Blog

This week I faced the ultimate personal test of my risk management skills, where I had to soul search “do I practice what I preach as an ERM expert.”. Sunday, the night before the storm of the century Hurricane Sandy hit, I had tickets to fly to Texas as a speaker and expert on ERM. What would become of my home and family? Had I applied the same risk principles in my work as a CEO of the leading enterprise risk management software company in my personal life? Had I done put a personal business c

I am a big believer in the categorisation of risk events and while this may not be popular among many of the non-banking members of the risk community, even more so with ISO 31000 practitioners, I still believe it is an important exercise to carryout.

Either way; I have taken to list ten reasons why causal event categorisation is crucial for the operation of a sound enterprise risk management framework.

The top ten can be found at this LINK

In my last blog and On-Demand Webinar “Presenting Risk Management to the Board,” I was asked for help identifying government regulations that hold Boards responsible for Enterprise Risk Management (ERM) compliance.

Definition: First some background, the SEC Proxy Disclosure Enhancements rule defines ERM compliance as extending the board's role in risk oversight to the threshold of material impact of the risk regardless of the level. Boards of Directors were previously only responsible for CEO- le

The first shoe to drop was government regulations holding the Board of Directors personally responsible for the effectiveness of enterprise risk management programs at their organizations. Boards are given a choice between proving their risk management programs are effective or disclosing their ineffectiveness in risk management to the public. If they do neither, it is considered fraud, as not knowing about a risk is no longer a defense.

What does enterprise risk management effectiveness mean? No

The National Credit Union Administration (NCUA) by mandate has added Enterprise Risk Management (ERM) and Sarbanes-Oxley (SOX) like financial reporting attestation compliance to the list of required activities for credit unions. Why has the NCUA put SOX, or financial reporting attestation, and ERM in the same ruling?

The NCUA has recognized that all regulatory compliance guidelines have required a risk assessment component, so it is only natural to require an Enterprise Risk Management (ERM) prog

Looking back over my most popular blogs, there was a lot of interest in "5 Steps for Better Risk Assessments" back in March this year. Due to this interest I have created a complimentary 25 minute on-demand video webinar on this same subject complete with detailed "how to" examples and visuals that are not possible in a blog format.

Click here to watch this On Demand Webinar or read the full invitation below:

On-Demand Complimentary Webinar Invitation:

Risk managers are charged with ensuring transp

Risk Appetite is loosely defined as "the affinity a person has for taking risk when attempting to meet a specific objective".

This concept of risk appetite differs from person to person or business to business and interestingly you will find that a person's risk appetite changes as they age.

In this blog we look at risk appetite; what it is, where it has been used and why it is important.

[ Click here to continue reading ]

Enterprise Risk Management 2012 (NYC, October 17-18, www.erm-usa.com) is North America's premier ERM Congress addressing the critical challenges being faced by FIs, energy utilities and corporations of all sizes.

If you haven't registered your place yet, here are 10 reasons not to miss this years Congress:

1. Understand how CROs from Santander, Credit Suisse and RBS are taking an integrated approach to risk management
2. Hear the Chief Risk Policy Officer at PNC and Deputy Comptroller and Co-Chair of the

Should we retrofit ISO 31000 to become the umbrella for enterprise risk management?

ISO 31000 has two key issues for integration in the enterprise. The first is an accidental creation of conflict from the ISO standards board, the other is a missed oversight on what is happening on the ground.  

In this blog we take a look at both of these problems [ Click link to continue reading ]

Risk management solutions are not a separate module or product. Instead, they compose an approach that adds value to both top-down and bottom-up activities within the organization.

Risk management is in everyone's job description and ERM is all about how to identify the aspect of risk management in every role and connect the dots automatically using the “Six Degrees of Separation Theory” that I discussed in my last blog to get right to the people who know the risk and are responsible for the risk

Effective governance requires changes in the way risks are managed across "stove-pipes" or "business silos". More often than not, when loss events occur it becomes clear after the fact that different silos were holding onto different pieces of the risk puzzle but no one could put the pieces together. So the problem is how to identify risk? 

Many risk managers are so bogged down by loss event capture and incident management, that being able to focus on preventing loss events and identifying emergi

The problems with risk models, a Bank of England speech on why financial models are broken and the general evolution of risk management.

Over the last few months, risk models have come under the spotlight as a potential reason why risk management, as an entire institutional function, is failing.

A recent debate on the ISO 31000 Linked in forum about time and risk poses the following question "Is delaying a risk considered a separate treatment method or is it just a sub-type of changing the likelihood?"

A presentation on ISO 31000 for banks.

A presentation that looks at ISO 31000 in the banking domain. Why ISO 31000 is compatible with Basel, why ISO 31000 can value-add a Basel risk framework.

The presentation attached to this [ link ] will be delivered at the ISO 31000 conference in Paris on 21st and 22nd of May 2012.

Project change management involves new IT systems, new products, and new markets, or reacting to a change in the business environment, such as regulatory or competitive actions. Project risk management is about identifying new risks or changes in the threat level of existing business processes. The challenge for project managers is how to get teams, functional areas, business processes, systems, and vendors aligned to new goals; moreover, how to get the needed transparency into the activities th

Your current business applications are costing you time, money and resources, not to mention the negative impact to your productivity. You've heard about tens of thousands of companies like yours flocking to cloud computing and gaining flexibility, productivity, efficiency, accessibility and cost-savings. But how do you avoid costly mistakes? In the white paper "Evaluating and Contracting for Cloud Financials", you'll find practical advice and tips to ensure the choice you make is right for your

Risk and Issue are two words that are often confused when it comes to their usage. Actually there is some difference between them. The word ‘risk’ is used in the sense of ‘chance’. On the other hand, the word ‘issue’ is used in the sense of ‘matter’.

Uh-Oh!  This is a show-stopper.  We can’t complete the project on time because the server needed won’t be available for another month! What can we do now?

This is not a new problem for Project Managers to have encountered. Is this a risk or an issue? 

This is a copy of the latest CompliSpace blog orginally published at http://http://complispace.wordpress.com/2012/04/04/10-reasons-why-your-enterprise-risk-management-program-wont-work/.  Would love to get your feedback.

In our last blog post we boldly asserted “If You’re Not Practicing Enterprise Risk Management You Should Be”.

So it was with great interest that we came across an article in Risk Management Magazine titled “Is ERM Failing?” which basically summarised the finding of a 2012 PwC repo