Posts Tagged ‘risk management’

IIA Proposes Three Lines Update

internal audit

Internal audit professionals, fire up your keyboards. The Institute of Internal Auditors is calling for public comment about possible updates to its Three Lines of Defense model of risk assurance. The proposed updates are now available on the IIA’s website. You can download, read, and ponder them at your leisure; and start offering feedback on…

Read More

Another Lesson From Boeing: Silos

silos

Boeing’s missteps with the 737 Max jet offer many powerful lessons for corporate compliance, audit, and risk executives. Our latest lesson comes from an in-depth article in the New York Times, examining the decisions Boeing made about the jet’s design and subsequent pilot training, and the terrible consequences that followed. Every compliance and audit professional…

Read More

Podcast: The Chief Risk Officer Role

risk

We have another Radical Compliance podcast to start the week, this time catching up with those folks at Deloitte who recently published a report urging companies to do a more disciplined job with enterprise risk management. The report, published two weeks ago, surveyed 500 senior executives at large U.S. firms across a range of industries.…

Read More

Survey on Chief Risk Officers

risk

Deloitte has a new study out this week on the importance of corporate risk management systems. It finds that companies spending more on risk management — investing more dollars, embedding risk management principles across the whole enterprise — tend to fare better than their rivals. That’s not news to internal audit executives or directors of…

Read More

Boards Freaking Over Digital Risks

Protiviti has released its annual report on enterprise risks worrying the corporate boardroom, and across all 10 risks likely to occupy your time in 2019, one theme shines through — unease about corporations moving into a digital world. The report surveyed more than 800 senior executives and board directors around the world, across a host…

Read More

Dispatches From Thomson Risk Summit

Thomson

Thomson Reuters held its latest Risk Summit today in New York, and while I didn’t attend in person this year, those who were there did a superb job talking about the event all day on Twitter. So without further day, here are a few of the more interesting and good points raised. (Yes, really. Sometimes…

Read More

Another Strategic Advantage Compliance Brings

Not long ago, a study landed on my desk from North Carolina State University and Protiviti, listing the biggest risks on the minds of boards and senior executives as we enter 2018. Most of the risks weren’t surprising: speed of business disruption, volatility in financial markets, vulnerability to cybersecurity attacks. One risk, however, stood out…

Read More

Compliance Lessons: Credit Suisse vs. Wells Fargo

lessons

One big lesson for compliance and audit executives this year will be the risks that swirl around compensation and incentives. Wells Fargo will be Exhibit A in that discussion, and rightly so. Still, the more I look at the SEC’s enforcement action against Credit Suisse last week, where it fined the bank $90 million for…

Read More

Do We Have a Problem With Compliance Risk Assessments?

risk

This week I dove into PwC’s annual State of Compliance Report, reading the report itself and eavesdropping on a webcast with the PwC compliance gurus who wrote it. The study has plenty of data worth reading, and one conclusion from that data jumped out at me immediately. We have some disconcerting patterns emerging in how…

Read More

More Risks With Decentralized Business: IT Projects, Culture

Last week we had a post about managing third-party risks at decentralized organizations. Today I want to revisit that subject and look at two specific issues that arise from a business structure like that—IT projects, and fostering a strong culture. Let’s begin by repeating the theme of last week’s article: decentralized organizations challenge the notion…

Read More