Risk

Despite the fact that organizations are spending more than ever on cybersecurity, the threats continue to increase. Cyber risk is certainly a multi-faceted concern for corporations, but the lack of real success in preventing cyber hacks may be due to an oversight of organizations’ greatest vulnerability – people. Read on for the skinny on CogSec – cognitive security – solutions.

It’s essential for corporate leaders to instill and maintain a commitment to ethical practices. However difficult it may be to pin a value on business ethics, the connection between culture, reputation and profitability is undeniable. Yes, financial success is important, but not to the exclusion of integrity. Once lost, consumer trust is very hard to gain back.

There are a host of ways enterprise risk management can fall short. Jim DeLoach explores five of the most common failures, along with various indicators that could signal a coming failure. If you see your organization reflected in this article, consider this your wake-up call.

If everyone is responsible for managing risk at your organization, you’re probably in for a bumpy road. Senior leaders have a different perception of what’s most critical than do front-line staff, so their approaches to risk management would naturally be quite different. It’s best to leave the job of risk discovery, assessment and mitigation to the pros.

It’s easy to identify in hindsight where risk management failed, and taking a look at past ERM failures can actually provide great insight into what went wrong and why. Jim DeLoach offers insight into some of the lapses in risk management companies experience most frequently – along with indicators you can be on the lookout for to keep your organization...

Risk and compliance self-assessments aren’t the truest indicators of actual risk exposure. So you could say there’s an inherent risk in performing a risk self-assessment. Not only is there no real science behind them, the outcome of an RCSA is entirely subject to one’s memory. A self-assessment can be a good jumping-off point, but it can’t be your sole method...

Enterprise risk management isn’t meant to be a one-man show. Or a one department show, for that matter. It’s necessary to have the Board’s buy-in and investment. If your firm hasn’t come that far yet, here are a number of simple tips that can help improve your ERM, regardless of where your existing processes stand.

As the use of social media becomes intertwined with daily business activity, a new threat is emerging: hackers are finding new ways of impersonating genuine business contacts, often portraying colleagues via fake profiles in order to gain access to sensitive data that can be used to commit fraud.

A large part of effective enterprise risk management is ensuring your policies don’t incentivize (unacceptably) risky behavior. A balance must be struck between revenue generation and risk oversight, and setting clear accountabilities for risk is integral to achieving that balance.

Improved Board risk oversight may be the most important factor in preventing corporate governance breakdowns. This theory is picking up steam among experts, and the expectation now is that Boards should oversee management’s risk appetite and tolerance and ensure alignment with its own.

There are significant limitations intrinsic to the traditional approach to risk assessment, which is why a more robust assessment is preferable. Certain categories of risk (strategic, operational, finance, and compliance, for instance) have unique characteristics that cannot be adequately accounted for in a basic assessment.

With almost every FCPA enforcement action involving third party misconduct in one form or another, shouldn’t companies devote more resources than ever to due diligence and third-party risk management systems? There’s no magic formula to implementing an effective system. It just takes two things: commitment and common sense. Every company knows how to do it. But not every company commits...