A Messy Picture for Risks in 2022

risk

Consulting firm Protiviti recently published its annual survey of enterprise risks worrying corporate leaders for the coming year. As always, the survey is worth a look so you can decipher what might be on the minds of your board and C-suite, and then anticipate the ways they’ll likely exasperate you over the next 12 months.…

Read More

Citigroup, Part II: Better ERM Program

risk

Today we continue our in-depth look at the enforcement action against Citigroup, because the case truly does raise a host of interesting audit and compliance issues. Our prior post looked at Citigroup’s struggles with data governance; now let’s examine how the bank needs to revamp its enterprise risk management. The consent order from the Office…

Read More

Guest Column: COSO at a Tipping Point?

COSO

Nearly 30 years ago as young bank auditor, I learned about a private sector initiative known as “The Committee of Sponsoring Organizations of the Treadway Commission,” or more simply, “COSO.” It was the mid-1980s. The savings & loan crisis was raging. COSO was, and continues to be, a joint effort of five private sector organizations…

Read More

Podcast: New COSO Chairman Sobel

sobel

Internal control and risk management enthusiasts, listen up: we have a new podcast with incoming COSO chairman Paul Sobel, who talked about his desire for COSO to publish more guidance to help companies understand how to put its internal control and risk management frameworks to good, practical use. As always, you can listen to the…

Read More

SEC Looking for Chief Risk Officer

job market

Audit and risk professionals with a yearning for public service at a good salary, you have a new option: the Securities and Exchange Commission is looking for its first-ever chief risk officer. The agency posted the job this week. Salary is $185,000 to $245,000, which is on par with what CROs earn in the private…

Read More

COSO Debuts Final ERM Framework

COSO unveiled its new framework for enterprise risk management this morning, a trimmed down version of the original draft that still places a heavy emphasis on embedding risk management across the whole enterprise and tying it deeply to corporate strategy. The framework is available at www.COSO.org. It’s the result of nearly three years’ work and…

Read More

SEC DERA, We Love You!

SEC DERA

Let’s all be honest: the Securities and Exchange Commission is not known for a sense of humor. This is too bad, because at least some individual SEC employees I’ve met over the years have been quite funny. Their inner comedian yearns to break free in a litigation release or SEC comment letter, only to be…

Read More

More Details on COSO ERM Framework

erm framework

More news on the COSO framework for enterprise risk management: the final framework will consist of 20 principles rather than the originally proposed 23; the “ERM rainbow” graphic will be replaced with a more DNA-like image; and yes, COSO intends to have the complete framework ready for public consumption by sometime in July. That’s the…

Read More

Update to COSO’s ERM Framework Update

erm framework

COSO plans to simplify its forthcoming framework for enterprise risk management, paring back some of the 23 proposed principles and renaming some of the framework’s five components, according to a project summary PwC has been circulating lately. A friend of the cause passed along that presentation to me earlier this week, and the framework’s development…

Read More

Amazon.com Launching New ERM Effort

Amazon

Spotted on the Internet this weekend: Amazon.com is looking for a program manager to join a newly formed enterprise risk management team—which means, of course, that Amazon has a newly formed ERM team. That’s news to me. The job description says Amazon wants to create a new, centralized ERM function that acts as an adviser…

Read More