Posts Tagged ‘IT risk’
The Web of Risks Wrapped Around SVB
Chief risk officers and board risk committees have one more lesson to learn from the collapse of Silicon Valley Bank. The lesson is buried in the notion that SVB collapsed after “a good old-fashioned bank run.” That’s not quite what happened, and what did happen says a lot about flawed risk management. By now you’ve…
Read MoreGetting a Better Grip on IT Controls
Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …
Read MoreMorgan Stanley Fined on Data Destruction
We have quite the reminder on IT risk today courtesy of the Securities and Exchange Commission. The agency just fined a subsidiary of Morgan Stanley for poor data protection practices, which even led to one incident where the bank’s old IT equipment was sold at auction with customer data still on the hard drives. The…
Read MorePodcast: The Importance of ‘ITGCs’
Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…
Read MoreWhen Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read More