The on-boarding process for new third parties represents both the biggest opportunity for risk and the greatest opportunity for improving due diligence. Corrupt agents will make whatever agreements it takes to win business, regardless of their true intentions. Just as troubling is the web of lies these organizations can weave. We've got to beware!
Jim DeLoach makes quite the strong argument for the necessity of C-Suite involvement in enterprise risk management. In fact, he argues, executive leadership must not be merely participants in, but owners of the ERM process. Executive management's active participation keeps the focus at a strategic level, ensuring that all potential risks are accounted for.
Good, bad or ugly, all things must come to an end. Third-party relationships are no exception. Fortunately, companies can prepare for these ends, whether the relationship has simply run its course or there's been a breach of contract. Planning for the end is essential if you want to ensure a smooth transition. Here are five simple steps for making that...
A host of corporations are in the process of Implementing the new COSO Framework or are gearing up for the transition, and they'll have to establish the scope of objectives in which to apply the Framework. Candela Solutions' Ron Kral offers 10 key questions companies should be asking themselves to ensure their internal controls are up to snuff.
The need for corporate integrity agreements among health care professionals is broad-ranging, touching activities pertaining to publication, research, and consulting, but - strangely - they have rarely extended to speaker programs. And yet, speaker programs are high risk for abusive practices. Needs assessments should be common practice to manage these risks.
History might be told a bit differently if risk conduct analyses were common practice. These days, there's as much need as ever to address conduct risk, setting policies, incentive structures and enforcement practices in our organizations that reward good conduct and penalize acting contrary to the companies' values and regulatory standards.
Boards of Directors have traditionally been held liable for overseeing risk management and mitigation, but given the speed at which crisis and scandal travels these days, it makes sense for Boards to play an even more active role, from determining risk tolerance to keeping an eye on known risks and implementing risk mitigation plans.
Recent legislation has had a significant impact on the trade of conflict minerals, including "blood diamonds," out of areas ravaged by war and run by warlords. The deadline for reporting supply chain partners, per Dodd-Frank, has come and gone, and companies have found it difficult to say with certainty whether their materials are truly conflict-free. A QMS can be hugely...
Smaller companies often don't need the exhaustive risk assessment programs the huge corporations require. For many organizations, in fact, something much simpler fits the bill. Jeff Kaplan of Kaplan & Walker outlines an eight-step process ideal for small to mid-size companies. Simple, but not too simple.
A host of factors need to be taken into consideration in the selection of a new Chief Risk Officer. Where his or her experience and expertise lies is certainly top of mind, but more qualitative aspects of the candidates' skill set and capabilities carry weight, as well. How are the prospective hire's critical thinking skills, for instance? Is he personable?...
There’s something to be said for correcting issues of corruption, but in some cases the problem is beyond fixing. Corruption in some industries and countries is so pervasive that your organization's best chances of avoiding significant reputational harm and sizeable penalties for regulatory violations lie in simply getting out.
The catastrophic Heartbleed bug, disclosed in early April, impacted hundreds of thousands of popular websites. It is considered one of the most significant, far-reaching vulnerabilities in the history of the Internet, made all the more unsettling because it’s entirely undetectable. Here’s what you can do to protect yourself and your company.