Risk

Mr. Spock and his pursuit of logic inform today’s blog post. Every compliance practitioner is aware of the need for a risk assessment in any best practices compliance program; whether that program is based on the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other compliance law or regime.

for some companies, the new guidance — and the linkages to an existing strategic planning process it requires — can substantially change how they manage their business, create operational efficiencies and even boost profitability.

Many efforts to implement ERM are unfocused, severely resourced constrained, and pushed down so far into the organization that it is difficult to establish relevance. The near-term results are “starts and stops” and ceaseless discussions to understand the objective.

The deadline has passed for implementing the 2013 COSO internal control integrated framework. But if your organization is among the many that have yet to put the new framework in place, don't panic yet. The SEC will be on the lookout for companies operating under the older guidelines, but you likely still have some time to comply. Follow these steps...

It takes guts - and a new way of thinking - to change the status quo. But challenging the way things have been done can be a very good thing, particularly if outcomes have been less than ideal. While it's not a scientific discipline per se, the way companies practice risk management could be much improved with a scientific approach,...

Until a crisis presents itself, it's not apparent from the outside whether sufficient resources have been dedicated to managing risks. But if and when that disaster eventually arrives, it will be too late to plan for the worst. Take proactive, preventive steps now to ensure your firm is prepared to handle its greatest risks and boost its chances of survival...

Rather than segregating risk management responsibilities into their own silo, making them the purview of only a select few, companies would benefit greatly from an integrated approach in which every person in the organization is responsible to some extent in managing risk. Jim DeLoach presents a method involving five distinct lines of defense. Read on for details.

There is no one-size-fits-all risk assessment. Assessments should be fairly different, in fact, from one organization to another, since needs and risks are necessarily quite different depending on industry, location, lines of business, etc. The need for customized assessments is even greater when businesses are using combined risk and program assessments, in fact. Read on for details.

Risk management cannot possibly go well when the parties involved aren't speaking the same (risk) language. Minimize misunderstandings by making sure that everyone involved is operating from the same framework when it comes to uncertainty in environment, process and information for decision making. Jim DeLoach breaks down for us exactly what that means.

Cybersecurity is as pressing a problem as ever, so the discussions around how to maintain privacy and protect the business should not only be ongoing, but also be happening at the Board level, involving senior management and other power players in the organization. As scams and hackers' schemes evolve, so to should your company's understanding of the risks and how...

If you believe cybersecurity risks are entirely the purview of the IT department, you're not alone. But you're also mistaken. Compliance has to partner with IT in conducting risk assessments, addressing threats and implementing solutions to keep the organization both on the technological forefront and protected as much as possible from data breaches.

Companies doing business internationally face a great deal of risks and challenges. This article explores the necessity of accounting for employees' health and safety while they travel abroad. Having international insurance coverage may not be enough. Here, Mike Kelly addresses ways to reduce travel risk and ensure your staff are protected both stateside and overseas.