Posts Tagged ‘risk management’
Repository of AI Risks Available
Some red meat today for everyone panicking about the risks (compliance or otherwise) of artificial intelligence: the brains at MIT have published a catalog of more than 700 potential risks from organizations’ use of AI, which you can use as food to fuel your AI risk management program. A team of MIT researchers known as…
Read MoreA Convergence of Risk Disclosure
Like many other people, last week I read the SEC’s new requirements for disclosure of climate change risks with a sense of trepidation. The more I studied them, however, the more I felt something else: a sense of déjà vu. Like, has anybody else noticed how similar these disclosure requirements are to those that the…
Read MoreThe Web of Risks Wrapped Around SVB
Chief risk officers and board risk committees have one more lesson to learn from the collapse of Silicon Valley Bank. The lesson is buried in the notion that SVB collapsed after “a good old-fashioned bank run.” That’s not quite what happened, and what did happen says a lot about flawed risk management. By now you’ve…
Read MoreMore on Managing ‘ChatGPT Risk’
Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…
Read MoreOn Wisconsin and Cyber Risks
IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…
Read MoreNIST Pushes More Use of Impact Analysis
NIST, everyone’s favorite publisher of cybersecurity standards, is asking for public comment on another good idea: how to use business impact analysis to guide your risk prioritization and response efforts. Performing a business impact analysis (BIA) is already an important element of business continuity and disaster recovery planning. True, most cybersecurity and data privacy frameworks…
Read MoreA Messy Picture for Risks in 2022
Consulting firm Protiviti recently published its annual survey of enterprise risks worrying corporate leaders for the coming year. As always, the survey is worth a look so you can decipher what might be on the minds of your board and C-suite, and then anticipate the ways they’ll likely exasperate you over the next 12 months.…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read MoreCredit Suisse and Risk Oversight Pains
Today in news that should surprise nobody: Credit Suisse is mulling whether to remove its chief risk and compliance officer, after months of the Swiss bank stumbling from one surprise scandal to another. The executive in question, Lara Warner, has been in that combined risk and compliance role since Credit Suisse consolidated the two functions…
Read MoreLessons Ever Given on Risk, Control
For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it. My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…
Read More