More Tips on Third-Party Risk

third-party risk

FINRA, the regulator for broker-dealer firms, published its annual report on regulatory oversight issues this week — and to little surprise, the report included a section on third-party risk and the internal controls that your firm should consider to keep those risks in check. The advice is useful to anyone in any business sector, so…

Read More

COSO Guidance on Cloud Computing Issues

cloud

COSO released another guidance document last week, this one talking about how to apply COSO’s enterprise risk management framework for issues in cloud computing. Considering that just about every business under the sun is migrating to the cloud, and that the compliance risks within such migration can be considerable, let’s take a look at what…

Read More

Microchip Meltdowns and Vendor Risk

cybersecurity

Last week I cited the rising importance of vendor risk management as one of the big compliance events to watch in 2018. One week into the year, we have a great example of just how slippery this challenge can be. The example comes from Meltdown and Spectre, security flaws announced last week that exist in…

Read More

Eight Compliance Events to Watch in 2018

compliance

Welcome to 2018, everyone! Now that we’re done returning Christmas presents, watching college football, and prepaying this year’s property taxes, our thoughts turn to how the corporate compliance landscape might evolve in the coming year. Without further delay, then, my annual list of compliance issues that should be worth watching in 2018. In no particular…

Read More

Feds Eye Cybersecurity Risks of Tech Providers

cybersecurity

Financial regulators just named cybersecurity as one of their top concerns going into 2018, with a heap of worry specifically about third-party contractors supporting the financial system. So for compliance officers looking for yet another reason to move third-party risk management up the priority scale, now you have one. The alarm was raised last week…

Read More

Vendor Risk: Where We Need Work

risk

Protiviti and the Shared Assessments Program are out with a new report on vendor risk management. Compliance officers talking with your board lately about those efforts may want to give it a close read. The most visible point in the report is that businesses are improving at vendor risk management. That’s a good thing, since…

Read More

Vendors, Cybersecurity Risk: Ugh

cybersecurity

Good news if your organization experienced a cybersecurity breach recently thanks to some vendor floating around in your extended enterprise: you have plenty of company. So says the latest report from the Ponemon Institute, which surveyed more than 625 executives about data risks posed by their vendors or other third parties. Fifty-six percent said their…

Read More