Search results for: " IT risk "
When Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreCompliance Jobs Report: Dec. 5
The Compliance Jobs Report is back! We’re working through a holiday backlog this week, with news from Walmart, Bristol Myers Squibb, Caltech, Uber, American Express, Fannie Mae, and so many more. Job leads are in payroll, natural gas, and furniture; and Meme of the Week goes out to Joey from ‘Friends!’ We also take any…
Read MoreCall for More Corporate Disclosure on AI
An advisory committee to the Securities and Exchange Commission will meet next week to consider whether publicly traded companies should be required to disclose more about artificial intelligence, such as whether boards have formal oversight of AI and what the company believes its material AI risks are. The proposals come from the SEC Investor Advisory…
Read MoreCompliance Jobs Report: Oct. 24
This week the Compliance Jobs Report has hiring news at Amazon, Philip Morris, Harman International, ICE (no, not that one), Emirates, and more. Indivior has had a changing of the compliance guard, plus other promotions at Bristol Myers Squibb, Comcast, Kohler, Rio Tinto, and elsewhere. Job leads are in medical devices, sporting goods, and cable…
Read MoreAre Boards Getting Cyber Wrong?
A new report finds that most large corporations in the United States assign oversight of cybersecurity risk to the board’s audit committee, which isn’t the craziest governance decision a board can make but does raise questions about whether boards are addressing cybersecurity as wisely as possible. The report comes from MyLogIQ, a software firm that…
Read MoreMortgage Firms Fined on Cybersecurity Fails
State banking regulators have fined three home mortgage businesses and their corporate parent $20 million for a data breach in 2021 that uncovered a raft of poor cybersecurity practices at the firms. The offending companies will now need to implement an extensive remediation plan, and as usual, the rest of us have numerous lessons to…
Read MoreRegulators Tell USAA: Do Better, Faster
Head’s up, compliance and IT executives in the banking sector! We have another bank sanctioned by regulators for taking too long to get its regulatory compliance act together. This time it’s USAA taken to the woodshed, for failing to implement reforms promised in previous consent orders from 2019 and 2022. The Office of the Comptroller…
Read MoreTalking to Leaders About Risk
This week I attended the annual user conference for AuditBoard, maker of software for internal audit and risk management teams. I wandered into one session about how those teams should talk to enterprise leaders about IT risks, and wanted to pass along my notes. After all, IT risks are going nowhere but up these days.…
Read MoreRTX Settles Huge Export Controls Mess
Anyone looking for a complicated case-study in export controls compliance, turn your eyes to RTX Corp. The defense contracting giant just agreed to pay $200 million and overhaul its export compliance function, to settle charges that the company improperly sent classified defense goods to foreign countries and allowed employees to bring along sensitive information while…
Read More