Risk

The type of due diligence a third party requires varies based upon the level of risk associated with each entity: low risk, medium risk or high risk. While some third parties can be vetted with global database checks or open-source investigations (OSI), the only way to confidently investigate high-risk third parties is with thorough vetting through enhanced due diligence.

The CRO of the Future is almost here. James Bone posits that before long, risk management professionals may be replaced by various “risk intelligent systems knowledgeware,” or RISK, able to process volumes of data in an instant, detect threats and respond to them just as quickly. Technology advances at breakneck speed, and so does our dependence on it to manage...

Directors and officers (D&O) liability insurance covers losses due to many types of lawsuits alleging wrongdoing by directors and officers. But what about government investigations, subpoenas, and demand letters? These events can be extremely costly—sometimes more so than actual lawsuits. Companies would do well to keep these events in mind when purchasing D&O insurance.

Although well aware of the threat posed by hackers and organized cybercriminals, an alarming number of Boards are not actively challenging management’s cybersecurity efforts. Often, Board members simply don’t know how to proceed. However, there are concrete actions that Directors can take immediately to carry out their governance duties and improve cybersecurity.

When revenue and results are flowing in, it can be highly tempting not to question the methods used to bring about such success. But as past scandals have illustrated, prizing performance while turning a blind eye to process doesn't work out so well. Be sure you know how and why your stars are doing as well as they are. Ignorance...

Some visions lead to groundbreaking innovation; others end up as no more than dramatic fantasies. And it can be difficult to tell in the beginning whether a new vision will be successful or ruinous. Tunnel vision is often the culprit when visions crash and burn… so how do we detect it while there’s still time to adjust focus and course...

Bad things can and do happen to good companies. It's why third-party due diligence and management is so important. Greg Dickinson, CEO of Hiperos, which specializes in third-party management software solutions, stresses the importance of really (truly) knowing your third parties. NOT knowing what third parties are up to is no kind of protection.

When identifying your organization's strengths, weaknesses, opportunities, and threats, be prepared to ask the heard questions. Once you've got an honest and objective analysis at hand, then comes the hard part: putting your findings into action. Jim DeLoach offers a guide for getting the most out of a SWOT analysis.

Volkswagen, a long-trusted and highly respected brand, will be dealing with the fallout of its emission scandal for quite some time. It's clear to everyone that their massive deception is inexcusable, but we'd do well to remember that the hugest transgressions happen one failure in decision making at a time. Volkswagen's was likely born out of panic.

Managing risk effectively requires first an understanding of the risk that needs managing. It sounds so elementary, but there's often a great deal of uncertainty about what an organization's risks actually look like. It's no wonder why risk management programs fail. Fortunately, there are a host of ERM tools that can help to bridge this gap.

The good folks at On Call International have shared with the CCI community before about "duty of care," a company's responsibility for keeping its employees safe as they travel on business. This piece explores the other side of the issue: the employee's responsibility. Planning and crisis management only go so far if employees are willfully engaging in risky behavior.

When it comes to building enterprise value, the status quo doesn’t even have a place in the conversation. Value creation goes hand-in-hand with risk, but the risk management function doesn't have to stand in the way of innovation. Jim DeLoach suggests there are two ways of thinking about risk management within this context...