Risk

There are lessons to be learned from recent cases to guide how companies approach the idea of commissioning outside reports and internal investigations to address potential crisis situations...

for some companies, the new guidance — and the linkages to an existing strategic planning process it requires — can substantially change how they manage their business, create operational efficiencies and even boost profitability.

Many efforts to implement ERM are unfocused, severely resourced constrained, and pushed down so far into the organization that it is difficult to establish relevance. The near-term results are “starts and stops” and ceaseless discussions to understand the objective.

Rather than segregating risk management responsibilities into their own silo, making them the purview of only a select few, companies would benefit greatly from an integrated approach in which every person in the organization is responsible to some extent in managing risk. Jim DeLoach presents a method involving five distinct lines of defense. Read on for details.

Risk management cannot possibly go well when the parties involved aren't speaking the same (risk) language. Minimize misunderstandings by making sure that everyone involved is operating from the same framework when it comes to uncertainty in environment, process and information for decision making. Jim DeLoach breaks down for us exactly what that means.

Companies doing business internationally face a great deal of risks and challenges. This article explores the necessity of accounting for employees' health and safety while they travel abroad. Having international insurance coverage may not be enough. Here, Mike Kelly addresses ways to reduce travel risk and ensure your staff are protected both stateside and overseas.

There are a myriad of risks to take into account when doing business abroad. Multinationals necessarily face a broader range of risks than smaller organizations do, therefore their risk management practices must be more robust. They must continually assess political landscapes, trends in similar countries and exposure to confiscation, among other concerns.

In manufacturing, design issues are expected to some degree, but when it's medical devices being produced as opposed to televisions, for instance, the stakes are much higher when something goes wrong. Naturally, the FDA keeps a close eye on medical device manufacturers, but these organizations can beat them to the punch with a strong CAPA system in place.

Data encryption seems to be top of mind for many corporations, and with good reason: high-profile data breaches prove to do significant damage in the way of reputational harm. Perhaps the answer isn't in better encryption, though, but instead better internal controls to keep users from being compromised and to strengthen reporting mechanisms.

Rogue traders may be uncommon, but the risks they pose are serious. Jim DeLoach writes on the importance of tone at the top (as well as tone in the middle), prescribes potential solutions, and proposes several questions for Boards and senior executives to consider when seeking to reduce the risks of rogue trading.

Just as risks are ever changing, so should our plans for managing them be. Internal audit must do away with tired approaches to risk management and adopt more dynamic practices in order to keep up with industry changes. Otherwise, the audit department may find themselves continually playing catch up when it comes to handling the various challenges that crop up.

The deadline for implementation of the 2013 COSO Framework is just around the corner. Tim O'Hara offers us a look into what's remained the same from the 1992 framework and what's changed. Auditors will be taking a closer look at operations where the 2013 iteration parts ways from the 1992 version. Where does your organization stand? Is your company ready?