Risk

The purpose of risk management isn’t solely to avoid and mitigate risks – it’s a key part, yes, but most risk professionals overlook the also critical bit about improving business processes and decisions. Here are three common traps risk managers and consultants fall into.

Navigating the COSO internal control cube is no easy task; there are more than 1,000 combinations to consider between the 17 Principles and the related Points of Focus as put forward in 2013. Here are some practical starting points and guidance for assessing risks and addressing them before signing off to the public.

Audit experts from CEB present the findings of the company’s annual Audit Plan Hot Spots report, which is based on interviews and surveys with more than 150 Chief Audit Executives. This article outlines the major risks CAEs plan to track closely this year – both expected risks and new and surprising themes.

The Fourth-Party Challenge The identification and monitoring of fourth-party vendors has become an increasingly important piece of the vendor management puzzle, especially with the announcement of SSAE 18, which takes effect in just a few months.  SSAE 18 requires the monitoring of your third-parties’ subcontractors – your fourth parties – which can be difficult to trace. By now you are...

Alex Sidorenko from RISK-ACADEMY shares his experience in running online and offline risk management business games to facilitate risk culture development. Running simple, yet highly interactive risk management games is the best way to teach risk management in the organization. It works equally well for students.

There are significant limitations intrinsic to the traditional approach to risk assessment, which is why a more robust assessment is preferable. Certain categories of risk (strategic, operational, finance, and compliance, for instance) have unique characteristics that cannot be adequately accounted for in a basic assessment.

It’s easy to identify in hindsight where risk management failed, and taking a look at past ERM failures can actually provide great insight into what went wrong and why. Jim DeLoach offers insight into some of the lapses in risk management companies experience most frequently – along with indicators you can be on the lookout for to keep your organization...

Organizations seeking to improve the risk management function must consider the maturity of its ERM infrastructure. Jim DeLoach writes that there are five levels of maturity – and there’s an ocean of distance between an ERM program in its infancy and one that’s operating at the highest level of capability. Where does your organization fall along the spectrum?

We’ve seen many corporate scandals this year, and time and again, misconduct is trickling down from the top of the org chart. Risks can come in many forms, but when the chief culprit is in the C-Suite, the organization can be in real trouble. Michael Volkov explains why Chief Compliance Officers should pay special attention to executives and the board.

Authors Andrea-Bonime-Blanc, JD/PhD and Leonard J. Ponzi, PhD Offer Dual Approach to Understanding Reputation Risk Major surveys in recent years have found that executives and board members ranked reputation risk not only as a top concern – but also as a strategic risk that could have significant impact on an organization’s overall wellbeing. In Understanding Reputation Risk: The Qualitative and...

Inappropriate risk management implementation leads to project failure; this article discusses the major reasons and possible solutions associated with those failures. Preventing ERM failures involves adopting an internationally recognized standard such as ISO 31000, which is built on the most relevant best-practice scenarios from organizations worldwide and is general enough to reduce or eliminate bias.

How to Protect Your Employees The tragic terrorist attacks in Brussels and Istanbul earlier this year have raised many questions and concerns from organizations with traveling employees. Employers must be prepared for the worst and know how to keep staff safe in the event of an airport crisis. Jim Hutton provides guidance, including best practices for situational awareness, proactive crisis...