Risk

The deadline for implementation of the 2013 COSO Framework is just around the corner. Tim O'Hara offers us a look into what's remained the same from the 1992 framework and what's changed. Auditors will be taking a closer look at operations where the 2013 iteration parts ways from the 1992 version. Where does your organization stand? Is your company ready?

There have been more than a few lessons to learn from this year's World Cup. For the risk management professional, consider this: if your risk scoring system is as complex as FIFA's process for determining world rankings, you might be in trouble. More complicated systems don't necessarily garner more accurate results. In fact, often the opposite is true.

Solid compliance programs are built on solid risk assessments, so the importance of a thorough risk assessment can't be underestimated. Jeff Kaplan has provided us with a wealth of information over the years in this vein, and today he's covering some of the questions he hears the most from compliance and ethics practitioners. Check in for some expert guidance.

It's been made clear that violations of the FCPA can do an organization significant reputational harm and result in some very steep fines. To minimize the damage an employee or agent does to your company when engaging in corrupt behavior, you must have excellent controls in place. Even if the infraction is egregious, the fallout can be minimal.

Organizations that have a fairly firm grasp of risk management tend to do fairly well in what James Bone calls the first and second dimensions of risk. It's common, however, for firms to fall short in the third dimension. So what is this third dimension of risk, and how can risk professionals guide their firms into more robust risk management...

Those with less adventurous palates can relate: some of us aren't big on trying new things. But when it comes to risk assessments, sometimes taking a new approach can do you good. Tom Fox shares a novel strategy, the desktop risk assessment, which is a more focused, yet limited take on the more common exhaustive assessment.

The on-boarding process for new third parties represents both the biggest opportunity for risk and the greatest opportunity for improving due diligence. Corrupt agents will make whatever agreements it takes to win business, regardless of their true intentions. Just as troubling is the web of lies these organizations can weave. We've got to beware!

Jim DeLoach makes quite the strong argument for the necessity of C-Suite involvement in enterprise risk management. In fact, he argues, executive leadership must not be merely participants in, but owners of the ERM process. Executive management's active participation keeps the focus at a strategic level, ensuring that all potential risks are accounted for.

A host of corporations are in the process of Implementing the new COSO Framework or are gearing up for the transition, and they'll have to establish the scope of objectives in which to apply the Framework. Candela Solutions' Ron Kral offers 10 key questions companies should be asking themselves to ensure their internal controls are up to snuff.

The need for corporate integrity agreements among health care professionals is broad-ranging, touching activities pertaining to publication, research, and consulting, but - strangely - they have rarely extended to speaker programs. And yet, speaker programs are high risk for abusive practices. Needs assessments should be common practice to manage these risks.

Boards of Directors have traditionally been held liable for overseeing risk management and mitigation, but given the speed at which crisis and scandal travels these days, it makes sense for Boards to play an even more active role, from determining risk tolerance to keeping an eye on known risks and implementing risk mitigation plans.

Smaller companies often don't need the exhaustive risk assessment programs the huge corporations require. For many organizations, in fact, something much simpler fits the bill. Jeff Kaplan of Kaplan & Walker outlines an eight-step process ideal for small to mid-size companies. Simple, but not too simple.