Blog

Governance programs are the unsung heroes of 21st-century business operations. Their situation is analogous to that of football’s offensive line.

If an offensive line does its job, no one will notice it, but when something goes wrong, the spotlight shifts.

Governance personnel know this feeling all too well. Unwanted surprises – be they compliance notices, audit findings, or a poor vendor relationships – are bad for business. Even a good surprise, like exceeding a sales target, can cause trouble i

Nobody likes surprises in business. Using a risk-based approach to identify your organization’s likely vulnerabilities is highly recommended and vital to short-term and long-term success. Expanding regulations make compliance increasingly complex and expensive, and increases in deficient internal audit controls have heightened scrutiny of companies by the SEC, PCAOB, and investors.

Business surprises are preventable, but there are several common issues with risk identification that can be impossi

Volkswagen has been side-stepping environmental compliance standards by “programming some diesel-fueled cars to turn on emission controls only when being tested.” In the days since this discovery, Volkswagen has been hit with over 30 federal lawsuits and 40%+ decline in stock value, all stemming from the same source—poor Enterprise Risk Management.

In this case, poor risk management regarding their investment in diesel, without developing a mitigation plan for if the technology didn’t meet emissi

Last month, SoulCycle, a well-known high-end cycling business, filed for an initial public offering. In the midst of this exciting transition from private to public, SoulCycle was hit with a lawsuit for violating the Credit Card Accountability and Disclosure Act. One might assume that the company was outed by a compliance agency or regulator. But, surprisingly, this lawsuit comes from a disgruntled former customer, Rachel Cody, who felt she was being "robbed" by the cycling mogul she once truste

Jeanette Franzel, board member of the Public Company Accounting Oversight Board (PCAOB), recently spoke at the American Accounting Association (AAA), according to The Wall Street Journal. She says audit-oversight inspections show a twenty percent increase (since 2013) in internal-control deficiencies of company audits. Inspections also indicate that 36 percent of company audits now have internal-control deficiencies, which constitutes a threefold increase from five years ago.

Franzel indicated th

Enrique Suarez Presenting:

Define Your Digital Strategy—Now

Source:

Ross, Jeanne W.
Sebastian, Ina
Fonstad

Center for Information Systems Research (CISR)

M.I.T

2015-06-18

Abstract: The confluence of social, mobile, analytics, cloud, Internet of Things, and other powerful, readily accessible technologies is disrupting businesses in all industries. Success requires a coherent digital strategy that is informed by the capabilities of these technologies. Leaders guide investment decisions by focusing on eithe

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor ma

The New York Times author David Leonhardt recently published a puzzle that I recommend all governance personnel attempt. Take a second to give it a try before reading this blog, but if you’re pressed for time, I’ll outline the basic premise.

The puzzle asks that you find the rule in the following pattern of numbers by guessing other sets of numbers that may or may not obey the rule. The sequence that obeys the rule is:

You may think you have the puzzle figured out already, and if you guessed, say,

Cybersecurity has been on our radar a lot lately, but that's thanks to the alarming number of recent, high-profile security breaches. Take a look at our recent blog post regarding a major flaw in the Android operating system, or our discussion of hackers' disturbing rate of maturity.

Federal officials recently broke up a long-term insider trading scheme

In early August of this year, it was announced that Feds succeeded in breaking up a hacking and insider trading scheme in which international hack

The OCC released its “Semiannual Risk Perspective” and, perhaps as anticipated, banks continue to struggle plugging gaps in information technology practices.

Among the risks highlighted in the study, as reported by Joe Mont at Compliance Week:

• Evolving cyber-threats and information technology vulnerabilities require heightened awareness and appropriate controls.
• The high volumes and frequency of changes to information systems to address regulatory requirements, enhance risk monitoring reporting, an

Our society runs on technology. We all rely on smart phones, laptops, and iPads and other tablets, all of which are linked to one another via the internet and a multiplicity of software programs. Technology is embedded in our credit cards, cars, and alarm systems. Our vendors are co-located in our work environments virtually and physically.

Increased technological capability brings increased technological vulnerability. Making technology secure is a continuous battle; some cyber threats are steal

Morgan Keane made headlines in 2014 at the RIMS Enterprise Risk Management Conference in Miami, Florida, and has done so again in a profile now posted to PropertyCasualty360.com.

Keane highlights her work in reaching out to and educating over 7,000 employees at the Port Authority of New York & New Jersey, and her role with the RIMS Risk Management Society.

We commend Morgan on her fine work! For more information about how you can engage stakeholders and mature your ERM program, request a LogicMana

Manage operational risk as a separate entity while budgeting for increased operational risk demands

New York City, NY– May 6, 2015 – marcus evans, the world’s largest event management group, will host the Operational Risk Management Conference on September 16-17, 2015 in New York City, NY. This conference will bring together risk leaders to examine the exposures brought on by operational risk and how these must be accounted for in the business model, as well as focusing on techniques for demonst

There is a weakness in cyber risk to focus on the technical issues. They are necessary but not sufficient if you want to understand and manage all your cyber exposures, which I define as the vulnerabilities that arise as a result of activity using computers and the Internet. There is a great range of these vulnerabilities that are not being addressed.

An example would be the exposures that arise through the use of Social Media if not managed and controlled. For example posts that reveal sensitive

Disclaimer: Much of this article is based on the PowerPoint presentation Operational Excellence: An Integrated Business Execution System developed by Operational Excellence Consulting.

* * * *

In "The Discipline of Market Leaders," Michael Treacy and Fred Wiersema describe three distinct value propositions an organization can choose to compete in their market or industry:

1. Operational Excellence,
2. Product Leadership, and
3. Customer Intimacy.

The core of the book is based on five years of research by the T

Disclaimer: Much of this article is based on the PowerPoint presentation Lean Thinking 101 developed by Operational Excellence Consulting.

* * * *

Lean Management is a management philosophy based on the Toyota Production System (TPS). This management philosophy was coined "Lean" only in the 1990s. The objective of Lean Thinking is to eliminate everything that does not add value (i.e. "waste") from the customer's perspective.

The general approach to Lean is learn-by-doing and to foster a culture of

There are a couple of common refrains we hear at LogicManager on a consistent basis. One is of particular concern to risk managers seeking to establish legitimacy and trust within their organization.

"My boss just doesn't get it."

The signs you're on this boat are noteworthy. You're rarely questioned about the legitimacy of the data you've collected. Feedback is positive, but non-descript (e.g. "We appreciate your work."). Your findings don't result in a change in direction, or worse, no one even

The healthcare industry has grappled with HIPAA for nearly 20 years. The ever-changing, extensive piece of legislation mandates the protection and security of patients' private health information, and HIPAA compliance is a costly and time consuming process for healthcare organizations.

With the amount of focus and effort directed towards HIPAA compliance, risk and compliance professionals at healthcare organizations can rest assured their patients' data is protected from hackers and data theft, r

Since Darwin’s Origin of the Species we have recognised how nature adapts to survive.  Modern humankind continues to adapt to survive while following these two innate risk management principles:

•    If it hurts us we learn and take action in proportion to the degree of pain.

•    The next time we face the same pain we are better prepared and we go back for more and either avoid the pain or at least find a way of working to a new pain threshold.

Why history keeps repeating itself is simple really. 

Forrester recognizes growing interest in consolidated platforms

GRC has been defined up until now as targeting specific requirements of a single department or function — typically IT, compliance, or health and safety.  Since 2005, LogicManager, a leader in ERM platforms, has taken a more holistic, enterprise approach to these functions, and with the Q1 2014 Wave, Forrester has adjusted its lens, consolidating its various GRC submarket reports to reflect a “growing customer interest in consolidate