Risk

In manufacturing, design issues are expected to some degree, but when it's medical devices being produced as opposed to televisions, for instance, the stakes are much higher when something goes wrong. Naturally, the FDA keeps a close eye on medical device manufacturers, but these organizations can beat them to the punch with a strong CAPA system in place.

Data encryption seems to be top of mind for many corporations, and with good reason: high-profile data breaches prove to do significant damage in the way of reputational harm. Perhaps the answer isn't in better encryption, though, but instead better internal controls to keep users from being compromised and to strengthen reporting mechanisms.

Rogue traders may be uncommon, but the risks they pose are serious. Jim DeLoach writes on the importance of tone at the top (as well as tone in the middle), prescribes potential solutions, and proposes several questions for Boards and senior executives to consider when seeking to reduce the risks of rogue trading.

Just as risks are ever changing, so should our plans for managing them be. Internal audit must do away with tired approaches to risk management and adopt more dynamic practices in order to keep up with industry changes. Otherwise, the audit department may find themselves continually playing catch up when it comes to handling the various challenges that crop up.

The deadline for implementation of the 2013 COSO Framework is just around the corner. Tim O'Hara offers us a look into what's remained the same from the 1992 framework and what's changed. Auditors will be taking a closer look at operations where the 2013 iteration parts ways from the 1992 version. Where does your organization stand? Is your company ready?

There have been more than a few lessons to learn from this year's World Cup. For the risk management professional, consider this: if your risk scoring system is as complex as FIFA's process for determining world rankings, you might be in trouble. More complicated systems don't necessarily garner more accurate results. In fact, often the opposite is true.

Solid compliance programs are built on solid risk assessments, so the importance of a thorough risk assessment can't be underestimated. Jeff Kaplan has provided us with a wealth of information over the years in this vein, and today he's covering some of the questions he hears the most from compliance and ethics practitioners. Check in for some expert guidance.

It's been made clear that violations of the FCPA can do an organization significant reputational harm and result in some very steep fines. To minimize the damage an employee or agent does to your company when engaging in corrupt behavior, you must have excellent controls in place. Even if the infraction is egregious, the fallout can be minimal.

Organizations that have a fairly firm grasp of risk management tend to do fairly well in what James Bone calls the first and second dimensions of risk. It's common, however, for firms to fall short in the third dimension. So what is this third dimension of risk, and how can risk professionals guide their firms into more robust risk management...

Those with less adventurous palates can relate: some of us aren't big on trying new things. But when it comes to risk assessments, sometimes taking a new approach can do you good. Tom Fox shares a novel strategy, the desktop risk assessment, which is a more focused, yet limited take on the more common exhaustive assessment.

The on-boarding process for new third parties represents both the biggest opportunity for risk and the greatest opportunity for improving due diligence. Corrupt agents will make whatever agreements it takes to win business, regardless of their true intentions. Just as troubling is the web of lies these organizations can weave. We've got to beware!

Jim DeLoach makes quite the strong argument for the necessity of C-Suite involvement in enterprise risk management. In fact, he argues, executive leadership must not be merely participants in, but owners of the ERM process. Executive management's active participation keeps the focus at a strategic level, ensuring that all potential risks are accounted for.