Search results for: third-party risk
More on Managing ‘ChatGPT Risk’
Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…
Read MoreFINRA Talks Cyber Risks
FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues. Like most other financial regulators, FINRA examines the compliance programs of businesses under…
Read MoreFresh Approaches to Cybersecurity Risk
Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…
Read MoreRussia’s Effect on Supply Chains, Compliance Risk
The Ethics & Compliance Initiative hosted its annual conference this week, including a panel discussion about Russia’s war against Ukraine and its long-term implications for corporate ethics and compliance. The speakers spooled out a bundle of useful observations, so let’s take a few minutes to recap those points and ponder them a bit more. The…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read MoreSteel Firm’s Lessons on Sanctions Risk
Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreCitigroup, Part IV: Compliance Risk
We finish our examination of the Citigroup enforcement action with a look at the issue most dear to compliance officers’ hearts: compliance risk, and how Citigroup needs to improve its compliance risk management function to meet regulators’ expectations. First, the backstory. On Oct. 7 the Office of the Comptroller of the Currency levied a $400…
Read MoreWynn, Part II: Third-Party Oversight
Today we revisit Wynn Resorts and the report its compliance monitor released last month. As you might recall, that report is a sweeping review of how Wynn has tried to rectify its operations after a sexual harassment scandal forced the departure of its founder and long-time CEO, Steve Wynn. Last month we took a deep…
Read MoreEight Objectives to Manage Pandemic Risks
Companies everywhere are racing to retool their risk management operations to address Covid-19, and I’ve been on a quest to find as much guidance as possible to pass along to everyone else. The GRC software firm Galvanize (formerly known as ACL) just hosted an emergency webinar to talk about how it’s trying to cope —…
Read More