IDORP

Well, here’s a stroke of luck: a compliance officer I know in the tech sector happened to begin a project at the start of this year — developing an infectious disease response program for his firm. Maybe this CCO had a premonition of the future; maybe he had an inkling that Covid-19 would become a…

Read More
pandemic

Companies everywhere are racing to retool their risk management operations to address Covid-19, and I’ve been on a quest to find as much guidance as possible to pass along to everyone else. The GRC software firm Galvanize (formerly known as ACL) just hosted an emergency webinar to talk about how it’s trying to cope —…

Read More
IDORP

Another day, another gumdrop of guidance from financial regulators that’s worth reading for the whole compliance community. This time it’s FINRA, which published a bulletin Monday reminding broker-dealer firms about how to manage pandemic risk. FINRA has Rule 4370 for broker-dealers, which requires them to draft and maintain a business continuity plan. That rule doesn’t…

Read More

Protiviti has just released its annual survey of enterprise risks that worry corporate leaders. Economic conditions and regulatory change topped the list, and apparently CFOs, chief risk officers, and internal auditors see bigger risks afoot this year than CEOs and board directors do. The survey, Executive Perspectives on Top Risks 2020, comes out every year…

Read More
pandemic

Well this is convenient: one week after we had a post exploring the intersection of operational resiliency and compliance, two examples of the issue ripped from the headlines show just how much this obscure idea has real impact on compliance professionals’ lives. First, one of the Federal Reserve’s top regulators said last week that the…

Read More
career

Last week I had a chat with a mid-career corporate audit professional. She was a terrific person — good experience, thoughtful professional, well-spoken — but also out of a job, and somewhat out of sorts.  We’ll call my friend Jane. She had been working at a tech company that had raised an impressive amount of…

Read More
pandemic

“Operational resiliency” is one of those phrases in corporate compliance and risk  management that, let’s be honest, sounds boring as hell when you first hear it.  Like so much else in this field, however, it’s not boring once you consider what operational resiliency actually means — which is exactly what several dozen compliance professionals did…

Read More
lessons

America recently had yet another tragedy of a police officer shooting someone in her own home by mistake, in an incident fraught with questions about racism and overzealous policing. Compliance officers should study this case because it offers some important lessons about risk management. You might already know the story by now. Atatiana Jefferson, a…

Read More
pandemic

The Institute of Internal Auditors just dropped an unsettling new report on the state of risk management. Namely, corporate board directors believe their organizations are better at managing key risks than corporate executives do — and an uncomfortably high number of executives and directors say that misalignment is OK.  The report, OnRisk 2020: A Guide…

Read More
mylan

Compliance officers often worry about the threat of siloed risk management, where one part of the enterprise is addressing a risk without keeping other parts fully informed. The Securities and Exchange Commission recently served up a good example of how that threat comes to pass, in the case of Mylan and its improper charges for…

Read More