compliance is a risk

Advice for Risk Managers: Treat Compliance Like a Risk, Not a Checklist

Many companies share some problematic habits when it comes to compliance management. The worst of them is treating compliance like a checklist. In other words, thinking, “If we meet these specific compliance requirements, our company should run efficiently and securely.” While this is a simplified outlook, the point remains the same. Being compliant guarantees neither…

Strategic ERM

What’s Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach. Traditionally, IT is comprised of a variety of underlying functions. These functions include: IT Asset Management, commonly used to inventory…

operational risk management

Risk Identification and Monitoring Ensure Hospitals, Labs, and Retailers Remain in Compliance with EPA Standards

In light of recent events, the Environmental Protection Agency is using new monitoring techniques to evaluate the quality of companies’ classifications and reporting of hazardous materials. Ironically, as we all learned recently, even the EPA itself isn’t immune to catastrophic, if preventable, mistakes. New compliance regulations increase the importance of standardized risk identification, mitigation, and…

COSO ERM framework update

Increased Credit Card Security Means Increased Compliance Risks and Liabilities for Businesses

Here at LogicManager, we’ve spent a lot of time considering issues related to cybersecurity. To find a new way in which a cybercriminal has exploited electronic vulnerabilities, all you need to do is skim today’s newspaper, which will almost inevitably report a data breach or fraud-related scandal. An evolving set of threats means incident likelihood…

regulatory organizations targeting cybersecurity risk management

Cyber-Threat Management Requires a Risk-Based Approach

The concept of cyberattacks, while still disturbing, is no longer as new and unfamiliar as it was five years ago. However, we are still seeing money invested in inefficient and ineffective risk mitigation responses. All the major corporations that have suffered breaches had sophisticated control solutions in place. Even so, their risk exposure was significant…

good governance is made possible by ERM

Ignorance Is No Longer an Excuse for Poor Board Oversight

Gerry Grimstone, keynote speaker at the IIA’s recent conference in London, has a message for senior executives. “You can’t easily blame a board member for not knowing something,” Grimstone said. “But you can blame a board member for creating a culture where he doesn’t know something.” Grimstone spoke at length about the latest example of…