good governance is made possible by ERM

What Is Good Governance, and Why Do We Care?

Governance is defined by the organizational processes used to make and implement decisions. Good governance is not necessarily making only the “correct” decisions. It’s using the best possible risk management process to inform decision-making, which has the potential to impact employees, customers, other stakeholders, and the community at large. Optimizing organizational governance is not just recommended,…

incident prevention preserves your company's reputation.

Incident Prevention, Not Incident Recovery: How to Preserve Your Company’s Reputation

For companies that care about their reputation, incident prevention is a must.  Said best by Warren Buffet, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” Building and preserving that reputation through proactive incident prevention must be a top priority. Post-scandal…

adapt to political risk using enterprise risk management

Domestic Political Risk: Operating in the Uncertainty of a New Era (Part 1)

What Is Domestic Political Risk? Political risk refers to conditions and events that affect organizations and result from governmental decisions. It can have major effects on the profitability/expected value of economic action. Political risks impact individual investors, public and private companies of all sizes, and governments. Starting in 2016, political risk seemed closer to home…

HITRUST Common Security Framework (HITRUST CSF)

Due to the nature of the services they provide, healthcare organizations must adhere to strict risk management – and specifically, regulatory compliance – requirements. The multiplicity of healthcare requirements is a strong motivation for effective risk management, especially in conjunction with the sensitive nature and high number of patient records stored in electronic systems. Furthermore,…

Operational Risk Management

What is Operational Risk Management? Operational risk encompasses all risks faced by an organization during the course of its daily business functions. There are 5 main buckets of the root cause source of all operational risks: External - threats from people, entities, and environments outside the business, like financial markets and cyber attackers Processes -…