On Wisconsin and Cyber Risks

Wisconsin

IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…

Read More

NIST Pushes More Use of Impact Analysis

NIST

NIST, everyone’s favorite publisher of cybersecurity standards, is asking for public comment on another good idea: how to use business impact analysis to guide your risk prioritization and response efforts.  Performing a business impact analysis (BIA) is already an important element of business continuity and disaster recovery planning. True, most cybersecurity and data privacy frameworks…

Read More

A Messy Picture for Risks in 2022

risk

Consulting firm Protiviti recently published its annual survey of enterprise risks worrying corporate leaders for the coming year. As always, the survey is worth a look so you can decipher what might be on the minds of your board and C-suite, and then anticipate the ways they’ll likely exasperate you over the next 12 months.…

Read More

Notes on Cybersecurity and Operational Risk

risk

Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…

Read More

Credit Suisse and Risk Oversight Pains

Credit Suisse

Today in news that should surprise nobody: Credit Suisse is mulling whether to remove its chief risk and compliance officer, after months of the Swiss bank stumbling from one surprise scandal to another.  The executive in question, Lara Warner, has been in that combined risk and compliance role since Credit Suisse consolidated the two functions…

Read More

Lessons Ever Given on Risk, Control 

For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it.  My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…

Read More

Thoughts From the CEOs

Gorgeous spring weather finally arrived in Boston this weekend, so like any sensible compliance enthusiast I spent that time indoors reading the 2021 PwC Global CEO Survey. We have some findings about digital transformation of business processes and risk management to discuss.  For those unfamiliar with the PwC Global CEO survey, it’s an annual report…

Read More

Thoughts on IT Risk Management

risk

Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…

Read More

Enterprise Risks: The Pandemic, and Beyond

risk

Surprising exactly no one, the top worries this year among corporate leaders are the pandemic and its economic consequences. So says Protiviti’s annual report on top enterprise risks, although the report does also flag a few other concerns that corporate audit and risk managers may want to consider. The top risk for 2021, according to…

Read More

Bank Regulator Props Up Energy Lending

rule

The Trump Administration is trying to push through a rule that would neuter banks’ ability to consider ethics and reputation issues when offering services — a kiss to the oil & gas industry, and one that would undermine banks’ ability to consider social and ethical factors when evaluating business relationships. The Office of the Comptroller…

Read More