Blog

Here's Why Compliance Solutions Are Inadequate for Managing Regulatory Changes

Regulatory compliance is mandatory, but it’s not the end goal; it’s the minimum operating standard. For strong companies, compliance is a mere byproduct of performing well and managing uncertainty. Compliance solutions can also cause difficulties in the face of domestic political risk, which includes significant fluctuations in the regulatory environment.

The biggest differences between regulatory compliance and risk ma

Last year, we blogged about how to develop a successful ERM program. An important goal is fostering a risk-based company culture. This means everyone, not just the appointed risk managers, assimilates risk awareness and works it into their job description. That said, there are many factors that contribute to a healthy, risk-managing culture.

One of those factors is board support. We often stress that “front-line” employees (who oversee everyday activities) are a vital yet often overlooked resour

RCA and Risk

Root cause analysis (RCA) is the process of finding the event or condition that leads straight to an occurrence (another event). It is a systematic procedure used to identify the principal possible cause of risk. In risk-based management, root cause analysis (RCA) is more useful in predicting future events.

RCA is no longer a hindsight technique of investigation but a forward-looking one. It still relies on previous experience, statistics, and more heavily on data correlation. We are

Cyberattack prevention measures will always be necessary. The constant threat of data breaches and other hacks is simply a fact of business. Priority targets are no longer limited to retailers and banks; insurers, hospitals, energy producers, and (most recently) a host of law firms are all at risk.

“Hackers broke into the computer networks at some of the country’s most prestigious law firms,” according to The Wall Street Journal. This doesn’t come as much of a surprise: What do organizations like

Risk Management's 3 Basic Steps

In order to be effective, risk management must involve three phases:

1. Risk identification & assessment
2. Mitigation design & implementation
3. Active monitoring of mitigation activities

If an organization misses any of these steps or does not directly link them to one another, it is not fully managing risk. Here’s what can happen if a step isn’t fully executed:

1. Improper risk identification often results from identifying a risk’s symptom instead of its root cause. When this ha

LogicManager was recognized in a leading industry analyst’s most recent evaluation of the top 14 GRC software vendors. We take pride in the continued refinement of our product offerings and capabilities, as well as customer satisfaction levels unparalleled in the governance, risk, and compliance market.

LogicManager’s business model is designed to remove frustrations common with GRC solutions:

• Software upgrades are included in the subscription. They are also seamlessly integrated so your use of th

Many companies share some problematic habits when it comes to compliance. The worst of them is treating compliance like a checklist. In other words, thinking, “If we meet these specific compliance requirements, our company should run efficiently and securely.” While this is a simplified outlook, the point remains the same. Being compliant guarantees neither efficiency nor security, but failure to meet requirements can have long-lasting negative effects.

At LogicManager, we view compliance as the

Some five to ten years ago, a Project Controls colleague asked an interesting question. It is about the analysis/reports that our PC Group completes periodically. Some of the reports are “as required” but most times on a fixed cycle; e.g. bi-weekly, monthly, quarterly and annually.

He asked us, “What are the attributes of a good variance analysis?”

Reflecting on the questions, all which matter most, came pouring forth. While writing the bulleted central piece of what a good analysis/report is like

What is risk-based management (RBM) to you? Do you have a good understanding of this concept, and how it is applied? Do you think what you have right now is the best? Do you think that RBM is the best and only approach? Do you think it is one of the best? How do you apply it in project management?

RBM is serious approach and a philosophy that considers risks while managing any project endeavor throughout its lifecycle. Management by objectives is still present, but with more focus on risk managem

Developing a schedule needs to be approached with success in mind. Dividing the project or portfolio into smaller manageable pieces called sub-projects is a good principle, a strategy acceptable and recommended in various industries. However, as the number of activity grows in the schedule, completeness, integration, and alignment challenges becomes the next hurdle. Key dates ends up not supporting each other. Probability of one activity finishing on time cancels out by the lower probability of

CMS Wire's Norman Marks recent article, "Why Risk Management Technology Projects Fail," captures a common but limited viewpoint of Risk Management that limits its ability to succeed in any environment, whether supported by software, spreadsheets, or pen & paper.

"To be successful, a risk program has to be designed to enable managers to make intelligent, risk-informed decisions every day. The requirements have to include the perspectives of both the risk officer and of management... You need to en

It is 8:00pm as the last conversation ends between a Director of Audit and Risk in the Energy sector and an Executive Director in the private equity industry. Although they have only just met, they’ve spent the evening with plenty to talk about, particularly surrounding our first Happy Hour Topic, Strategy and Risk.

At 5:00pm we opened the doors of a quaint London bakery and welcomed professionals from all industries to join us to discuss strategy and risk; three hours on our guests have exchange

Andrew Smart, CEO and founder of Manigent, a Strategy and Risk Management consultancy, has recently developed a whitepaper on designing an operational risk appetite statement. This paper outlines a seven step process which enables organisations to deliver an operational risk appetite statement which will meets regulatory obligations while adding real business value. This paper was recently featured in new e-magazine, The Risk Universe, which is a new online publication developed by industry prof