Blog

I came across a great presentation on Reputation Risk from Martin Davies of Causal Capital. It outlined the many dimensions of this onerous corporate threat. It offered a definition, a list of risk factors, its impact on a company’s financial condition and proposed frameworks to mitigate its effects.

Businesses began with Enterprise Risk Management (ERM) from the dawn of civilization. The first businesses were small and therefore one person knew all their customers, suppliers and processes. They knew all the risks within their business how they were connected to affect their business goals, which made it easy to manage both the upside and downside “impact of uncertainty on objectives”.

However, as the size of organizations grew in the industrial age, everyone became a specialist and groups of

In my last blog and On-Demand Webinar “Presenting Risk Management to the Board,” I was asked for help identifying government regulations that hold Boards responsible for Enterprise Risk Management (ERM) compliance.

Definition: First some background, the SEC Proxy Disclosure Enhancements rule defines ERM compliance as extending the board's role in risk oversight to the threshold of material impact of the risk regardless of the level. Boards of Directors were previously only responsible for CEO- le

The first shoe to drop was government regulations holding the Board of Directors personally responsible for the effectiveness of enterprise risk management programs at their organizations. Boards are given a choice between proving their risk management programs are effective or disclosing their ineffectiveness in risk management to the public. If they do neither, it is considered fraud, as not knowing about a risk is no longer a defense.

What does enterprise risk management effectiveness mean? No

Early in 2012, SAP commissioned an independent study to understand how companies are preventing access risk and fraud.  A vast majority of the 183 research respondents confirmed that managing access risks were "very" or "extremely" important to senior leadership in their organizations. Yet the same group found it challenging to establish and maintain a program for

a free Webinar about an organisation development-  and diagnostic risk approach to implementing ISO 31000 in organisations.

The Webinar involves a brief presentation by Dr. Dean Myburgh, a New Zealand-based Risk Management Consultant with specialist diagnostic expertise; there will also be an opportunity for discussion on this approach that enables consultants and internal risk management facilitators to:

• Facilitate risk identification and discussion at all levels, both multiple self-assessment

First, what is Sarbanes-Oxley (SOX) 404 compliance? It is the legal requirement for public companies that senior management state that their company's financial reporting is accurate. Sounds simple? The expense and the value are all in the execution. How is that done? Simply put, the flow of information from the financial reports themselves is traced and connected to the activities that generate that information and the resources that are depended upon to generate that information. That sounds l

This white paper presents a low risk, high impact approach to gaining control of regulatory compliance. The procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master these activities, operate more efficiently, compete more effectively, and build their brands. Learn how Governance, Risk, and Compliance technologies can help.

Learn more: ===⇒ http://bit.ly/EffectiveGrc

The goal of every ERM program is to assess material risk down to where the risk activity takes place, which typically means extending to front line management, and aggregate this information to an objective, accurate, and holistic picture applicable for each stakeholder, including the board. However without ERM software, risk management programs cannot reach this level.

With the high cost of traditional licensing for ERM/GRC software, combined with the skepticism among senior management on what

This white paper presents a low risk, high impact approach to gaining control of regulatory compliance. The procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master these activities, operate more efficiently, compete more effectively, and build their brands. Learn how Governance, Risk, and Compliance technologies can help.

 ====> http://bit.ly/GRCAutomation

How do you manage the uncertainty of what has not happened yet?

That’s where enterprise risk management software (ERM Software) also known as operational risk management software comes in. It tracks the emerging risks and changes to existing risks across the enterprise and connects these changes to the activities and business metrics that run the business. A change in risk at the business process level, demands a change in the operating procedures to prevent this risk from materializing or seize

“It's not the things you are afraid of that will kill you” - Mark Twain.

I have fielded a number of calls this week from recruiters looking for someone to implement a GRC process for some company. Before I can ask about firm's board governance towards risk management and accountability, the questions turn to SQL, Java and, well you get the idea. If a firm does not set its overall risk tolerance, understand its risk profile and empower managers who take risk to manage the risk, software isn't goin

Governance, Risk and Compliance- Risk Management Focus

It is inevitable for governance, risk and compliance (GRC) to converge. They are all about achieving the objectives of the organisation. For me, the greater debate is what role should an individual take as a leader in the convergence of the GRC space in an organisation?

It was no surprise that the International Federation of Accountants (IFAC) Survey , which assesses the need to align risk management and internal control guidelines internationally, found the need for an alignment is strong and t