Browse by Article Topic

• ERM Tools and Techniques

  (84)

• Boards, Audit Committees, and ERM

  (81)

• ERM Frameworks and Fundamentals

  (82)

• ERM and Information Technology Risk

  (18)

• Chief Risk Officers (CROs) – Roles and Responsibilities

  (23)

• Business Case for ERM

  (66)

• ERM Surveys and Benchmarking Data

  (84)

• ERM Videos

  (19)

• Executive Leadership for ERM

  (76)

• Industry-Specific ERM Issues

  (30)

• Interaction of ERM and Strategic Planning

  (80)

• Miscellaneous ERM Topics

  (83)

• Roundtable Summaries

  (45)

• Q & A: Controlling Spreadsheet Risk

  January 10, 2013

  Spreadsheets are widely used in today’s business environment, and rightly so – they provide users with a powerful, flexible solution for getting things done. However, there is a difficult truth about spreadsheets: as they become more prevalent and more complex in their functionality, spreadsheets can generate significant risks for any organization if not properly managed. This publication from Protiviti Inc. delves into the topic of spreadsheet risk with answers to over fifty frequently asked questions about spreadsheets. Collectively, these answers provide guidance for evaluating and controlling spreadsheet risk.

• Managing Risks of the Mobile Enterprise

  October 01, 2012

  Mobile devices are becoming more and more integral in the workplace today, as they are used for field work, file-sharing, and business processes. With the widespread use of mobiles, and the delicate intertwined relationship of such devices with both personal and professional lives, substantial number of risks arise that need to be managed properly in order to reap the benefits of these devices. To help organizations think about risks associated with the use of mobile devices, the Security for Business Innovation Council (SBIC) has issued an in-depth analysis of consumer mobile devices in the enterprise along with various risks that arise with the evolving technology. Furthermore, the report also provides various recommendations to manage such risks effectively over time. The following provides a summary of the report.

• Special Report: Risk Lessons from the 2011 Japan Earthquake Disaster

  January 01, 2012

  In the Global Risks 2012 report, the World Economic Forum features a special report on the Great East Japan Earthquake of March 2011. The special report highlights some lessons learned from the crisis that can be applied by governments and businesses. Some of the lessons include the necessity of redundancies for risk resilience, the value of adaptive leadership, and the importance of timely communication during a risk event.

• The World Economic Forum’s Global Risks 2012 Report

  January 01, 2012

  The World Economic Forum’s seventh edition of the Global Risks 2012 report details the survey results of 469 global experts from different sectors. The experts ranked the likelihood and impact of 50 global risks that are major concerns of governments, businesses, and other groups. The risks are divided into five categories namely economic, environmental, societal, geopolitical, and technological risks. The report surveys global experts and aims to provide the survey results to assist political, business and other world leaders to be aware of the current global risks that need to be managed timely and effectively.

• IT Projects – Black Swans Aren’t so Rare

  December 01, 2011

  IT projects can bring about significant, positive change for a company. However, many times just the opposite happens, as 16% of IT projects are affected by “black swan” risk events of going over budget by 200% or going over schedule by 70%. Failed projects also have led to the downfall of many companies such as Kmart, Auto Windscreens, and Toll Collect. This Harvard Business Review article reviews the similarities between successful and unsuccessful IT projects.

• Cyber Crisis Management: A New Philosophy and Approach to Incident Response

  September 01, 2011

  Cyber crime is becoming an increasing problem for companies in the United States, resulting in million dollar damages and creating major reputation risks for entities affected. While attacks are often frustrating, some thinking about cyber related risks can lead to preparation that may lessen the impact of these events. A Cyber Crisis Plan, which can be devised and implemented through an ERM process, strengthens an organization’s ability to manage through a cyber threat by having a plan that identifies who needs to do what and when they need to do it. This kind of preparation can help companies avoid major losses, reputation hits, and congressional scrutiny.

• Managing Social Media Risks

  July 01, 2011

  As organizations realize the potential of social media to positively benefit their marketing and advertising strategies, they are also aware of potential risks. In a white paper published by Crowe Howarth LLP, the authors outline sources from which social media risks can originate and provides a six-step approach that an organization can use to create an effective social media risk management strategy.

• Raising Awareness of Cybersecurity Risks

  March 01, 2011

  Given the highly interconnected world that technology now accommodates, organizations are able to expand their operations and systems all around the globe. While those IT systems create significant business opportunities, those same tools may be opening organizations up to significant vulnerabilities that can be activated from most any technology connection point around the world. This risk, often referred to as “cybersecurity risk”, is being realized more and more by all types of organizations. Sometimes those risks also arise from internal sources who leak sensitive information to the outside world, similar to recent Wikeleaks situations. A recent white paper, issued by the law firm of Sidley Austin LLP, provides a number of issues to be considered by senior executives as they evaluate cyber risk exposures.

• How Risk Management Is Changing in Response to the Economic Crisis

  July 01, 2009

  The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

• Enhancing IT Risk Management: An Exposure Draft

  February 01, 2009

  Information Technology (IT) risk is a business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. Even though the use of IT can cause many risks for an enterprise, there are also many benefits derived from the use of IT. IT risk is prevalent at all levels of an organization, and many organizations have a hard time integrating the management of IT risk with all of the other business risks an organization faces. This exposure draft, “The Enterprise Risk: Identify, Govern and Manage IT Risk, The Risk Framework Exposure Draft,” helps management properly integrate the management of IT risk into its Enterprise Risk Management, make well-informed decisions about the extent of the risk, risk appetite, and risk tolerance of the enterprise, and understand how to respond to risk.

• Managing Information Technology Risk:  A Global Survey for the Financial Services Industry

  December 31, 2008

  Ernst & Young’s first global survey for the financial services industry that provides industry data, trends, leading practices, and opinions on the components of effective information technology (IT) risk management. Based on survey responses, many financial institutions are seeking ways to better integrate IT risk management with their overall risk management program and processes.

• The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities

  September 30, 2008

  This report by KPMG, LLP describes insights from audit committee members of public companies regarding audit committee priorities and processes. The data come from the 2007-2008 Public Company Audit Committee Member Survey by the KMPG Audit Committee Institute which compiled findings from nearly 300 audit committee members and the 2008 Audit Committee Issues Conference attended by around 120 audit committee members. Key findings include that audit committees have grown more confident in their oversight of traditional financial reporting matters, but they believe there is a significant opportunity to improve their risk management oversight and believe that oversight of risk management is their top oversight priority for 2008.

• GRC Strategic Agenda: The Value Proposition of Governance, Risk, and Compliance

  February 01, 2008

  The increasing barrage of governmental, industry specific, and internal regulations, coupled with the pressures of increased competition and risk in a global market has clearly defined the need for organizations of all sizes to implement GRC initiatives. This article explains the need for GRC, GRC’s interconnectivity with IT, and the high level importance risk management plays in GRC initiatives.

• The Convergence of Physical and Information Security in the Context of Enterprise Risk Management

  December 31, 2007

  This report gives insight into the general state of security convergence, integration of converged security as part of ERM, role of risk councils, and benefits of converged risk management.

• ERM and Information Technology

  April 01, 2006

  Internal auditors are faced with new challenges as the importance of understanding information technology (IT) and its impact on risk management becomes even more critical. Internal auditors can provide value to businesses if they use their IT knowledge to help an organization implement a successful enterprise risk management (ERM) program.

• CROs Challenged by IT Risks

  September 01, 2005

  The white paper focuses on the increasing dependency companies have on IT processes and the new challenges placed on CROs. Senior executives at various industries were asked to provide insight on digital risks and the role CROs play in tackling such risks.

• Using Technology to Support ERM:  A Case Study

  December 31, 2003

  Companies face added complexity to overall risks threatening an enterprise. Management needs a risk management program that is complete and proactive toward risk. This article highlights steps that Zions Bancorporation took to develop an application to facilitate risk management.

• Impact of IT Risks on ERM

  December 01, 2003

  Many technological risks face modern organizations of all types and have become necessary considerations for general auditors. These risks can be placed into the five categories of access control, network security, data integrity, asset management, and software acquisition and development, all of which are necessary to consider even in businesses that function outside of technological markets. Framework should provide flexibility for change as technology changes yet mitigate risk through necessary restrictions.

Sub Navigation

ERM Resources

• Resources
• Articles
• ERM Video Library
• Books
• Conferences
• Webcast
• Organizations
• ERM Roundtable Summaries