Blog

One of our business analysts recently came to me with a particularly troubling conversation he had with a prospective client. The client reported to him that while 6 months ago the appetite for ERM had been strong, the enthusiasm and excitement for the program had since waned and the risk manager was now preparing to take “micro” steps forward over the next several years.

This account is far too common for enterprise risk managers in today's environment. Hired into an energetic and new function,

[Editor’s Note: Organizations have become myopic with GRC solutions, and they can no longer see the forest through the trees. Our new series, brought to you by the LogicManager Analyst Team, will keep you up to date with real world examples of risk management failures, and how ERM could have prevented them.]

Over 300,000 West Virginians are still waiting to use their tap water for cooking, cleaning, and even bathing after the discovery that a chemical used in coal processing was allowed to leak i

The Security and Exchange Commission announced its examination priorities for the New Year, and Enterprise Risk Management heads the list. The priorities, selected by Senior Staff from the National Examination Program, aim to address areas of weakness that threaten fair, orderly, and efficient markets.

On the subject of Enterprise Risk Management, the NEP states that it will continue to meet with boards and high level senior management to discuss the firm’s Enterprise Risk Management process, esp

With Halloween behind us, the calendar turns to the most critical part of the year for Enterprise Risk Managers in the retail industry. An operational risk failure at this time of year can result in millions of dollars in losses, and it’s as important as ever to manage the reputational, strategic, and supply chain risk that will make or break a holiday season.

With that in mind, our friends at the Risk Management Monitor recently visited an Allianz survey of British retailers, which offers a few

On October 30, 2013 the Office of the Comptroller of the Currency (OCC) published a bulletin to the CEOs and CROs of all national banks stressing the need for an enterprise risk management approach to vendor management. In the bulletin, entitled, OCC: Third-Party Relationships: Risk Management Guidance, the office recognizes, “integrating the bank’s third-party risk management process with its enterprise risk management framework enables continuous oversight and accountability.”

How does the OCC

With the Affordable Care Act (ACA) continuing its implementation this week with the start of the open enrollment period, there has never been a more critical time for Healthcare Institutions to have a firm handle on their risk environment and the implications of those risks.

Since its enactment in 2010, the ACA has fundamentally shifted how many hospitals must conduct day-to-day operations. For example, hospitals must now shift their patient records systems to electronic medical records, which in

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its Internal Control – Integrated Framework document all the way back in 1992 to assist publicly traded organizations adhere to the Sarbanes-Oxley Act (SOX) Section 404. COSO considers internal controls to be an integral part of enterprise risk management (as does LogicManager), and as such, any changes to the Internal Controls best practices has a direct effect on organizations with Enterprise Risk Management p

As we move into the 4^th step of ORSA implementation, Risk Monitoring, Control, and Action Plans, we begin to see the importance of adhering to best practices when executing Risk Culture and Governance, Identification and Prioritization, and Risk Appetite and Tolerances.

With the necessary structure in place to track and collect risk intelligence, the next step involves orchestrating a plan for improvement. Why is a plan for improvement so critical? Besides limiting the risk exposure of your organ

With the Affordable Care Act (ACA) continuing its implementation this week with the start of the open enrollment period, there has never been a more critical time for Healthcare Institutions to have a firm handle on their risk environment and the implications of those risks.

Since its enactment in 2010, the ACA has fundamentally shifted how many hospitals must conduct day-to-day operations. For example, hospitals must now shift their patient records systems to electronic medical records, which in

The third step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) is the implementation of a Risk Appetite and Tolerance Statement. This step is meant to sets boundaries on how much risk your organization is prepared to accept in the pursuit of its strategic objectives.

An organization-wide risk appetite statement provides direction for your organization and is a mandatory part of your assessment. As defined by COSO (one of the risk management standards measured in the

The first step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) implementation, Risk Culture and Governance, lays the groundwork and defines roles for your risk management function. The second step, Risk Identification and Prioritization, defines an ongoing risk intelligence process that equips an organization with the data needed for risk based decision making.

The engine behind this process – the enterprise risk assessment – isn’t a new concept, but organizations a

A study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle tha

Businesses began with Enterprise Risk Management (ERM) from the dawn of civilization. The first businesses were small and therefore one person knew all their customers, suppliers and processes. They knew all the risks within their business how they were connected to affect their business goals, which made it easy to manage both the upside and downside “impact of uncertainty on objectives”.

However, as the size of organizations grew in the industrial age, everyone became a specialist and groups of

Federal and state regulatory compliance requirements have grown exponentially and touch all operational areas. Compliance has become very complex and expensive with extensive new regulations, multiple overlapping information sources, and operational impacts that are difficult to identify and track. Financial Institutions typically manage compliance workflows manually, which is difficult in multiple branch or interstate operations, and across multiple lines of business. As a result, compliance an

What the Great Wall of China can teach us about Vendor Risk Management

A vendor risk management approach is all about creating centralized standards that transcend business silos, which is very different from the approach taken in traditional vendor management software. Vendor management needs tools with a risk-based approach to overcome their difficulty of objectively putting the vendor compliance pieces together across legal, purchasing , security reviews, and accounts payable silos for contrac

Properly stress testing measures of risk is a complicated activity that few companies have done well. In this blog we take a look at a complete framework for stress testing.

The spreadsheet map can be downloaded from this [LNK]

Risk management is not about absolutes, it is about using a consistent analysis framework for balancing risk and cost on a common basis across the enterprise. Yesterday's announcement by the Transportation Security Administration (TSA) of their adoption of a risk-based approach is a long awaited practical application of enterprise risk management to security.

As April 25, 2013, the TSA will allow small pocketknives and an array of sporting equipment -- banned from aircraft cabins in the wake of t

Looking back over my most popular blogs, there was a lot of interest in 5 Steps for Better Risk Assessments and How to Consolidate Compliance Risk Assessments. Due to this interest I have created a complimentary 30 minute webinar on streamlining enterprise risk assessments complete with detailed "how to" examples and visuals that are not possible in a blog format.

Click here to watch this On Demand Webinar or read the full invitation below:

On-Demand Complimentary Webinar Invitation:

Organizations

The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in enterprise risk management (ERM) practices.

John Brown, Director, Risk Management, Supply Chain & Techni