Manage Tomorrow's Surprises Today™ ERM Blog

Risk Management Trends 0

WSJ: Executives Report Inadequate Risk Management

Despite reports that more than 65% of organizations have adopted Enterprise Risk Management, executives remain unimpressed and skeptical of the value their ERM programs are providing versus what is needed. A new report by APQC finds that fewer than 1 in 5 executives say their companies are effectively managing emerging risk, and the report’s authors worry...

risk identification 0

Password Theft Crisis: A Wake-up Call for ERM

A Russian crime ring has committed the largest data breach ever. According to a report in The New York Times, the ring allegedly stole 1.2 billion username and password combinations, and more than 500 million email addresses from some 420,000 websites. From an enterprise risk management perspective, this is not the full story. It is a fact...

demo 1

ERM Software vs. SharePoint

Once SharePoint has taken root in a company, there’s a tendency to try to use it for everything. The mega-popular platform can accomplish many use cases, from social networking to document management. It’s no wonder then that Risk Managers have been asked to build their programs on SharePoint – and live and die with the consequences....

ScreenHunter_136 May. 12 16.31 0

ERM: Doing it, and doing it right

Jeffery Reynolds’ article in ABA Banking Journal, “ERM: Getting it, and getting it right”, equates the definition of Enterprise Risk Management with happiness. Before you start with ERM, you have to define it. If it were only that easy to nail down the definition of ERM—but it is not…Defining ERM is like defining happiness. Happiness is...

risk prevention 0

Why are so many companies missing the point? ERM’s Role in Incident Prevention

Regardless of guilt or innocence, FedEx’s recent indictment has reminded us that in today’s world of complex global interactions and increased regulations, organizations must have a strong handle on interrelated risk, business processes, and relationships. This past week, FedEx made headlines for knowingly assisting illegal online pharmacies, according to the U.S. Federal Government. The company is...

Risk Management software package 0

Why Your Boss Doesn’t Get Risk Management

There are a couple of common refrains we hear at LogicManager on a consistent basis. One is of particular concern to risk managers seeking to establish legitimacy and trust within their organization. “My boss just doesn’t get it.” The signs you’re on this boat are noteworthy. You’re rarely questioned about the legitimacy of the data you’ve...

Healthcare Industry 1

PCI DSS in Healthcare: HIPAA Compliance Isn’t Enough to Protect Patients

The healthcare industry has grappled with HIPAA for nearly 20 years. The ever-changing, extensive piece of legislation mandates the protection and security of patients’ private health information, and HIPAA compliance is a costly and time consuming process for healthcare organizations. With the amount of focus and effort directed towards HIPAA compliance, risk and compliance professionals at...

Risk Appetite 2

Risk Managers Are Spending Their Time on the Wrong Things

There is always a lot of buzz about “risk appetite statements” and “risk tolerance.” In theory, these sound like a natural launching point for ERM Programs – how can risk managers manage risks without a known goal of what they should be managing towards? However, the problem with risk appetite is that it is not actionable,...

ERM Mitigation Effectiveness 1

Best Practices for Developing Mitigation Plans

A common challenge for early-stage ERM programs is making the step from risk identification and prioritization to the formalization of a control (or mitigation) environment. Keep in mind, it is only possible to know if a Mitigation Activity is effective and efficient if the objective of this activity is known. The objective o f the activity must...