Posts Tagged ‘risk management’
On Wisconsin and Cyber Risks
IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…
Read MoreNIST Pushes More Use of Impact Analysis
NIST, everyone’s favorite publisher of cybersecurity standards, is asking for public comment on another good idea: how to use business impact analysis to guide your risk prioritization and response efforts. Performing a business impact analysis (BIA) is already an important element of business continuity and disaster recovery planning. True, most cybersecurity and data privacy frameworks…
Read MoreA Messy Picture for Risks in 2022
Consulting firm Protiviti recently published its annual survey of enterprise risks worrying corporate leaders for the coming year. As always, the survey is worth a look so you can decipher what might be on the minds of your board and C-suite, and then anticipate the ways they’ll likely exasperate you over the next 12 months.…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read MoreCredit Suisse and Risk Oversight Pains
Today in news that should surprise nobody: Credit Suisse is mulling whether to remove its chief risk and compliance officer, after months of the Swiss bank stumbling from one surprise scandal to another. The executive in question, Lara Warner, has been in that combined risk and compliance role since Credit Suisse consolidated the two functions…
Read MoreLessons Ever Given on Risk, Control
For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it. My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…
Read MoreThoughts From the CEOs
Gorgeous spring weather finally arrived in Boston this weekend, so like any sensible compliance enthusiast I spent that time indoors reading the 2021 PwC Global CEO Survey. We have some findings about digital transformation of business processes and risk management to discuss. For those unfamiliar with the PwC Global CEO survey, it’s an annual report…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreEnterprise Risks: The Pandemic, and Beyond
Surprising exactly no one, the top worries this year among corporate leaders are the pandemic and its economic consequences. So says Protiviti’s annual report on top enterprise risks, although the report does also flag a few other concerns that corporate audit and risk managers may want to consider. The top risk for 2021, according to…
Read MoreBank Regulator Props Up Energy Lending
The Trump Administration is trying to push through a rule that would neuter banks’ ability to consider ethics and reputation issues when offering services — a kiss to the oil & gas industry, and one that would undermine banks’ ability to consider social and ethical factors when evaluating business relationships. The Office of the Comptroller…
Read More