Strategic ERM

What’s Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach. Traditionally, IT is comprised of a variety of underlying functions. These functions include: IT Asset Management, commonly used to inventory…

connecting risk information

How Enterprise Risk Management Prevents Surprises

Governance programs are the unsung heroes of 21st-century business operations. Their situation is analogous to that of football’s offensive line. If an offensive line does its job, no one will notice it, but when something goes wrong, the spotlight shifts. Governance personnel know this feeling all too well. Unwanted surprises – be they compliance notices,…

cyber risk

Risk-Based Cybersecurity Prevents Cyber Attacks and Data Breaches

There are many prominent cybersecurity companies, including FireEye and Symantec. These companies “focus on blocking or detecting intrusions as they occur or responding to attacks after the fact,” according to The New York Times. Sometimes, this approach yields fruit, but inherently, it cannot “gain the upper hand” over threats; no matter how quickly security responds to…

board accountability

Volkswagen Side-Steps Enterprise Risk Management

Volkswagen has been side-stepping environmental compliance standards by “programming some diesel-fueled cars to turn on emission controls only when being tested.” In the days since this discovery, Volkswagen has been hit with over 30 federal lawsuits and 40%+ decline in stock value, all stemming from the same source—poor Enterprise Risk Management. In this case, poor…

vendor management

Increased Accountability for Risk Management results in 28-Year Prison Sentence

CNN’s latest news headline reads, “28 years for salmonella: Peanut exec gets groundbreaking sentence.” This story relates to the Peanut Butter Corporation of America’s (PCA’s) bankruptcy, and the largest food recall in the United States due to salmonella. Known as one of the deadliest salmonella outbreaks, the PCA’s case is linked to nine deaths on top…

Protect against ransomware with these best practices.

OCC Targets Cybersecurity and AML Deficiencies – ERM is the Answer

The OCC released its “Semiannual Risk Perspective” and, perhaps as anticipated, banks continue to struggle plugging gaps in information technology practices. Among the risks highlighted in the study, as reported by Joe Mont at Compliance Week: Evolving cyber-threats and information technology vulnerabilities require heightened awareness and appropriate controls. The high volumes and frequency of changes…