associations require an answer that can scale up and stay aware of access demands and compliance prerequisites, while keeping access-related dangers, cost, and audit inadequacies down. SailPoint IdentityIQ is developed and intended to address these difficulties.</p><h2><strong>What is SailPoint IdentityIQ?</strong></h2><p>SailPoint IdentityIQ is an advanced and effective solution for identity management that lessens the expense and complexity of both the following guidelines and providing access to users. Conventional identity management methods manage these regions in a separate way, frequently utilizing various, and disjointed items. However, IdentityIQ gives a unified methodology that uses a typical identity administration system. This makes it possible to reliably apply business and security strategy, and role and hazard models, overall access related exercises.</p><p>Intended to scale to the most complex enterprise necessities, SailPoint IdentityIQ empowers you to increase total visibility and control of access for every one of your workers, partners, contractual workers, and non-human users including bots. SailPoint IdentityIQ works at the center of your security and IT systems to expand profound administration abilities to all your important applications and frameworks.</p><h2><strong>SailPoint IdentityIQ Empowers Companies to:</strong> </h2><ol><li>Management of compliance utilizing automated access accreditations and strategy.</li><li>Enable clients to effortlessly sign-on to web and SaaS applications without recalling various passwords.</li><li>Gain greater visibility into all client access from the data center to the cloud and proactively uphold risk-appropriate administration controls.</li><li>Make a smooth change from on-premises IAM to IAM-as-a-Service (IDaaS) if and when the time is appropriate.</li><li>Enable secure, yet traditional access to any application, from any device.</li><li>Provide on-request visibility into "who has access to what" to help settle on business choices and meet audit necessities.</li><li>SailPoint IdentityIQ gives the power to the user to demand access and reset passwords freely.</li><li>Automate provisioning across the lifecycle of the user by improving processes for making, altering, and renouncing access.</li></ol><h2><strong>Why SailPoint? Advancements in Identity Management</strong> </h2><p>There is a unique feature of SailPoint that is to offer a special mix of qualities to bear on each aspect of the new difficulties of identity management. With creative, industry-demonstrated innovation, a solid legacy in identity and access management, and a laser-like focus on identity administration, SailPoint is best prepared to enable any association to run a fruitful identity management program with the given business advancements:</p><h3><strong>1. Risk-based methodology</strong></h3><p>Only SailPoint has the feature of offering 360° visibility into identity and access information and applies a model of risk that makes it simple to speedily recognize explicit business risks before they represent a threat to security or compliance.</p><h3><strong>2. Unified architecture</strong></h3><p>SailPoint is the main identity provider that has constructed an identity administration and provisioning solution starting from the earliest stage to deliver all the capacities that associations need to address the present-day risk, compliance, and lifecycle management needs.</p><h3><strong>3. The flexible last-mile provisioning method</strong></h3><p>IdentityIQ coordinates effectively with whatever identity innovations; apparatuses and measures are built up or liked. With SailPoint, the client chooses how changes are satisfied with the assets across the association. </p><h3><strong>4. Improved performance and adaptability</strong> </h3><p>SailPoint meets the performance and adaptability needs of a portion of the world's biggest clients. IdentityIQ is intended to scale horizontally, vertically, and practically, making it workable for SailPoint to oversee a huge number of clients, a great many applications, and a large number of entitlements.</p><h3><strong>5. Centralized administration across datacenter and cloud conditions</strong></h3><p>IdentityIQ is intended to deal with access to all information, applications, and other assets throughout the company, from the data center to the cloud.</p><h2><strong>Trend and Opportunities in the Future</strong></h2><p>SailPoint enables the world's biggest associations to mitigate risks, to lessen IT costs, and guarantee compliance. SailPoint IdentityIQ gives better visibility into and commands over user access than secret and sensitive applications and information while smoothing out the access request and the process of delivery. IdentityIQ is the business' top governance-based identity management system that rapidly provides substantial outcomes with mindful of risk compliance management, closed-loop client lifecycle management, adaptable provisioning, an incorporated governance model, and intelligence associated with identity.</p><p>Owing to its numerous benefits, it is predictable that careers in SailPoint IdentityIQ will provide you with lucrative and stable opportunities in the next few years. Increasing demand for identity management software is propelling the growth of the SailPoint IdentityIQ market in the upcoming years. With greater security and reliability, we can assume that this technology will see a boost in the years to come.</p><p>According to the various online job portals, <strong>the average salary for SailPoint IdentityIQ varies from INR 612k annually for an experience Engineer to INR 840K annually for developers</strong>. That’s a hell lot of money, isn’t it? In addition to lucrative career opportunities, SailPoint IdentityIQ offers the stability of the job. With increasing technological advancement, the demand for both engineer and developer of SailPoint IdentityIQ will see growth in the next few years.</p><p><strong>SkillXS IT Solutions</strong> provides easy to access online courses that cover SailPoint IdentityIQ extensively. The courses have been thoroughly prepared by industry experts. So, what are you waiting for? Go and grab a seat now.</p><p><strong>Book Your Seat:</strong> <a href="https://www.skillxs.com/course/17/sailpoint-identityiq">https://www.skillxs.com/course/17/sailpoint-identityiq</a></p><p>These digital courses by SkillXS IT Solutions will make you job-ready in a very short period. There are plethoras of other websites that also provide online courses but not many will ensure you a job. However, SkillXS IT Solutions will provide job assistance to all candidates once they successfully completed the modules of the course.</p><h2><strong>Summing Up</strong></h2><p>For many organizations that are rapidly growing in today’s fast-paced world, SailPoint IdentityIQ is the obvious choice due to its ability to deliver governance of identity and provisioning capabilities in a single solution.</p><p>SailPoint, the pioneer in the management of identity enterprise, carries the Power of Identity to clients around the globe. The open identity platform of SailPoint enables companies to enter new markets, scale their workforces, grasp new advances, advance quicker, and contend on a worldwide basis. As both an industry pioneer and market pioneer in identity administration, SailPoint delivers security, operational effectiveness, and compliance to enterprises with complex IT situations. SailPoint’s clients are among the world's biggest organizations.</p></div>Key Performance Indicators (KPIs) Best Practices: Your Guide to Driving Performance Improvementshttps://globalriskcommunity.com/profiles/blogs/ey-performance-indicators-kpis-best-practices-your-guide-to2020-03-16T06:30:00.000Z2020-03-16T06:30:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>More sophisticated managers explicitly use <a href="https://flevy.com/business-toolkit/key-performance-indicators">Key Performance Indicators (KPIs)</a> to promote cross-functional--not just vertical--alignment. For them, KPIs are the <a href="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Key-Performance-Indicators-300x200.jpeg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-Key-Performance-Indicators-300x200.jpeg?profile=RESIZE_710x" width="300" class="align-right" alt="pic-1-Key-Performance-Indicators-300x200.jpeg?profile=RESIZE_710x" /></a>means and methods for rigorously defining and measuring the fundamentals that matter.</p><p><em>Why are KPIs important?</em> If used effectively, KPIs can clearly track value creation and deliver value for its stakeholders – customers, employees, and investors.</p><p>KPIs are being used by organizations in different ways. Yet, there are clear and measurable differences that exist in terms of how it is being used. There are organizations that use KPIs to monitor and assess performance while there are those that use KPIs to guide and drive performance improvements. Data-driven and customer-oriented leaders use KPIs in practicing <a href="http://flevy.com/browse/stream/customer-centric-design">Customer-centric Design</a>, while those more concerned with hitting their numbers remain focused on efficiencies.</p><p>There are 4 primary <a href="https://flevy.com/browse/flevypro/key-performance-indicators-kpis-best-practices-4010">best practices for Key Performance Indicators</a> that organizations should follow. These best practices are every organization’s guide to using KPIs to drive <a href="https://flevy.com/business-toolkit/enterprise-performance-management">performance improvements</a>.</p><h3>The 4 KPIs Best Practices</h3><p>The <a href="https://flevy.com/browse/flevypro/key-performance-indicators-kpis-best-practices-4010">4 KPI Best Practices</a> can demonstrate the effective use of KPIs to reflect and illuminate the strategic priority of organizations.</p><p><a href="https://flevy.com/browse/flevypro/key-performance-indicators-kpis-best-practices-4010" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/12/pic-1-KPI-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="pic-1-KPI-1024x768.png?profile=RESIZE_710x" /></a></p><ol><li><strong>Focus on Customer Experience (CX)</strong>. The first KPI Best Practice, Focus on Customer Experience is focused on an increased understanding of customers’ wants and needs. There is a renewed emphasis on learning more about users of products. The main objective of focusing on customer experience is turning customers into brand advocates and evangelists. When KPIs are focused on customers beyond the sales funnel, this encourages an organization to realign itself around sharing, coordination, and collaboration.</li></ol><ol start="2"><li><strong>Identify Top KPIs</strong>. When top KPIs are identified, it is basically identifying the priority KPIs. Doing this requires identifying the appropriate number of KPIs to prioritize. There are guide questions than can help organizations in the prioritization of the KPIs. One of the questions can be “Is there a consensus on how KPIs affirm and support strategy? Another significant question can be one that points to how directly the functional KPIs contribute to enterprise success. When going through this process, it is important that leaders understand how KPIs interrelate and align.</li></ol><ol start="3"><li><strong>Foster Enterprise-wide Discussion of KPIs</strong>. A very critical Best Practice, the third KPI Best Practice is focused on reinforcing the company’s culture. In fostering enterprise-wide discussion of KPIs, KPIs must be central to leadership conversations around driving organizational behavior and change. It is not merely an assessment tool. If KPIs are not front and center at a management meeting, there is something wrong with the meeting, the management, or the KPIs.</li></ol><ol start="4"><li><strong>Treat KPIs as Special Class Data</strong>. Treat KPIs as Special Class Data is the fourth KPI Best practice that is essential in process transformation and automation. Organizations must understand that data and analytics are the raw ingredients of KPIs. KPIs special class as a data asset will become even more important as they become an input to ML algorithm and process automation. In the years to come, organizations can expect that data capability that supports more complex KPIs will become a source of competitive advantage.</li></ol><h3>What Matters Most</h3><p>It is very clear that KPIs play a vital role in directing the priorities of organizations. With the changing global economy, organizations have been recognizing the importance of Customer Focus. In fact, it has taken a priority seat and identified as the top KPI by executives.</p><p>But does this hold true to all organizations? Identifying top KPIs is important but organizations must know the right way to identify the appropriate number of KPIs and prioritize them. It is important to note that KPIs must align well with the organization’s internal processes with its external customer behaviors.</p><p>Customer Focus is a priority, but is it also your priority KPI?</p><p>Interested in gaining more understanding of the <a href="https://flevy.com/browse/flevypro/key-performance-indicators-kpis-best-practices-4010">KPI best practices</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/key-performance-indicators-kpis-best-practices-4010">editable PowerPoint about Key <strong>Performance Indicators (KPIs) Best Practices</strong> here</a> on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting">consulting training guides</a> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>When the Going Gets Rough, Unlearn to Learn the 5 Leadership Practices of Capabilities-Driven Strategy (CDR)https://globalriskcommunity.com/profiles/blogs/when-the-going-gets-rough-unlearn-to-learn-the-5-leadership2019-12-02T06:30:00.000Z2019-12-02T06:30:00.000ZJoseph Robinsonhttps://globalriskcommunity.com/members/JosephRobinson808<div><p>Golf is a club-and-ball sport in which players use various clubs to hit balls into a series of holes on a course in as few strokes as <a href="http://flevy.com/blog/wp-content/uploads/2019/03/5-Leadership-Practices-of-CDR-300x298.jpg" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/03/5-Leadership-Practices-of-CDR-300x298.jpg?profile=RESIZE_710x" width="249" class="align-right" alt="5-Leadership-Practices-of-CDR-300x298.jpg?profile=RESIZE_710x" /></a>possible. The more we play golf, the more we realize that there is a negative correlation between how hard we swung and how far we hit the ball. In golf, rarely is much accomplished from merely swinging hard. Sheer force does create action, but this is often negated by a lack of strategy. Life in golf, we need to learn to pull back a little, focus, and work on specific objectives.</p><p>Almost every business today faces major strategic challenges. In a survey conducted by Strategy&, PwC’s strategy consulting business, the majority of the respondents think that they do not have a winning strategy. In another survey, the majority concedes that they are missing out on major opportunities in the market.</p><p>These are happening not only due to external forces. These are the outcome of the way most companies are managed. There is a significant and unnecessary gap between <a href="https://flevy.com/business-toolkit/strategy-development-sd">Strategy Development</a> and <a href="https://flevy.com/business-toolkit/strategy-execution">Strategy Execution</a>. There is a lack of connection between where the enterprise aims to go and what it can accomplish.</p><h3><span style="font-size:12pt;"><strong>Conventional Management vs. Capabilities-Driven Strategy</strong></span></h3><p>Conventional Management today does not work. It violates the tenets of Management. Most conventional management practices have developed through trial and error. And often, these do not have any direct link to the company’s strategy.</p><p>It is essential that our company must move away from the conventional wisdom of mainstream business practices to achieve success. It is about time that we focus on <a href="https://flevy.com/browse/flevypro/capabilities-driven-strategy-cdr-3677">Capabilities-Driven Strategy</a>. A Capabilities-Driven Strategy is built on distinctive capabilities that enable companies to focus on their greatest strengths and gain a competitive advantage.</p><h3><span style="font-size:12pt;"><strong>The 5 Leadership Practices of Capabilities-Driven Strategy (CDR)</strong></span></h3><p>The <a href="https://flevy.com/browse/flevypro/5-leadership-practices-of-capabilities-driven-strategy-cdr-3702">5 Leadership Practices of Capabilities-Driven Strategy</a> is an appealing path that feels intrinsically rewarding. While this path may not be the only path to success, it is the only path that provides long-term sustainable success. Even taking a few steps in this direction can already boost our company’s energy and morale.</p><p><strong><a href="https://flevy.com/browse/flevypro/5-leadership-practices-of-capabilities-driven-strategy-cdr-3702" target="_blank"><img src="http://flevy.com/blog/wp-content/uploads/2019/03/1st-slide-5-Leadership-Practices-of-CDR-1024x768.png?profile=RESIZE_710x" width="750" class="align-full" alt="1st-slide-5-Leadership-Practices-of-CDR-1024x768.png?profile=RESIZE_710x" /></a> </strong></p><ol><li><strong>Build a Clear Identity.</strong> Our identity must be clear even if we offer a wide variety of products and services in multiple sectors.</li></ol><ol start="2"><li><strong>Focus on a Few Capabilities.</strong> Capabilities become more significant when these are woven together to produce some unique for our company.</li></ol><ol start="3"><li><strong>Develop a Solid Culture.</strong> Culture is the greatest asset of our company. Our culture can either reinforce or undermine our strategy.</li></ol><ol start="4"><li><strong>Manage our Costs.</strong> Every cost is an investment. It can either be used to fund powerful, distinctive capabilities or incoherent activities that can hold back companies.</li></ol><ol start="5"><li><strong>Shape our Future.</strong> We need to build on early success to save our future. When we do this, our capabilities can give our company opportunities to expand in this global business environment.</li></ol><p><strong> </strong>These <a href="https://flevy.com/business-toolkit/leadership">Leadership</a> practices are so interconnected that we need to adopt them all together. Overlooking any one of them will cause us to fall back. What will happen if we fail to build a solid culture? When this happens, it will make our people feel trapped and disengaged. New strategies may fail because people do not believe that they will last.</p><p>Every step is important for every step is a link towards achieving long-term sustainable success.</p><p>Interested in gaining more understanding of <a href="https://flevy.com/browse/flevypro/5-leadership-practices-of-capabilities-driven-strategy-cdr-3702">5 Leadership Practices of Capabilities-Driven Strategy (CDR)</a>? You can learn more and download an <a href="https://flevy.com/browse/flevypro/5-leadership-practices-of-capabilities-driven-strategy-cdr-3702"><u>editable PowerPoint about <strong>5 Leadership Practices of Capabilities-Driven Strategy</strong> (CDR) here</u></a> on the <u><a href="https://flevy.com/browse">Flevy documents marketplace</a></u>.</p><p><strong>Are you a management consultant?</strong></p><p>You can download this and hundreds of other <u><a href="http://flevy.com/pro/library/frameworks">consulting frameworks</a></u> and <u><a href="http://flevy.com/pro/library/consulting">consulting training guides</a></u> from the <a href="http://flevy.com/pro/library">FlevyPro library</a>.</p></div>Preparing for a Data Governance Revolution in the See-Through Economy: Takeaways from Speaking at the 2019 ISACA-IIA GRC Conferencehttps://globalriskcommunity.com/profiles/blogs/preparing-for-a-data-governance-revolution-in-the-see-through2019-08-23T19:30:00.000Z2019-08-23T19:30:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-2 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h6><span><a href="{{#staticFileLink}}8028299277,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8028299277,original{{/staticFileLink}}" width="350" class="align-right" alt="8028299277?profile=original" /></a>The Internal Institute of Auditors (IIA) and ISACA held their 2019 Governance, Risk, and Control Conference from August 12th to 14th in Fort Lauderdale. This year I was honored to be selected to speak on the effects of data privacy risks in the See-Through Economy in my presentation, “Prepare for a Data Governance Revolution with a Risk-Based Approach.”</span></h6></div><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-text"><p><span>Each year, powerhouse risk governance associations </span><a href="https://www.isaca.org/Pages/default.aspx?cid=1000270&Appeal=SEM&gclid=EAIaIQobChMI1uvG99KU5AIVBF6GCh3Hiw9eEAAYASAAEgLqD_D_BwE"><b>ISACA</b></a><span> and</span><a href="https://na.theiia.org/Pages/IIAHome.aspx"><b><span> </span>the IIA</b></a><span> bring together the leaders of the governance, risk, and control (GRC) industry from their more than 325,000 combined members from around the world so they can learn best practices, gain new skills, and bring actionable knowledge back to their organizations. This conference empowers organizations to embrace the necessary shift to new methodologies when they tackle both predictable and unpredictable changes in the business. The GRC professionals who attended the conference will be leading the charge of mitigating risks through internal controls, ultimately protecting their organizations’ reputations in the </span><a href="https://logicmanager.wistia.com/medias/2zzwap6q0j">See-Through Economy</a><span>.</span></p><p><span>I’ll be recapping below some of the key takeaways I shared with nearly 400 attendees during my session, in addition to tools I provided that you can use in your own organization.</span></p><p></p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-3 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><span>The Challenge: Managing Increasingly Daunting Data Diversity in the See-Through Economy</span></h2></div><div class="fusion-clearfix"></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-4 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><p><span>The International Data Corporation predicts that there will be a ten-fold increase in worldwide data by 2025. As businesses continue to experience this increasing amount of data, governing it becomes even more complex. As a result, organizations are relying more and more on third party vendors to store and manage their data. This practice creates additional data privacy risks that must be properly governed by the business in order to prevent cybersecurity breaches. Although you can outsource a process, you can never outsource the associated risks. </span></p><p><span>The public sets high expectations for a company’s cybersecurity program. For example, 92% of consumers agree companies must be proactive about data protection. To aid consumers’ high expectations, the See-Through Economy connects people all over the world through social media and provides an outlet for them to voice their concerns. When expectations are not met, investors are front-row witnesses to consumer outrage, which consequently affects how they invest. Fortunately, cybersecurity mishaps are completely preventable with an </span><a href="https://www.logicmanager.com/erm-software/product/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">enterprise risk management software</a><b>.</b></p><p></p><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-5 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><span>Use the See-Through Economy to Your Advantage</span></h2></div><div class="fusion-clearfix">It is important to note that the See-Through Economy does not have a negative connotation. Companies need to also take advantage of its benefits. As I was traveling to this conference, I flew down on Spirit Airlines, which had the best availability for my schedule. People were surprised to hear that as a CEO, I was traveling on an airline with such an apparently negative reputation. However, I was pleasantly surprised with the entire Spirit experience. There were no technical difficulties, I was on a brand new plane with comfortable seats, and each associate I interacted with was nothing but friendly. Spirit is a prime example of an organization who could use the See-Through Economy to their advantage. By projecting positive customer experiences like mine that don’t align with the bad stereotypes, Spirit could benefit. Using social media as an outlet, the public could be made aware of positive customer experiences.</div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-6 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-clearfix"></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-7 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><span>Connect Your Risks to the Right Controls</span></h2></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-8 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-separator fusion-full-width-sep sep-none">In my session, I shared two helpful tools: the <a href="https://www.logicmanager.com/download-risk-based-approach-wheel/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">risk-based approach wheel</a> and<a href="https://www.logicmanager.com/download-risk-based-translator/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">risk-based translator.</a> Each of these tools helps organizations effectively communicate and engage with employees in various departments, levels, and stages across the enterprise. Using a risk-based approach and engaging the entire business is especially important when we think about how the controls we have in place connect to known risks.</div><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-separator fusion-full-width-sep sep-none"><p><span>Connecting risks to mitigation activities is the first step in preventing risk management failures. To help further explain this I gave the following example. As I was going through airport security on my way to the conference, I brought along with me a bag of pocket-sized hand sanitizers to give out at the LogicManager booth. I was worried that this would violate the policy requiring liquids to be less than 3.4 ounces given that there were so many of them; however, when I asked the security personnel, I was informed this was allowed. Grateful I did not have to throw out 50+ hand sanitizers, I still found myself pondering the risk at hand. Although TSA was able to check off the box that the hand sanitizers were technically all under 3.4 oz, I still boarded the plane with well over this amount of liquid. What risks are the controls actually mitigating? With an effective risk management program, TSA could map this risk to an appropriate control so that it becomes clear what they are trying to prevent and avoid a potential disaster. </span></p><p><span>Implementing a risk management program is essential, and soon you will become the superhero of your organization. How do you get the board’s buy-in for continued support? It’s simple. When presenting ERM to the board, keep it short, and colorful. C-level executives do not have the time to go through the ins and outs of every department. Fortunately, all you need to communicate with your executives are dashboards that aggregate data across the enterprise into concise reports. With new technologies and increasing amounts of data and partnerships, risks are inevitable. An enterprise risk management system can help. Proactively manage your risks by connecting them to the appropriate mitigation activities and internal controls across the enterprise. </span><span>Ultimately, ERM helps identify controls in a fast-moving environment to make sure the right people with the right knowledge are making key risk-reward account decisions. With a proactive and engaging ERM strategy in place, you’ll be able to avoid any corporate disasters. Lastly, p</span><span>lay up to the advantages of the See-Through Economy to showcase satisfied customers and highlight the risks you are properly mitigating at your organization.</span></p><p></p><div class="fusion-text"><h3><strong>Download the Risk-Based Approach Wheel</strong></h3></div><div class="fusion-text"><p><span>Download the </span><a href="https://www.logicmanager.com/download-risk-based-approach-wheel/"><b>risk-based approach wheel</b></a><span> </span><span>to learn how to connect your risks to the appropriate mitigation controls!</span></p><p></p></div><p><em>This article was originally published on <a href="https://www.logicmanager.com/erm-software/2019/08/23/isaca-iia-grc-conference-takeaways/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic" target="_blank">LogicManager.com</a></em></p></div></div></div></div></div></div></div></div></div></div></div>Ticking Time Bomb: Why A Free Vendor Management Checklist Is A Disaster Waiting to Happenhttps://globalriskcommunity.com/profiles/blogs/ticking-time-bomb-why-a-free-vendor-management-checklist-is-a2018-03-20T20:30:00.000Z2018-03-20T20:30:00.000ZMichael Joneshttps://globalriskcommunity.com/members/MichaelJones<div><p></p><p><a href="https://ncontracts.com/wp-content/uploads/2018/03/Time-Bomb-900x500.png" target="_blank"><img src="https://ncontracts.com/wp-content/uploads/2018/03/Time-Bomb-900x500.png?width=750" width="750" class="align-center" alt="Time-Bomb-900x500.png?width=750" /></a></p><p>There is temptation in the world of management. With regulatory scrutiny increasing and cost a concern, free vendor management checklists seem like an easy solution. But is that free checklist going to cost you down the road?</p><p>My experience says yes.</p><p>Free vendor management checklists are a disaster waiting to happen. From misclassifying vendor risk and misallocating resources to failing to provide an actual process for execution, vendor management checklists lack the nuance needed to help an institution efficiently and effectively manage vendor risk.</p><p>Let’s look at some of the biggest pitfalls:</p><ul><li><strong>It’s not tailored to your structure or processes.</strong> Checklists are designed for the “average” institution. It’s a statistically abstract concept that doesn’t exist in the real world. Chances are your institution is bigger, smaller, more rural, more urban, more deposit heavy, more loan heavy, more technologically advanced, more conservative, more open to risk, or more dependent on mortgages than the average institution.</li><li><strong>Regulators understand this variance.</strong> That’s why they allow for flexibility in how vendor management is executed. Every institution is free to develop its own structure and processes tailored to its size and complexity. Your institution may have a chief risk officer and choose to use committees, or it may be a smaller operation with someone handling vendor management on a part-time basis. A checklist offers a one-size-fits-all approach that isn’t likely to be an ideal fit. You can end up spending too much on an overkill process or implementing an oversimplified structure inappropriate for your size and complexity. Both of these are big problems.</li><li><strong>Its broad definitions of critical vendors can steer you wrong.</strong> There is no master list of <a href="https://info.ncontracts.com/webinars/what-difference-vendor-makes-determining-critical-vendors/">critical vendors</a>. A checklist might encourage you to make a data storage vendor a critical vendor, but if your institution only uses that vendor to shred documents through an onsite intranet, that’s probably overkill, and it is a waste of resources that would be better spent on real critical risk vendors. It might also cause you to mislabel a vendor as low risk when your institution’s unique circumstances make it a critical vendor. For example, if geography limits vendor availability and the institution has just one choice, an otherwise ordinary vendor may become critical. You don’t want regulators pointing out a missed critical vendor, or the missed vendor not being able to recover from a storm that brings the institution’s operations to a halt.</li><li><strong>Falling short on due diligence and monitoring.</strong> Put too much faith in a free vendor management checklist and you can easily fall short on due diligence and monitoring. A checklist is essentially a to-do list. It can provide an institution with an initial set of marching orders, but that’s where it ends. It doesn’t show you how to get the job done, how far along in the process you are, or store your contracts, due diligence documents, and other information in a centralized place. It can’t remind you that a renewal deadline is approaching or that the institution still hasn’t received a vendor’s SSAE-18 form. You’ll still need a system for carefully tracking and regularly monitoring vendor management processes</li><li><strong>There’s no audit trail.</strong> Even if you manage to accomplish every item on the list, checkmarks aren’t exactly exam-ready documentation. You still need to develop a system to track every step of the vendor management process, including planning, <a href="https://info.ncontracts.com/whitepapers/creating-reliable-risk-assessments-012018/">risk assessment</a>, due diligence, <a href="https://info.ncontracts.com/whitepapers/how-to-negotiate-bulletproof-vendor-contracts">contract negotiation</a>, ongoing monitoring, and termination. This is a huge undertaking since vendor management involves every level of the institution from board and management to employees. If it’s not documented, regulators will say it didn’t happen.</li><li><strong>Different regulatory expectations.</strong> Each of the regulatory agencies has slightly different expectations for vendor management. For instance, the Federal Reserve expects banks to specifically consider concentration risk when considering new vendors and managing existing ones, while other agencies include it under operational risk. The Office of the Comptroller of the Currency wants a system in place to integrate enterprise risk management (ERM) and vendor risk management. A generic checklist is unlikely to align with your regulator’s preferences.</li></ul><p>Vendor management is about more than lists of critical vendors and vendor reports. It’s about understanding the choices and decisions an institution made in selecting a vendor and in actively choosing to continue its relationship. It’s about utilizing vendors that can be relied upon to represent the reputation of the financial institution. It’s documenting the justification for each decision and providing proof that the appropriate managers reviewed and approved it. It’s showing an institution’s approach to risk and how a vendor fits. It’s having the resources to analyze reports, monitoring efforts and vendor data to understand the risks in working with third parties. A free checklist simply doesn’t provide the board and management the necessary tools and processes to ensure continued vendor management compliance and continuity. Choosing a free checklist over a system that enables your institution to understand how to best manage vendors in a way that complements the institution’s size, complexity, and processes is a mistake. A mistake that can cost your bottom line or even get you in trouble with regulators.</p><p>You really do get what you pay for.</p></div>Noam Chomsky - On Being Truly Educated/The Purpose of Educationhttps://globalriskcommunity.com/profiles/blogs/noam-chomsky-on-being-truly-educated-the-purpose-of-education2016-02-05T23:49:34.000Z2016-02-05T23:49:34.000ZEnrique Raul Suarezhttps://globalriskcommunity.com/members/EnriqueRaulSuarez<div><p></p><p><a href="{{#staticFileLink}}8028243661,original{{/staticFileLink}}"><img width="266" class="align-center" src="{{#staticFileLink}}8028243661,original{{/staticFileLink}}" alt="8028243661?profile=original" /></a></p><p></p><p></p><p style="text-align:center;"><span class="font-size-4"><strong>Noam Chomsky - On Being Truly Educated</strong></span></p><p style="text-align:center;"></p><p style="text-align:center;"><span class="font-size-4"><strong>The Purpose of Education</strong></span></p><p style="text-align:center;"></p><p style="text-align:left;"><span class="font-size-3">Noam Chomsky is an eminent American theoretical linguist, cognitive scientist and philosopher, who radically changed the arena of linguistics by assuming language as a uniquely human, biologically based cognitive capacity. He suggested that innate traits in the human brain give birth to both language and grammar. The most important figure in “cognitive revolution” and “analytic philosophy”, Chomsky’s wide-ranging influence also extends to computer science and mathematics.</span></p><p></p><p><span class="font-size-3">In this short video Chomsky talks about what it really means to be truly educated that I embrace one hundred percent:</span></p><p></p><p><span class="font-size-3"><a href="https://www.youtube.com/watch?v=eYHQcXVp4F4" target="_blank">Chomsky Video</a></span></p><p></p><p></p><p style="text-align:center;"></p><p style="text-align:center;"></p></div>