Risk

3 Arguments for Integrating RMIS and GRC Processes Gartner suggests that integrated risk management (IRM) is the next evolution of risk management practices. This piece from Riskonnect’s Dawn Ward explores IRM practices and what they mean specifically for GRC and enterprise risk. As risk controls and appetites evolve, managers continue to work toward improving their risk management programs. They’re becoming...

Stopping Problems Before They Start As third-party IT security/cyber risks become more prevalent, IT security professionals continue to look for more efficient and agile approaches to third-party risk management (TPRM) that can help organizations stay compliant with ever-evolving requirements. One of those requirements is the integration of continuous monitoring into TPRM programs. This article from Charlie Miller shares an optimal process for...

The Underlying Issue with Many GRC Solutions GRC software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance. However, the GRC software that comes with it is often overly complex and seldom deployed, resulting in...

Managing Risk Amid Uncertainty We live in an uncertain world, and it seems to grow more so every day. Jim DeLoach discusses how to handle risks associated with escalating geopolitical tensions and legislative changes, and he poses questions leaders should consider as they look to mitigate risks inherent in the company’s operations. Management’s views and assumptions about the geopolitical and...

12 Steps to Reveal and Reduce Cyber-Breach Risk One hundred percent of businesses are or will be victims of a cybersecurity breach, disruption or attack — either directly or indirectly. No one is immune. That’s why this article is not just for the Fortune 500 CISO or the fortunate few with arms-race-level cybersecurity expertise. It’s for everyone else, too. Charles...

Maturing Risk Management in Light of COSO Updates Recent updates to the COSO framework serve to clarify the significance of the connection between risk, strategy and performance. Protiviti’s Jim DeLoach discusses how organizations can get the most out of their ERM programs and three keys to advancing ERM. In 2017, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission...

Challenges with Insights in Excel Artificial intelligence can be a very good thing, but organizations must not jump in blindly. Incisive CEO Diane Robinette discusses potential risks associated with the new artificial intelligence capabilities in Excel. Artificial Intelligence (AI) is a hot topic. It's the shiny new thing that people can't seem to get enough of. While still in its...

Why Business Continuity Must Be Part of Your Strategy Carrying insurance, having a plan, limiting liability… these are all important steps to minimize risk associated with a disruptive event. But without a dynamic business continuity management program, brand equity could suffer significantly. David Nolan, CEO and founder of Fusion Risk Management, rebuts seven common misconceptions about business continuity. Imagine a...

Implementing Protections Against Cyberattacks Many recent cyberattacks have come through exposures in third-party systems. There is an evident need to monitor the cybersecurity of third parties, and this puts the spotlight on cyber supply chain risk management (C-SCRM). Experts from Kroll outline what companies can do to protect their systems and sensitive company information. with co-authors Brian Lapidus and Keith Wojcieszek ...

6 Recommendations to Maintain Effective Risk Oversight As the financial crisis thoroughly demonstrated, an acute focus on short-term gains can be disastrous when risk proper oversight isn’t there. Protiviti’s Jim DeLoach provides six key considerations your organization can bear in mind in moving beyond myopic "short-termism" to a more broadly encompassing risk management strategy that includes longer-term interests. While short-termism...

Thoughts on Increasing Cyber Resiliency Companies’ adoption of new technologies is outpacing their ability to protect against evolving cybersecurity threats. It used to be said that it’s not a question of IF an organization will be breached, but WHEN. Jim DeLoach suggests that companies either know they’ve been breached or they’ve been breached and don’t know it. How then, do...

The Key to Increasing Decision-Making Influence In this complex risk environment where senior executives are expected to make fast decisions, they need the most actionable information in a timely manner. However, most leadership teams feel the risk information they receive isn’t actionable from a business strategy or operations perspective. In this article, Gartner’s Matt Shinkman and Chris Matlock detail how...