Blog

Nobody likes surprises in business. Using a risk-based approach to identify your organization’s likely vulnerabilities is highly recommended and vital to short-term and long-term success. Expanding regulations make compliance increasingly complex and expensive, and increases in deficient internal audit controls have heightened scrutiny of companies by the SEC, PCAOB, and investors.

Business surprises are preventable, but there are several common issues with risk identification that can be impossi

Lack of transparency makes risk, performance and compliance information hard to discover, collect and maintain. Within every organization, governance areas are conducting activities, each based on different assumptions with different standards, all of which contain a risk component.

While these are typically not thought of as risk activities, when the responsibilities of each governance area are compared to a risk based process – identifying & assessing, mitigating, and monitoring – you find that

With the Affordable Care Act (ACA) continuing its implementation this week with the start of the open enrollment period, there has never been a more critical time for Healthcare Institutions to have a firm handle on their risk environment and the implications of those risks.

Since its enactment in 2010, the ACA has fundamentally shifted how many hospitals must conduct day-to-day operations. For example, hospitals must now shift their patient records systems to electronic medical records, which in

A study published last week sponsored by Tripwire and conducted by the Ponemon Institute found that while over 80% of security and risk professionals consider their organization's commitment to risk-based security management significant, less than 30% had a formal risk management strategy in place.

Why does such a large gap continue to exist, even as the evidence piles up that organizations with a mature risk framework are better performing and more prepared for an uncertain future?

One hurdle tha

Most agree that working from the top down, meaning to first identify corporate objectives, then focus on the details of how to achieve them is what most managers wish they could be doing more of. However, the reality is most managers are so busy with day-to-day activities that little time is left over to work on the big picture. Everyone agrees the role of ERM is for risk management to be involved in the “key business decisions,” however, some misinterpret this as interviewing only the senior ex

An organization-wide risk appetite can be a powerful statement that gives your risk or compliance program direction.  However, like any policy, risk appetite without accompanying action is nothing more than an idea.

So how do you give your risk appetite teeth?  How do you make it an actionable guide for your organization?

Here are five recommendations to put your risk appetite into practice.

1. Translate risk appetite to the process level.

Every day your front-line managers are making operational de