Risk Management News & Articles

A recent thought paper on risk appetite by COSO prompts guest writer Norman Marks to explore the place risk appetite and its management have in the day-to-day strategic plans of organizations.

When following ads about new drugs, the list of possible side effects often sounds more ominous than the actual condition. One is left wondering if curing the problem is really worth the risks associated with the treatment?

Those evaluating the nascent field of mobile health (mHealth) may be having similar thoughts.

The story of one business’s unexpected transition to an enterprise document management system

You wouldn’t feel too lucky if your business was hit by a hurricane. Particularly if all of your paperwork -- invoices, P.O.s, personnel records, receipts, everything -- was all just paper, subjected to the worst flooding in 83 years. But that was the unfortunate plight of one particular US$ 16 million transportation dealer this summer in the wake of Hurricane Irene.

The ASX Corporate Governance Council, chaired by the Australian Securities Exchange (ASX), has released a second edition of Corporate Governance Principles and Recommendations (see here for the ASX announcement and related resources, or here if you want to go directly to the document).

Whether you are in Australia or not, this document includes materials useful to anybody seeking to understand or improve corporate governance principles and best practices.

The UK’s Financial Services Authority (FSA) has published its report on the causes of the failure of the Royal Bank of Scotland (RBS). RBS was a massive bank and its failure was significant to the UK and global economy.

The report spends most of its time explaining that the bank failed due to poor decisions and poor oversight by the regulators. It also has an interesting section explaining why nobody has yet been criminally prosecuted.

I want to draw your attention to the sections I consider relevant and important to governance, risk and audit professionals.

The marriage of mobile devices to the workforce has been more of a shotgun wedding than a cautiously choreographed courtship. In fact, according to a recent study conducted for Unisys by International Data Corp, the rapidly growing use of smartphones and tablets within the enterprise has overwhelmed IT and security managers, as they struggle to support these consumer technologies and mitigate risk. While CIO’s recognize that the majority of employees consider mobile devices to be their most critical tools for doing work, 83 percent of IT respondents cited “security concerns” as the greatest barrier preventing them from comfortably embracing this trend.

Today, I want to share a treasure trove of information and perspectives on mobile security from SC Magazine.

The only way risk management has value is if it affects the way you do business. It must influence decisions and actions; otherwise, it is no more than decoration. Risk management should not be a “check-the-box” activity. Used well, it can help an organization achieve and sustain optimal long-term performance.

Every time an employee innocently sends a forgotten password to a co-worker over the system, every time an HR staffer forwards a resume to a hiring manager, every time a website content writer posts a new blog entry with an old brand mark -- there’s a question of violation of GRC rules.

Despite the apparent sampling bias in this Accenture study, the study’s shocking results -- some of which I highlight in this article -- still reveal interesting and important insights into how risk management philosophy and practices may have shifted and progressed since Accenture’s last study in 2009.

Who knew that GRC could be explained using three brilliant, but competing, musicians…and Jimmy Carter?

Today's organizations face constant demands from an evolving global economy and increased regulations. To help deal with these demands, a new role has evolved: the CECO -- Chief Ethics and Compliance Officer. Here's a look at its evolution.

An article that caught my eye last week was a piece by Ron Ashkenas in the Huffington Post Business section: Every Manager is a Risk Manager. Now, Ron does not have a background as a practicing risk officer, so his knowledge and understanding of risk management is not perfect; but he makes an interesting point. Most of the time, the (as he puts it) “official risk management function usually only addresses the most critical [risks].” But managers are facing and managing risks in the ordinary course of their business, on a daily basis.

Is your ECM ready to move to the cloud? Is collaboration the end of process? Is your Web project going well? These are just a few of the questions our experts answered in this week's roll-up.

We continued down Information Management road this week with expert tips on content analytics and building strategic intranets.