Strategic ERM

What’s Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach. Traditionally, IT is comprised of a variety of underlying functions. These functions include: IT Asset Management, commonly used to inventory…

operational risk management

Risk Identification and Monitoring Ensure Hospitals, Labs, and Retailers Remain in Compliance with EPA Standards

In light of recent events, the Environmental Protection Agency is using new monitoring techniques to evaluate the quality of companies’ classifications and reporting of hazardous materials. Ironically, as we all learned recently, even the EPA itself isn’t immune to catastrophic, if preventable, mistakes. New compliance regulations increase the importance of standardized risk identification, mitigation, and…

COSO ERM framework update

Increased Credit Card Security Means Increased Compliance Risks and Liabilities for Businesses

Here at LogicManager, we’ve spent a lot of time considering issues related to cybersecurity. To find a new way in which a cybercriminal has exploited electronic vulnerabilities, all you need to do is skim today’s newspaper, which will almost inevitably report a data breach or fraud-related scandal. An evolving set of threats means incident likelihood…

Protect against ransomware with these best practices.

Cyber-Threat Management Requires a Risk-Based Approach

The concept of cyberattacks, while still disturbing, is no longer as new and unfamiliar as it was five years ago. However, we are still seeing money invested in inefficient and ineffective risk mitigation responses. All the major corporations that have suffered breaches had sophisticated control solutions in place. Even so, their risk exposure was significant…

good governance is made possible by ERM

Ignorance Is No Longer an Excuse for Poor Board Oversight

Gerry Grimstone, keynote speaker at the IIA’s recent conference in London, has a message for senior executives. “You can’t easily blame a board member for not knowing something,” Grimstone said. “But you can blame a board member for creating a culture where he doesn’t know something.” Grimstone spoke at length about the latest example of…

Healthcare Industry

A Risk-Based Approach to Patient Safety and Incident Management

The Food and Drug Administration recently investigated manufacturers of endoscopes, a device most doctors call “a key tool in detecting and treating medical problems,” according to The Washington Post. Such instruments, while vital to modern medicine, are also responsible for infecting hundreds of patients with a vicious bacteria called enterobacteriaceae, more commonly known as CRE.  So…

connecting risk information

How Enterprise Risk Management Prevents Surprises

Governance programs are the unsung heroes of 21st-century business operations. Their situation is analogous to that of football’s offensive line. If an offensive line does its job, no one will notice it, but when something goes wrong, the spotlight shifts. Governance personnel know this feeling all too well. Unwanted surprises – be they compliance notices,…