erm (173)

8028256900?profile=originalThe blows keep on coming for Wells Fargo. Within a year of their cross-selling scandal, two more scandals have risen to the top of news headlines.

In part one of this series, I set out to make good on a prediction I presented to business journalist L.A. Winokur. I predicted that after the dust settled for the original cross-selling scandal, Wells Fargo would remain vulnerable in other areas of its operations, lest they address the gaps in their risk management program.

In the time it took me to ex

Read more…

8028264866?profile=originalIn a recent interview I had with business journalist L.A. Winokur regarding the Wells Fargo cross-selling scandal, I made a prediction: “Once the dust of this scandal settles, perhaps in two or three years, Wells Fargo will remain vulnerable in other areas of its operations to risk management failures.”

Low and behold, the only part I didn’t get right was the timeline. In less than a year of paying $185 million in penalties, the largest fine ever levied by the CFPB, the bank finds itself in headl

Read more…

The Basics of Cyber Risk Management

New technologies, increasing digitization and globalization are transforming customer behaviors, operations and business models, presenting huge opportunities for business success, at the same time driving up cyber incidents .As organizations embark on their digital transformation journeys, it is imperative that they also assess possible threats presented by these new technologies.

Traditionally, the focus for risk management has exclusively been on protecting value. However, in today’s digital e

Read more…

8028258874?profile=originalAt lunch recently, I opened my fortune cookie and found this message inside: “Any journey must begin with a single step, and you can be the one to take it.” That simple message inspired me to write this blog.

Events taking place after the Trump administration withdrew from the Paris climate agreement have demonstrated there is more than one way to get things done.

A few mayors throughout the country individually decided to take action. Now, the movement has blossomed, and more than 200 mayors, sev

Read more…

Last week, news broke of a global ransomware attack that has struck individuals and companies around the world. In the wake of the attack, which has affected computers in 150 countries, many companies are wondering 1) if they’re going to be hit and 2) what they can do to protect themselves.

The WannaCry ransomware attack still isn’t over, and we’ll see over the coming weeks what the final numbers are. It’s not too late to improve preventative measures for the next wave, which will likely be smart

Read more…

IMPACT 2016 has come and gone, and risk practitioners from across the United States and Europe were thrilled with the results. IMPACT 2016 was differentiated by the passion behind real customer stories, all shared with actionable takeaways. Topics included third-party risk management, performance integration, cybersecurity, and reporting to the board.

LogicManager’s annual ERM community conference was a breeding ground for new ideas and best practices, drawn from a broad range of industries. We’r

Read more…

The words “data breach” are often met by a clamor whenever they make headlines. Home Depot, Target, Ashley Madison, Heartland, Citibank, the list goes on and on. These breaches spent time in the limelight because of their magnitude; they affected hundreds of thousands – in some cases millions – of cardholders.

powerful-ERM-software-500x350.png?width=250But the reality is data breaches are far more common than large headline events like these would have us believe. According to a report published by the Identity Theft Resource Center, ther

Read more…

As a leader of an organization, one of the most important tasks is managing enterprise governance, risk, and compliance (GRC). At its core, a compliance program is a set of internal policies and procedures that are put in place at an organization to ensure compliance with all laws and regulations.

The importance of a robust compliance program is especially true in the wake of increasing regulations such as SOX, PCI, and HIPAA and the rapid transformation that has occurred in technology over the l

Read more…

marcus evans to host Model Risk & ERM for Insurers conference July 2016

 

Join leaders in model risk management, model design, and risk modeling to achieve a concrete model risk framework through optimal validation procedures, reporting, and independent reviews.

 

New York, NY – April 8, 2016 marcus evans will host the Model Risk & ERM for Insurers Conference on July 17-18, 2016 in New York City, New York. Insurance professionals attend this meeting to learn from their experienced peers in how to

Read more…

8028244268?profile=originalCyberattack prevention measures will always be necessary. The constant threat of data breaches and other hacks is simply a fact of business. Priority targets are no longer limited to retailers and banks; insurers, hospitals, energy producers, and (most recently) a host of law firms are all at risk.

“Hackers broke into the computer networks at some of the country’s most prestigious law firms,” according to The Wall Street Journal. This doesn’t come as much of a surprise: What do organizations like

Read more…

Evidence is mounting that it is no longer an option to ignore investments in this important organizational capability. Companies need a rigorous enterprise risk management framework to effectively compete in today's uncertain environment. To help companies understand why they need ERM, here's an excerpt from my take on how enterprise risk management enables the business to move faster and overcome disruption:

The wider adoption of strategic risk management cannot come fast enough to save everyone

Read more…

8028244462?profile=originalBack in 2009, we blogged about the SEC’s decision to require board-level accountability for ERM. This decision was based on the conclusion that inadequate risk management allowed the regulatory failures that ultimately led to the financial crisis. As we wrote in that post, “boards are now required by the SEC to report in depth on how their organizations identify risk, set risk tolerances, and manage risk/reward trade-offs throughout the enterprise.”

That blog detailed an important ruling: it refe

Read more…

9-12-2012.jpg?width=300When it comes to Enterprise Risk Management, there is a lot of jargon floating around, mostly because it’s a unique, rapidly growing industry. Not all of that jargon is necessarily industry-wide; organizations will sometimes use different terms for the same concept.

One example is the phrase risk-informed activities. We haven’t used this exact phrase in the past, but it certainly lines up with our central tenets; risk should be assessed across the enterprise and be a part of everyone’s job descri

Read more…

framework.jpgMany companies share some problematic habits when it comes to compliance. The worst of them is treating compliance like a checklist. In other words, thinking, “If we meet these specific compliance requirements, our company should run efficiently and securely.” While this is a simplified outlook, the point remains the same. Being compliant guarantees neither efficiency nor security, but failure to meet requirements can have long-lasting negative effects.

At LogicManager, we view compliance as the

Read more…

How to Build a Business Case for GRC Software

The role of today’s risk managers is clear: to close the gap between strategic-level initiatives and the operational risks faced at the activity level.

To do this, many organizations are adopting risk-based GRC programs – both at the request of senior management and to meet the expectations of regulators. A large number of these programs rely on spreadsheets and shared drives to manage information collected across departments and levels. But today’s GRC software solutions are proven to unlock val

Read more…

What's Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach.

Traditionally, IT is comprised of a variety of underlying functions. These functions include:

  • IT Asset Management, commonly used to inventory servers, computers, and other technology hardware;
  • IT Risk Management, including vulnerability and threat identification an
Read more…

At LogicManager, we are firm believers that embracing risk management can result in two boons: ease of mind and success. On a related note, we recently came across an article by Carl Richards in The New York Times titled “For True Freedom, Learn to Deal with Uncertainty.

“Right now, I’m working really hard on both having goals and accepting the reality of uncertainty,” Richards says. “In fact, I embrace the uncertainty and say to myself, ‘given that goal, and given the uncertainty, what’s to be

Read more…

In light of recent events, the Environmental Protection Agency is using new monitoring techniques to evaluate the quality of companies’ classifications and reporting of hazardous materials. Ironically, as we all learned recently, even the EPA itself isn’t immune to catastrophic, if preventable, mistakes. New compliance regulations increase the importance of standardized risk identification, mitigation, and monitoring strategies.

Two takeaways from this new development:

  1. A variety of companies, part
Read more…

iStock_000016259437Small-500x332.jpg?width=249Despite the growing necessity of robust risk management software for companies of all sizes, it’s easy to think of risk solutions as akin to insurance, like guardrails that prevent a vehicle from careening off a narrow mountain road; the thought of actually needing them in the event of a failure is too unsettling to dwell on.

That functionality is of course important, but what about day-to-day operations and costs? An efficient risk management process starts with identifying and assessing risks a

Read more…

Radar and Specialty Technical Publishers (STP) Launch Online Risk Management Assessment Program

Announcing ERM BenchMarker™, offering tailored assessment of risk management effectiveness and improvement based on decades of experience in risk management, and organizational competence in managing risk.

Radar, The Risk Management Company providing Consulting, Engineering, Education and Software Services, in partnership with Specialty Technical Publishers, premier North American publisher of audit, co

Read more…

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead