ERM regulation

SEC Reprioritizes ERM in 2014

The Security and Exchange Commission announced its examination priorities for the New Year, and Enterprise Risk Management heads the list. The priorities, selected by Senior Staff from the National Examination Program, aim to address areas of weakness that threaten fair, orderly, and efficient markets. On the subject of Enterprise Risk Management, the NEP states that…

How to Buy ERM Software

NYT: How to Buy ERM Software in 2014

In previous blogs, I’ve covered the differences between ERM and GRC offerings. One critical difference I’d like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service’s relatively recent entry into the Business to…

Credit Union Industry

OCC Stresses Importance of ERM in Vendor Risk Management

On October 30, 2013 the Office of the Comptroller of the Currency (OCC) published a bulletin to the CEOs and CROs of all national banks stressing the need for an enterprise risk management approach to vendor risk management. In the bulletin, entitled, OCC: Third-Party Relationships: Risk Management Guidance, the office recognizes, “integrating the bank’s third-party…

monitoring risk

How to Effectively Monitor Risk & Controls: Testing vs. Metrics

In today’s organizations, risk managers are tasked with the responsibility of effectively monitoring risk.  They need to know what to monitor and how to determine if mitigation activities are effectively preventing risks from materializing. Traditionally, organizations monitor activities through Control Testing, but this provides little more than a false sense of security for organizations. A…

COSO ERM framework update

A Quick Guide to COSO Internal Controls 2013 Changes

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its COSO Internal Control – Integrated Framework document all the way back in 1992 to assist publicly traded organizations adhere to the Sarbanes-Oxley Act (SOX) Section 404. COSO considers internal controls to be an integral part of enterprise risk management (as does LogicManager), and as…