A Convergence of Risk Disclosure

risk assessments

Like many other people, last week I read the SEC’s new requirements for disclosure of climate change risks with a sense of trepidation. The more I studied them, however, the more I felt something else: a sense of déjà vu.  Like, has anybody else noticed how similar these disclosure requirements are to those that the…

Read More

The Web of Risks Wrapped Around SVB

SVB

Chief risk officers and board risk committees have one more lesson to learn from the collapse of Silicon Valley Bank. The lesson is buried in the notion that SVB collapsed after “a good old-fashioned bank run.” That’s not quite what happened, and what did happen says a lot about flawed risk management. By now you’ve…

Read More

More on Managing ‘ChatGPT Risk’

ChatGPT

Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…

Read More

On Wisconsin and Cyber Risks

Wisconsin

IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…

Read More

NIST Pushes More Use of Impact Analysis

NIST

NIST, everyone’s favorite publisher of cybersecurity standards, is asking for public comment on another good idea: how to use business impact analysis to guide your risk prioritization and response efforts.  Performing a business impact analysis (BIA) is already an important element of business continuity and disaster recovery planning. True, most cybersecurity and data privacy frameworks…

Read More

A Messy Picture for Risks in 2022

risk assessments

Consulting firm Protiviti recently published its annual survey of enterprise risks worrying corporate leaders for the coming year. As always, the survey is worth a look so you can decipher what might be on the minds of your board and C-suite, and then anticipate the ways they’ll likely exasperate you over the next 12 months.…

Read More

Notes on Cybersecurity and Operational Risk

risk assessments

Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…

Read More

Credit Suisse and Risk Oversight Pains

Credit Suisse

Today in news that should surprise nobody: Credit Suisse is mulling whether to remove its chief risk and compliance officer, after months of the Swiss bank stumbling from one surprise scandal to another.  The executive in question, Lara Warner, has been in that combined risk and compliance role since Credit Suisse consolidated the two functions…

Read More

Lessons Ever Given on Risk, Control 

For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it.  My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…

Read More

Thoughts From the CEOs

Gorgeous spring weather finally arrived in Boston this weekend, so like any sensible compliance enthusiast I spent that time indoors reading the 2021 PwC Global CEO Survey. We have some findings about digital transformation of business processes and risk management to discuss.  For those unfamiliar with the PwC Global CEO survey, it’s an annual report…

Read More