Blog

Choosing the right areas to audit based on risk, or scoping, is the most important aspect of an audit management program. ERM provides five steps to ensure your audit program is truly risk based. The key to adding value in the internal audit process is to first determine where the biggest contributors are to the business success, also known as a risk based approach. Too often internal audits get scheduled based on a rotational basis, gut feelings or suspicions or orders from management.

1. Scoping b

While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.

Cost & Innovation

SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for sma

http://www.replaybusiness.com/2014/02/cash-shortage-alarm-remedial-actions.html

Supporting Digital Business Transformation Part 1

I have long agreed with those in the investment community that argue analysts drive short-term thinking by managers of many publicly listed companies, which in the end destroys value. While reading this article by McKinsey entitled “Building the healthy corporation” I realised that many organisations are now fighting back.  McKinsey report that a number of firms have brought “Performance and health” into the corporate lexicon.  They explain further with:

“Just as people may seem reasonably well

I represent Occupational Performance Corporation the manufacturer of the Physical Capacity Profile System (PCP).

The PCP System is an Occupational Medicine Strength Testing System for Post Offer Pre-Employment screening.

By mitigating legitimate WC Claims, eliminating fraudulent WC Claims, reducing work place injury & creating an expeditious yet safe RTW Program, our Physical Capacity Profile System has demonstrated not only, saving employers tens, maybe hundreds, of thousands of WC Expenses but a

The move on hosted services like Dropbox storage site raises questions about what cloud users can and should do to keep their information and data secure and compliant.

Cloud security drew attention in 2012 with Dropbox's admission that usernames and passwords stolen from other websites had been used to sign into a small number of its accounts. 

A Dropbox employee had used the same password for all his accounts, including his work account with access to sensitive data . When that password was stol

Forrester recognizes growing interest in consolidated platforms

GRC has been defined up until now as targeting specific requirements of a single department or function — typically IT, compliance, or health and safety.  Since 2005, LogicManager, a leader in ERM platforms, has taken a more holistic, enterprise approach to these functions, and with the Q1 2014 Wave, Forrester has adjusted its lens, consolidating its various GRC submarket reports to reflect a “growing customer interest in consolidate

http://www.project-syndicate.org/commentary/nouriel-roubini-explains-why-many-previously-fast-growing-economies-suddenly-find-themselves-facing-strong-headwinds

“May I have your data?”

”Depends on who’s asking!”

Banks need data from customers to provide them with a differentiated service. They won’t get very far though, until they establish themselves as responsible and trustworthy in customers’ eyes.

While these individuals are willing to share information for a real benefit—providing historical transaction details to an account for financial planning or tax efficiency analysis, for example—they are less likely to provide information when they can’t see a

It is always interesting to me when I read yet another risk survey which identifies “Reputation Risk” as the number one or at least one of the top risks of concern for leading executives.  Reputation is not a risk.  It is an intangible asset and its value to you is enhanced or damaged by something that you or your organisation does or does not do.  Any failure to adequately manage finances, personnel, IT security (and the list is infinite) may result in damage to reputation.

Therefore, what is an

One of our business analysts recently came to me with a particularly troubling conversation he had with a prospective client. The client reported to him that while 6 months ago the appetite for ERM had been strong, the enthusiasm and excitement for the program had since waned and the risk manager was now preparing to take “micro” steps forward over the next several years.

This account is far too common for enterprise risk managers in today's environment. Hired into an energetic and new function,

In December 2013, the New York Jets played the Oakland Raiders at the Met Life stadium in New Jersey in temperatures close to freezing. Those of us at the game dressed for deep winter and watched the fourth quarter in the falling snow. Two weeks later, the Jets played their final home game in the same stadium, in 71 degrees, with the crowd wearing t-shirts and tailgating like it was late summer.

The Super Bowl will kick off at the Met Life stadium on February 2, 2014. This presents a preparation

Do you want to attain Information Security Management and looking for the best documentation kit that can help your organization to achieve ISMS certification without making any hard efforts for the same if your answer is yes then you must adopt ISO 27001 manual right now which is a part of standards of Information Security Management Systems or ISMS. The standard was first came into existence in the year 2005 and from that time, this ISO 27001 manual is being preferred more by business entrepre

[Editor’s Note: Organizations have become myopic with GRC solutions, and they can no longer see the forest through the trees. Our new series, brought to you by the LogicManager Analyst Team, will keep you up to date with real world examples of risk management failures, and how ERM could have prevented them.]

Over 300,000 West Virginians are still waiting to use their tap water for cooking, cleaning, and even bathing after the discovery that a chemical used in coal processing was allowed to leak i

Running a business in the global marketplace has never been as demanding as it is today. The internet exposure has even given entry level businesses a chance to have global visibility in a very short time. This means increased competition along with endless opportunities and markets. Nevertheless, competition and standing out from the crowd requires a business to create its own value and stay away from clutter. This is done by creating recognition through associations and accreditation's like th

The Security and Exchange Commission announced its examination priorities for the New Year, and Enterprise Risk Management heads the list. The priorities, selected by Senior Staff from the National Examination Program, aim to address areas of weakness that threaten fair, orderly, and efficient markets.

On the subject of Enterprise Risk Management, the NEP states that it will continue to meet with boards and high level senior management to discuss the firm’s Enterprise Risk Management process, esp

Data has rarely been so in-demand by banks, especially for building the required credit models to satisfy regulators and internal compliance requirements. But rigorous risk models, as the backbone of an enterprise-wide risk management framework, require lengthy and well-populated sets of data. And it’s a fact of life that, across banks of all sizes – and for many kinds of reasons – data is sometimes incomplete and difficult to compile.

Difficult, yes, but not impossible. Missing data is rarely a

In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted o