Risk

The Bank Secrecy Act and Enhanced Compliance Programs Increased regulatory scrutiny, historically high fines and now-legalized sports betting are leading casinos to focus on improving their Bank Secrecy Act/anti-money laundering (AML) compliance programs. Deloitte’s Matt Lappas and Jeb Breese discuss four key areas casino compliance officers should focus on in the short term to support long-term success. with co-author Jeb...

Key Controls on Web Use to Avoid Regulatory Scrutiny For regulated investment firms, the SEC has prioritized cybersecurity, governance and data loss prevention. While firms cover the gamut in their compliance manuals and policies, their practice reveals alarming gaps when team members access the web. John Klassen of Authentic8 discusses how compliance teams can ensure oversight and control over employees’...

Guidance for Executive Management and the Board Protiviti’s Jim DeLoach discusses strategies to enhance the risk assessment process, from ensuring the proper stakeholders are involved to accounting for disruptive change and moving beyond “enterprise list management.” An effective risk assessment is fundamental to risk management and the board’s risk oversight process. Successful risk assessments help directors and executive management identify...

New Data is Key to Anti-Bribery, Anti-Corruption Efforts TRACE International published an updated Bribery Risk Matrix earlier this month, and the rankings will be hugely informative in corporations’ business dealings across the globe. Clifford Chance’s Wendy Wysong and Nick Turner discuss. with co-author Nick Turner Gut instincts can be good when undertaking an anti-corruption risk assessment on an Asia-Pacific business...

Mitigating a Multitude of Social Media Risks Employees using business-oriented social media sites could be inadvertently exposing the company to a host of risks, whether by disclosing proprietary information, using a photo that captures details potentially helpful to competitors or just communicating an off-brand message. Michael Schmidt and Art Samansky provide suggestions corporations can implement to guard against myriad legal,...

The Real Costs to Companies People get emotional over cyber data breaches, and the media loves to report on the latest hack attack that exposed millions of users’ information. Other than reputational damage (which is quickly forgotten, given the 24/7 news cycle), why should risk managers, executives and business owners care? Because it’s expensive. So expensive that it could hurt...

3 Arguments for Integrating RMIS and GRC Processes Gartner suggests that integrated risk management (IRM) is the next evolution of risk management practices. This piece from Riskonnect’s Dawn Ward explores IRM practices and what they mean specifically for GRC and enterprise risk. As risk controls and appetites evolve, managers continue to work toward improving their risk management programs. They’re becoming...

Stopping Problems Before They Start As third-party IT security/cyber risks become more prevalent, IT security professionals continue to look for more efficient and agile approaches to third-party risk management (TPRM) that can help organizations stay compliant with ever-evolving requirements. One of those requirements is the integration of continuous monitoring into TPRM programs. This article from Charlie Miller shares an optimal process for...

The Underlying Issue with Many GRC Solutions GRC software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance. However, the GRC software that comes with it is often overly complex and seldom deployed, resulting in...

Managing Risk Amid Uncertainty We live in an uncertain world, and it seems to grow more so every day. Jim DeLoach discusses how to handle risks associated with escalating geopolitical tensions and legislative changes, and he poses questions leaders should consider as they look to mitigate risks inherent in the company’s operations. Management’s views and assumptions about the geopolitical and...

12 Steps to Reveal and Reduce Cyber-Breach Risk One hundred percent of businesses are or will be victims of a cybersecurity breach, disruption or attack — either directly or indirectly. No one is immune. That’s why this article is not just for the Fortune 500 CISO or the fortunate few with arms-race-level cybersecurity expertise. It’s for everyone else, too. Charles...

Maturing Risk Management in Light of COSO Updates Recent updates to the COSO framework serve to clarify the significance of the connection between risk, strategy and performance. Protiviti’s Jim DeLoach discusses how organizations can get the most out of their ERM programs and three keys to advancing ERM. In 2017, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission...