Risk

There have been more than a few lessons to learn from this year's World Cup. For the risk management professional, consider this: if your risk scoring system is as complex as FIFA's process for determining world rankings, you might be in trouble. More complicated systems don't necessarily garner more accurate results. In fact, often the opposite is true.

Many organizations aren't taking data security seriously, despite the fact that hackers continue to breach relatively secure systems at large corporations, subjecting those companies to reputational harm and loss of consumer trust. Some have recovered just fine, but smaller businesses don't bounce back as quickly. The fact is, a breach will happen to your company, too, sooner or later.

A select few states are leading the way in pushing manufacturers to disclose their use of toxic chemicals in consumer products, but the movement is on the rise throughout the country. Of course, consumers stand to gain the greatest benefit from stricter regulations, but manufacturers could be in for a world of hurt from a risk perspective.

It's been made clear that violations of the FCPA can do an organization significant reputational harm and result in some very steep fines. To minimize the damage an employee or agent does to your company when engaging in corrupt behavior, you must have excellent controls in place. Even if the infraction is egregious, the fallout can be minimal.

Organizations that have a fairly firm grasp of risk management tend to do fairly well in what James Bone calls the first and second dimensions of risk. It's common, however, for firms to fall short in the third dimension. So what is this third dimension of risk, and how can risk professionals guide their firms into more robust risk management...

Those with less adventurous palates can relate: some of us aren't big on trying new things. But when it comes to risk assessments, sometimes taking a new approach can do you good. Tom Fox shares a novel strategy, the desktop risk assessment, which is a more focused, yet limited take on the more common exhaustive assessment.

The on-boarding process for new third parties represents both the biggest opportunity for risk and the greatest opportunity for improving due diligence. Corrupt agents will make whatever agreements it takes to win business, regardless of their true intentions. Just as troubling is the web of lies these organizations can weave. We've got to beware!

Jim DeLoach makes quite the strong argument for the necessity of C-Suite involvement in enterprise risk management. In fact, he argues, executive leadership must not be merely participants in, but owners of the ERM process. Executive management's active participation keeps the focus at a strategic level, ensuring that all potential risks are accounted for.

Good, bad or ugly, all things must come to an end. Third-party relationships are no exception. Fortunately, companies can prepare for these ends, whether the relationship has simply run its course or there's been a breach of contract. Planning for the end is essential if you want to ensure a smooth transition. Here are five simple steps for making that...

A host of corporations are in the process of Implementing the new COSO Framework or are gearing up for the transition, and they'll have to establish the scope of objectives in which to apply the Framework. Candela Solutions' Ron Kral offers 10 key questions companies should be asking themselves to ensure their internal controls are up to snuff.

The need for corporate integrity agreements among health care professionals is broad-ranging, touching activities pertaining to publication, research, and consulting, but - strangely - they have rarely extended to speaker programs. And yet, speaker programs are high risk for abusive practices. Needs assessments should be common practice to manage these risks.

History might be told a bit differently if risk conduct analyses were common practice. These days, there's as much need as ever to address conduct risk, setting policies, incentive structures and enforcement practices in our organizations that reward good conduct and penalize acting contrary to the companies' values and regulatory standards.