Thoughts on IT Risk Management

risk

Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…

Read More

Enterprise Risks: The Pandemic, and Beyond

risk assessments

Surprising exactly no one, the top worries this year among corporate leaders are the pandemic and its economic consequences. So says Protiviti’s annual report on top enterprise risks, although the report does also flag a few other concerns that corporate audit and risk managers may want to consider. The top risk for 2021, according to…

Read More

Bank Regulator Props Up Energy Lending

rule

The Trump Administration is trying to push through a rule that would neuter banks’ ability to consider ethics and reputation issues when offering services — a kiss to the oil & gas industry, and one that would undermine banks’ ability to consider social and ethical factors when evaluating business relationships. The Office of the Comptroller…

Read More

A Word on Climate Change Risks

climate

So as you may have noticed recently, the world is on fire. And being buffeted by hurricanes. And suffering drought. And watching the polar ice caps melt away like Red Sox playoff hopes every summer.  Put simply, mankind is past the point of preventing the deleterious effects of climate change. Those effects are here now.…

Read More

New COSO Risk Appetite Guidance

COSO

News for all you guidance enthusiasts: COSO just released a 40-page primer on how to define your organization’s risk appetite, and then weave that risk appetite into corporate strategy and decision-making.  The booklet is available for free on the COSO website, and is the latest in a series of smaller, focused pieces of guidance that…

Read More

Developing an ‘IDORP’ for Covid-19 Control

vaccination

Well, here’s a stroke of luck: a compliance officer I know in the tech sector happened to begin a project at the start of this year — developing an infectious disease response program for his firm. Maybe this CCO had a premonition of the future; maybe he had an inkling that Covid-19 would become a…

Read More

Eight Objectives to Manage Pandemic Risks

risk assessments

Companies everywhere are racing to retool their risk management operations to address Covid-19, and I’ve been on a quest to find as much guidance as possible to pass along to everyone else. The GRC software firm Galvanize (formerly known as ACL) just hosted an emergency webinar to talk about how it’s trying to cope —…

Read More

New FINRA Guidance on Pandemic Risks

vaccination

Another day, another gumdrop of guidance from financial regulators that’s worth reading for the whole compliance community. This time it’s FINRA, which published a bulletin Monday reminding broker-dealer firms about how to manage pandemic risk. FINRA has Rule 4370 for broker-dealers, which requires them to draft and maintain a business continuity plan. That rule doesn’t…

Read More

Survey: Big Enterprise Risks in 2020

Protiviti has just released its annual survey of enterprise risks that worry corporate leaders. Economic conditions and regulatory change topped the list, and apparently CFOs, chief risk officers, and internal auditors see bigger risks afoot this year than CEOs and board directors do. The survey, Executive Perspectives on Top Risks 2020, comes out every year…

Read More

Operational Resiliency, Part II

risk assessments

Well this is convenient: one week after we had a post exploring the intersection of operational resiliency and compliance, two examples of the issue ripped from the headlines show just how much this obscure idea has real impact on compliance professionals’ lives. First, one of the Federal Reserve’s top regulators said last week that the…

Read More