Animas River after EPA Spill

ERM Report: the EPA Spill & Better Risk Assessments

Last week, a “mistake” by the Environmental Protection Agency (EPA) caused “millions of gallons of pollutants” to overpower the Animas River in Colorado. The EPA, responsible for maintaining and protecting the environment, in fact did just the opposite. The 3 million gallons of wastewater has the potential to cause health risks for humans and animals…

realizing the inpact of unidentified risks and cybersecurity threats

Healthcare Organizations are Falling Behind, and ERM is the Solution

Healthcare organizations manage an almost unimaginable amount of sensitive data, and industry experts say they aren’t doing enough to protect it. For their 2015 Vendor Risk Management Benchmark Study, The Shared Assessments Program surveyed nearly 500 professionals for insight into risk management practices across various industries. The findings show that healthcare organizations come up short…

cybersecurity defenses

Cybersecurity Attacks: Are you at Risk?

An in-depth investigation by the non-profit analysis organization RAND reveals that hackers and their attacks are maturing at a much more rapid pace than organizations’ cybersecurity programs. Hackers now regularly and successfully plan sophisticated attacks to gain valuable information from large, well established organizations. In June 2015, Tony Scott, the CIO of the federal government, stated…

COSO ERM framework update

How to Create a Successful ERM Program from the Ground Up

In 2015, Amair Saleem was named the Global Risk Management Professional of the Year by the Institute of Risk Management. Saleem manages safety, risks, and regulations for Dubai’s Roads and Transport Authority (RTA), which serves many of the same functions the U.S.’s DOT does. So what has made Saleem such a preeminent risk management expert?…

internal audit planning

Managing Uncertainty: Escalating Unknown Knowns (Part 2 of 2)

ERM Software in Action As discussed in part 1 of this blog series, many businesses do not formally recognize their critical risk networks. Without proper acknowledgment, fundamental risks remain essentially invisible. That being said, it’s vital to create conditions that enable a useful risk management network to be formed and used across the enterprise. So, how…

connecting risk information

Managing Uncertainty: Escalating Unknown Knowns (Part 1 of 2)

Risks are known far in advance by at least one employee – and typically by several – on the front lines of every business. However, problems arise when managers lack mechanisms to escalate and connect their risks with the concerns shared by colleagues in other parts of the organization. When critical business interdependencies are not formally…