The Web of Risks Wrapped Around SVB

SVB

Chief risk officers and board risk committees have one more lesson to learn from the collapse of Silicon Valley Bank. The lesson is buried in the notion that SVB collapsed after “a good old-fashioned bank run.” That’s not quite what happened, and what did happen says a lot about flawed risk management. By now you’ve…

Read More

Getting a Better Grip on IT Controls

control environment

Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …

Read More

Morgan Stanley Fined on Data Destruction

Morgan Stanley

We have quite the reminder on IT risk today courtesy of the Securities and Exchange Commission. The agency just fined a subsidiary of Morgan Stanley for poor data protection practices, which even led to one incident where the bank’s old IT equipment was sold at auction with customer data still on the hard drives.  The…

Read More

Podcast: The Importance of ‘ITGCs’ 

control environment

Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…

Read More

When Cybersecurity and IT Risk Converge

risk

The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach.  I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…

Read More

Thoughts on IT Risk Management

risk

Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…

Read More