Risk

Risk management has undergone a sea change over the past few decades, yet risk management practices have evolved very little. scarcely evolved to keep pace. Though organizations enjoy robust technological capabilities, they grow more fragile and vulnerable to massive systemic risks all the time. A risk program centered on human behavior and decision-making.

Professionals in the risk management field have shifted gradually away from a siloed approach to a more integrated approach. As most of us know, however, the switch is not easy; it can be overwhelming to keep on top of the full range of enterprise risks. John Verver posits that technology is the critical enabler here. Without it, getting a big...

4 Key Components The number of distinct assurance functions has nearly doubled over the last 10 years, but only 10 percent of assurance leaders believe that their company's risk management functions are currently integrated. Unfortunately, despite investments in these functions, the lack of integration leaves general counsel and compliance officers feeling no more confident in managing risks today than they...

Following last year’s Principles for Improving Board Risk Reporting comes an updated list. This expanded set of principles comes from Protiviti’s Jim DeLoach and Rick Steinberg, CEO of Steinberg Governance Advisors. While the original six principles focused primarily on what corporate boards should be looking for, the additional four address communications around risk matters.

The single biggest differentiator of profitable growth companies is their ability to allocate capital to bigger, riskier growth bets. Rather than inhibit growth, risk is uniquely positioned to enable it. In the quest for new growth, the risk, corporate strategy and finance functions have a unique opportunity to collaborate in order to establish and align around the risk required to...

On paper, risks may seem one-dimensional, but they can be far more complex in reality. A one-dimensional approach to three-dimensional risks won’t suffice. Especially at a time when risk management is undergoing a global transformation, organizations must ensure ERM is creating value for the organization.

The purpose of risk management isn’t solely to avoid and mitigate risks – it’s a key part, yes, but most risk professionals overlook the also critical bit about improving business processes and decisions. Here are three common traps risk managers and consultants fall into.

Navigating the COSO internal control cube is no easy task; there are more than 1,000 combinations to consider between the 17 Principles and the related Points of Focus as put forward in 2013. Here are some practical starting points and guidance for assessing risks and addressing them before signing off to the public.

Audit experts from CEB present the findings of the company’s annual Audit Plan Hot Spots report, which is based on interviews and surveys with more than 150 Chief Audit Executives. This article outlines the major risks CAEs plan to track closely this year – both expected risks and new and surprising themes.

The Fourth-Party Challenge The identification and monitoring of fourth-party vendors has become an increasingly important piece of the vendor management puzzle, especially with the announcement of SSAE 18, which takes effect in just a few months.  SSAE 18 requires the monitoring of your third-parties’ subcontractors – your fourth parties – which can be difficult to trace. By now you are...

Alex Sidorenko from RISK-ACADEMY shares his experience in running online and offline risk management business games to facilitate risk culture development. Running simple, yet highly interactive risk management games is the best way to teach risk management in the organization. It works equally well for students.

There are significant limitations intrinsic to the traditional approach to risk assessment, which is why a more robust assessment is preferable. Certain categories of risk (strategic, operational, finance, and compliance, for instance) have unique characteristics that cannot be adequately accounted for in a basic assessment.