Risk

It’s critical that businesses maintain a strong risk management and internal control infrastructure. Adi Agrawal, SVP and Chief Audit Executive at OCC, shares how and why his company uses the “three lines of defense” model. The benefits extend well beyond protecting the company from litigation and reputational harm; in fact, its resiliency is in the best interest of the greater...

Many companies these days are implementing automated due diligence systems, and it’s no wonder why: the government’s expectations in terms of third-party risk management are on the rise. Unresolved red flags will be a problem, as will questionable data. The best way to avoid a DOJ or SEC enforcement action: a robust due diligence program.

Enhancing any key business function is a wise decision, but risk management is particularly critical. Driving continuous improvement there could make your organization more agile and better prepared to manage surprises. And it could position the firm as an industry pacesetter. Jim DeLoach makes a strong case for improving enterprise risk management.

All kinds of businesses and industries are experiencing disruptive change due to innovation. The companies that adapt quickly may become industry leaders, but the “late movers,” those that are slow to respond, may not survive. Jim deLoach outlines the attributes of “early movers” and explains why these firms are best positioned to weather market shifts.

Newspaper headlines blasting the news of major losses for a financial institution due to modeling error have become commonplace. Users must ensure that the models they rely upon are appropriately built and yield useful results, and for more than just regulatory compliance. Good models reduce losses and enhance decision-making.

In today’s risk landscape, corporations must rethink the way they manage cybersecurity and combat cyber threats. James Bone, a leading expert in regulatory compliance risk, expects the Cognitive Risk Framework for Cybersecurity (CRFC) to become part of a broader approach to managing risk – and soon. Here, he details the key components to a CRFC.

Despite the fact that organizations are spending more than ever on cybersecurity, the threats continue to increase. Cyber risk is certainly a multi-faceted concern for corporations, but the lack of real success in preventing cyber hacks may be due to an oversight of organizations’ greatest vulnerability – people. Read on for the skinny on CogSec – cognitive security – solutions.

It’s essential for corporate leaders to instill and maintain a commitment to ethical practices. However difficult it may be to pin a value on business ethics, the connection between culture, reputation and profitability is undeniable. Yes, financial success is important, but not to the exclusion of integrity. Once lost, consumer trust is very hard to gain back.

There are a host of ways enterprise risk management can fall short. Jim DeLoach explores five of the most common failures, along with various indicators that could signal a coming failure. If you see your organization reflected in this article, consider this your wake-up call.

If everyone is responsible for managing risk at your organization, you’re probably in for a bumpy road. Senior leaders have a different perception of what’s most critical than do front-line staff, so their approaches to risk management would naturally be quite different. It’s best to leave the job of risk discovery, assessment and mitigation to the pros.

It’s easy to identify in hindsight where risk management failed, and taking a look at past ERM failures can actually provide great insight into what went wrong and why. Jim DeLoach offers insight into some of the lapses in risk management companies experience most frequently – along with indicators you can be on the lookout for to keep your organization...

Risk and compliance self-assessments aren’t the truest indicators of actual risk exposure. So you could say there’s an inherent risk in performing a risk self-assessment. Not only is there no real science behind them, the outcome of an RCSA is entirely subject to one’s memory. A self-assessment can be a good jumping-off point, but it can’t be your sole method...