ERM News

  • Video on Economic Outlook and Risks on Horizon

    March 28, 2013

    Take a look at this short video interview of The Economist Intelligence Unit’s Leo Abruzzese about implications related to the economic outlook for 2013. The interview explores risks and opportunities both here in the U.S. and abroad, including emerging markets, as executives navigate the volatile and uncertain economy. Abruzzese talks about evidence that the landscape may be improving, and he explores implications from the U.S. job market, improvements in the Eurozone, and acceleration in China’s economy. But it’s not all smooth sailing.

    Link: Video on Economic Outlook and Risks on Horizon

  • JP Morgan “London Whale” Report Highlights Risk Oversight Flaws

    February 22, 2013

    The report of the internal investigation of JP Morgan’s “London Whale” event sheds insights into what helped lead towards massive trading losses in its Synthetic Credit Portfolio (SCP). While intended to offset credit risks for the bank, the report notes that the overall SCP strategy was overly complex and inadequately monitored and reviewed. The report highlights how underlying objectives were actually conflicting, and the culture did not encourage traders and others to voice noted concerns of rising losses. Furthermore, it notes how the risk division was understaffed and the Chief Investment Office’s Risk Committee met infrequently. A Senate panel is evaluating the losses and the oversight provided by the bank’s primary regulator.

    Link: JP Morgan “London Whale” Report Highlights Risk Oversight Flaws

  • Looking for More Intensive ERM Training?

    February 07, 2013

    Is your organization struggling to understand the strategic benefits of enterprise risk management (ERM) and how it differs from what your organization already does to manage specific risks, then join us for our 1.5 day executive workshop to be held in New York City on March 20-21, 2013. NC State ERM Initiative faculty lead participants through an overview of how organizations are integrating their ERM processes with their organization’s strategic plans so that those processes become one of the organization’s most important strategic tools. The workshop provides practical examples of how organizations embed ERM in strategy, how they identify and assess risk exposures, and how they monitor those exposures proactively by using key risk indicators. The workshop is appropriate for both management and boards of directors who are interested in strengthening their oversight of the most significant risks to the enterprise. Register now.

    Link: Looking for More Intensive ERM Training?

  • Audit Committees Dissatisfied with Corporate Risk Management Processes

    January 29, 2013

    Boards of directors are not satisfied with the organization’s approach to risk management, according to a global survey of 1800 audit committee members in 21 countries conducted by KPMG. Almost half of the audit committee members surveyed indicate that their company’s risk management programs need “substantial work” with only a quarter of those surveyed are satisfied the underlying risk management programs are addressing risks important to company growth. Results for the U.S. mirror those at the global level. Boards are now evaluating how they should allocate their risk oversight responsibilities and whether they have the adequate risk management expertise. The results of this survey illustrate a strong desire to sharpen the focus on risks that cover the entire organization in order to develop a strong and effective enterprise risk management program.

    Link: Audit Committees Dissatisfied with Corporate Risk Management Processes

  • S&P Issues New Management and Governance Criteria

    November 13, 2012

    Standard & Poor’s just issued its updated criteria for evaluating enterprises’ management and governance as part of the credit ratings process. The term “management and governance” includes consideration of the strategic competence, operational effectiveness, and ability to manage risks exhibited by boards, executives, and functional managers. If an enterprise has the ability to manage important strategic and operational risks, then its management is positioned to strengthen its credit profile, while weak management with a flawed strategy or ineffective risk oversight weakens the credit position. Management and governance will be scored as (1) strong, (2) satisfactory, (3) fair, or (4) weak based on scores related to 17 subfactors. These scores represent the most qualitative aspect of S&P’s rating methodology. Read S&P Press Release.

    Link: S&P Issues New Management and Governance Criteria

  • Tis the Season of Giving:  Philanthropy & ERM?

    October 24, 2012

    Novices sometimes believe "ERM is a corporate thing" erroneously ignoring that all types of organizations, whether public, private, not-for-profit, or government, face all kinds of risks that can impact the organization's ability to achieve its core objectives whether that is to grow shareholder value or to achieve the vision and mission of the organization. Philanthropic organizations face similar difficulties like most other organizations in the matter of strategy setting. Some argue that philanthropic organizations need to place a greater importance on enterprise risk management, with a particular focus on how all relevant stakeholders may be affected by the implementation of a project. A recent report from Resource Alliance, a global network for fundraising, concludes that more engagement in designing strategies for risk management would benefit a number of philanthropies by helping them better assess drivers of risks that might impact the achievement of philanthropic investments.

    Link: Tis the Season of Giving:  Philanthropy & ERM?

  • We’re Running Out of Room – So Act Now!

    October 04, 2012

    Registrations for our Fall 2012 ERM Roundtable Summit on Friday, November 2, 2012 in Raleigh, NC have come in at a much faster rate than expected and we may soon have to close out our registrations to ensure we can handle the capacity. You are strongly encouraged to register now to have the opportunity to learn about emerging risk oversight practices from individuals leading risk oversight at Walgreens and Vanguard, from directors serving on the boards of Papa Johns, US Bank, Molex, among others. We’ll end the session with discussion from a corporate governance advisor at Parker Poe Adams and Bernstein, LLP about the legal ramifications of risk documentation.

    Link: We’re Running Out of Room – So Act Now!

  • Confronting Risk Culture

    October 01, 2012

    Tackling risk culture head-on – that is, the collective way in which personnel within an organization think about, communicate, and behave in relation to risk – may be one of the most overlooked critical elements of an organization’s risk management process. A recent thought paper by the Institute of Risk Management (IRM) tackles the topic of risk culture, arguing that a healthy risk culture is critical to successful risk management because it forms the foundation upon which all risk management practices are built. The thought paper highlights several approaches and tools for boards to use in fulfilling this important function in governing risk management, given that boards are ultimately responsible for understanding and guiding an organization’s risk culture.

    Link: Confronting Risk Culture

  • Managing Risks of the Mobile Enterprise

    October 01, 2012

    Mobile devices are now widely used by consumers and organizations are seeing the value of integrating them in the workplace. The use of mobile devices in the workplace for field work, file-sharing and business processes has sky-rocketed. While loaded with benefits, caution must be exercised as different types of risks involving the use of mobile devices come along with those benefits. The intertwined relationship of such devices with both personal and professional lives raises substantial risks that are critical to identify and assess. A recent report by the Security for Business Innovation Council (SBIC) provides an in-depth analysis of consumer mobile devices in the enterprise along with various risks that arise with the evolving technology. The report is a valuable resource for enterprises who are striving to get their arms around their use of mobile devices. Read more.

    Link: Managing Risks of the Mobile Enterprise

  • Applying “Big Data” to Risk Management

    October 01, 2012

    “Big data” is quickly building a following as a useful tool for helping managers make decisions. But what exactly is big data, and is its use actually beneficial to a business? A recent article in Harvard Business Review explains why digital data is perhaps more useful than ever before and provides real-life examples of companies using big data to make better decisions. The article also discusses five ingredients that are critical to using big data successfully in any company. Ultimately, big data could provide managers with insights into the risks facing their organizations. Read more.

    Link: Applying “Big Data” to Risk Management

  • Four Steps to Better Performance Measures

    October 01, 2012

    Managers sometimes hinder their ability to obtain insight from key performance metrics by focusing on sexy metrics that may be persistent but not predictive, and vice versa. Relying on flawed performance metrics may cause business leaders to inadequately identify and assess risks that affect their performance objectives. A recent Harvard Business Review article highlights some of the errors in how we design and use performance metrics and provides guidelines to help business leaders better connect financial and non-financial data to monitor progress toward achievement of business objectives. Read more.

    Link: Four Steps to Better Performance Measures

  • COSO’s New Thought Paper:  Strengthening the Risk Assessment Processes

    October 01, 2012

    Interviews, workshops, and surveys are commonly used to gather information to help organization leaders develop an inventory of risks potentially on the horizon. Given the complexity of businesses today, often the list of risks is voluminous making it difficult to know where to start in the management of potential risk events. To pinpoint those deemed as the most significant, some method of assessing and prioritizing risks is required. While common practice involves assessing risk probabilities and impact, other important dimensions include consideration of risk velocity and vulnerability, among other matters. A newly issued thought paper by COSO, in partnership with Deloitte, provides an overview of risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision making. The paper contains detailed information about the components of an effective risk assessment practice to help organizations move a step close to developing a robust enterprise risk management process. Download paper.

    Link: COSO’s New Thought Paper:  Strengthening the Risk Assessment Processes

  • Managing Risks of Innovation

    October 01, 2012

    Managers attempting to streamline a global innovation project generally do so while haphazardly managing risk. The reason for rushing projects is either lack of available employees, desires for a faster time to market, or using methods that worked at single location innovation projects. When management fails to spend the time necessary to build global innovation capabilities it could be more costly and more risky to make changes in the future when change is a necessity. A recent Harvard Business Review article offers ten guidelines to ascertain that a global innovation project has been organized and managed correctly to ensure its effectiveness.

    Link: Managing Risks of Innovation

  • Risk of Data Analytics

    September 21, 2012

    Companies are overloaded with access to all kinds of bits and bytes of information. Many are trying to analyze that information to see what nuggets of insights might exist. A recent report from MIT Sloan Management Review noted that while many organizations are seeking to glean insights from their data, many are losing their way. According to recent survey data, almost two-thirds of companies surveyed are collecting all kinds of data for analytics purposes, but fewer than half believe they are effective at disseminating information and insights from that data. So, a lot of information is being collected but not used or used incorrectly, which they describe as an “information gap.” One of the challenges relates to difficulties in sharing data across silos of the business.

    Link: Risk of Data Analytics

  • Curious About Benchmarking Your Organization’s Approach to Risk Oversight?

    September 18, 2012

    Many organizations have embraced the concept of ERM and have made significant investments in resources and processes to identify the organization’s top risk exposures. We find that executives leading those efforts often wonder whether they have effectively positioned their organization to be consistent with emerging best practices and whether they are strategically directed to accomplish entity objectives. The ERM Initiative, in partnership with the AICPA, is hosting a 1.5 workshop Enterprise Risk Management Workshop: Evaluating Your Organization’s Approach, to help guide executives through a benchmarking self-assessment of their organization’s ERM processes. The workshop will be held at the AICPA Offices in New York City and registration is limited to 50 participants.

    Link: Curious About Benchmarking Your Organization’s Approach to Risk Oversight?

  • Managing Supply Chain Risks Related to Conflict Minerals

    September 15, 2012

    The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 places new regulations on the use of conflict minerals in manufacturing supply chains. SEC issuers must now perform due-diligence on their supply chains in order to determine and disclose whether or not their manufactured products contain conflict minerals. This KPMG report discusses how companies can begin to build a framework for compliance and risk management with regard to conflict minerals and the supply chain in general. KPMG believes that regulation of the manufacturing supply chain will not stop at conflict minerals. With that in mind, this report suggests that companies subject to compliance with Section 1502 actually take a broader approach to the current rules by making their supply chains more transparent in general; companies should not simply focus on mineral sourcing. Read More.

    Link: Managing Supply Chain Risks Related to Conflict Minerals

  • Adaptive Nature of Future Risk Leaders – A Necessity

    September 12, 2012

    As organizations evolve their conventional risk management approaches that tend to be mostly "defensive or loss-prevention focused" to a more integrated enterprise risk management practice, they need executives who can help transition their approaches to be more in sync with the strategic thinking of the organization. With that in mind, the need for future risk leaders in the risk management profession who are adaptive to the evolving world is becoming a necessity. Successful risk managers will be those who are adaptive and informed about the underlying business so that they can integrate risk oversight with strategy execution. Read More.

    Link: Adaptive Nature of Future Risk Leaders – A Necessity

  • Boards Spending More Time on Strategy and Risk

    September 01, 2012

    Individuals who serve on the board of directors indicate that the amount of time they are spending on governance matters continues to increase. A recent PricewaterhouseCoopers study of 860 corporate directors finds that boards are spending more time on their board work, with some spending 20 percent more this year than last year given the spotlight that continues to shine on them. Challenges remain, with directors indicating they need to spend more time on critical areas related to company strategy and risk management.

    Link: Boards Spending More Time on Strategy and Risk

  • Using a Scientific Approach to Strategy and Risk Management

    September 01, 2012

    Strategic planners often go through a rigorous process of extensive analysis of past performance and forecasts to come up with a robust strategic plan. They attempt to check their biases, preconceived notions, and judgments during this process. However, often consideration of risks to the strategy are not explicitly examined given all the excitement of the upside potential of new initiatives and tactics. A recent article in Harvard Business Review recommends a “truly scientific” approach to strategic planning by providing seven key steps for leaders to consider while designing strategies so that they may be in a better position to address risks proactively as the strategy is built rather than after the strategy’s execution. In this way, organizations are better positioned to identify risks before they emerge, thereby enhancing the likelihood of strategic success through more effective risk oversight.

    Link: Using a Scientific Approach to Strategy and Risk Management

  • Implementing an Effective Enterprise Risk Management Program

    August 29, 2012

    Uncertainty about future challenges organizations will encounter can be daunting for boards and senior executives. Fortunately, many realize that uncertainty brings opportunities, too. While many organizational leaders have heard about enterprise risk management, many are left confused about the role ERM plays in helping manage future risks and opportunities. This recent SmartBusiness article lays out practical suggestions that help address what some organizations ask – 'Where do we begin?' The article provides practical insights about the types of risks to consider and their relationship to strategic goals and who within the organization should be engaged in risk oversight. Read More

    Link: Implementing an Effective Enterprise Risk Management Program

  • Risk Management Approach in the Recent Olympics

    August 22, 2012

    Many attribute the success of the London 2012 Olympics to careful planning and effective organization. Some argue that the driving success factor of the events was the comprehensive risk management plan employed by Olympic organizers. While the use of strategic risk management techniques to evaluate and implement risk mitigation policies and procedures for the games were not easily visible to the public, they played a key role in many of the decision-making process. By using a structured risk identification, risk assessment and risk response approach to risk oversight, the organizers were able to host events in front of a worldwide audience of over 200 million viewers without major interruptions. Read More

    Link: Risk Management Approach in the Recent Olympics

  • Outlook on Corporate Governance

    August 20, 2012

    Nell Minow, shareholder advocate and founder of GMI Ratings, recently spoke with The Wall Street Journal on how far companies have come in improving governance. The article highlights notable excerpts of the discussion, including how far companies still need to go to achieve effective governance. In addressing the role of the CFO in corporate governance, Minow explained it is important this person reports directly to the audit committee so they understand that his or her job depends on truthful and complete reporting to the board. Other insights include that while CEO selection has improved, a number of so-called “zombie directors” continue to serve even though a majority of shareholders withheld their votes for them.

    Link: Outlook on Corporate Governance

  • Risk-Aversion creates a Bias in Project Implementation and Choice

    August 13, 2012

    Mid-level executives and managers are responsible for making several repeated decisions on small investments and projects for their companies. For a number of reasons, these business leaders often select those investments that may not carry significant risks. However, being averse to risk on a project-by- project basis can ultimately lead to a portfolio of projects that is collectively too risk averse. Hence, the aversion to risk creates a bias that could throttle the growth of a company. Given not all projects are likely to fail, some level of calculated risk towards projects needs to be taken. This recent CFO Report by The Wall Street Journal highlights ways to help counter the tendency towards risk aversion across multiple projects. Read More

    Link: Risk-Aversion creates a Bias in Project Implementation and Choice

  • Benchmarking Report Finds That Overall Incident Reporting on the Rise

    August 02, 2012

    The Network Inc. and BDO Consulting recently released the 2012 Corporate Governance and Compliance Hotline Benchmarking Report, which is an annual statistical study of compliance hotline-related activity for the past five years. An article from MarketWatch.com discussed some of the report’s findings. One notable finding was that the Corporate Fraud Index for 2011, which measures the percentage of fraud-related incidents across all reports, rose to 21.1 percent, which is an all-time high since the Index was first reported in 2005. On a positive note, these increases are attributed to improvements organizations continue to make toward identifying misconduct and strengthening their overall GRC programs. The report also includes findings on retaliation, reporting location and reporting method. Luis Ramos, chief executive officer of The Network, stated that, “This year's benchmarking report provides organizations with a resource to compare their results to those of similar industries and determine what changes need to be made in their programs in order to further reduce fraud and promote change."

    Link: Benchmarking Report Finds That Overall Incident Reporting on the Rise

  • Beasley Moderates Discussion Between Senator Sarbanes and Representative Oxley

    July 30, 2012

    Mark Beasley, Deloitte Professor of ERM at NC State, moderated a live discussion between former Senator Paul Sarbanes and Representative Mike Oxley on July 30, 2012, which marked the 10th anniversary to the day of the signing by President Bush of the Sarbanes-Oxley Act of 2002. Senator Sarbanes and Representative Oxley provided insights about the legislation and their assessments of the effectiveness of the Act, and they shared thoughts about visions for the future. Watch the Historic Discussion.

    Link: Beasley Moderates Discussion Between Senator Sarbanes and Representative Oxley

  • Community Banks Should Look to Enhance Risk Management Practices

    July 25, 2012

    An emphasis continues to be placed on risk management practices at financial institutions. According to experts, risk management programs will eventually be mandatory at smaller community-based financial institutions as well. Comptroller of the Currency Thomas Curry said in a May 16th speech that, “"While this latest scrutiny is focused on the large national banks, it should serve as a key indicator to community-based financial institutions across the country. If they have not created enterprise risk management programs, they need to start immediately.” It was asserted that operational risk now outweighs credit risk as a major concern for banks and regulators, and an effective ERM program will help mitigate this.

    Link: Community Banks Should Look to Enhance Risk Management Practices

  • Complex Hybrid Clouds Shift Focus to Systemic Risk

    July 25, 2012

    The hybrid cloud will become the norm, as the need for integration between standalone enterprise cloud systems continues to increase. According to an article in CFOWorld.com, contributing factors of this demand include: consistency of user experience between systems, elimination of data silos and enterprise reporting across disparate systems. Gartner states: "Cloud consumers should budget for additional integration costs which can range from 10 per cent to 30 per cent — and sometimes as high as 50 per cent — of the total cost of cloud IT projects." However, CFO’s must be aware that the complexity of a hybrid cloud results in a shift from IT technical risk to systemic risk. Managing a combination of technologies, platforms and solutions becomes harder, so the systemic risks of the overall cloud ecosystem needs careful consideration instead of relying on individual technical risks.

    Link: Complex Hybrid Clouds Shift Focus to Systemic Risk

  • Stabilizing Financial Markets Must Consider Environmental, Social and Government Shifts

    July 24, 2012

    As global business, political, and regulatory leaders seek to stabilize financial markets in this post-crisis era, they can no longer merely focus on classic economic considerations. Shielding the economy from volatility can no longer involve ignoring emerging sources of instability, such as environmental, social, and governance shifts on the horizon, according to a joint report released by the UNEP Finance Initiative, the International Institute for Sustainable Development, and the Blended Capital Group. This report suggests that post-financial crisis efforts must be extended to focus more on unconventional, long-term financial risks, such as climate change, resource depletion, and social upheaval. These must be better managed to help shield the economy from volatility. The report also identifies six priority areas that have been in the sights of regulators in recent years but remain large threats, and suggests that a more holistic risk analysis in these key areas of finance can be achieved.

    Link: Stabilizing Financial Markets Must Consider Environmental, Social and Government Shifts

  • Social Media Increases Need for Improved Risk Management

    July 19, 2012

    The increasing popularity of social media is creating areas of concern for employers in terms of risks of privacy, confidentiality and employee loyalty. While social media presents advantages for business leaders, the potential risks that arise may far outweigh the advantages. The easy sharing of information and instant communication may inadvertently disseminate confidential proprietary information, and social media is blurring the lines between business and personal boundaries. To address this growing risk concern, organizations are expanding their consideration of risks related to social media and managing that risk through training and education for employees about their conduct and limitations related to social media communications. Read more

    Link: Social Media Increases Need for Improved Risk Management

  • FSOC Identifies Clearing Agencies as Top Threat to Financial Stability

    July 18, 2012

    In its annual report to Congress, the Financial Stability Oversight Council (FSOC) – created as part of the Dodd-Frank Act - summarized its assessment of the largest threats to the United States financial stability. According to the report, cybersecurity is a significant threat and the report designates eight financial market utilities as “systemically important,” and requiring stricter oversight. These mostly consist of clearing agencies overseen by the Securities and Exchange Commission and the Commodity Futures Trading Commission. Clearing agencies facilitate the confirmation and settlement of trades of financial instruments and the transfer of funds underlying the trade. The Council has called for the SEC and the CFTC to consider adopting regulations and “risk-management standards for exchanges, clearing firms and other market participants that are relevant for a high-speed trading environment.”

    Link: FSOC Identifies Clearing Agencies as Top Threat to Financial Stability

  • Leading a Risk Team

    July 17, 2012

    Despite the attempts by many organizations to strengthen their risk oversight efforts, often their risk management processes still miss the mark. Unfortunately, many attack the challenge by focusing on pockets of risks, such as insurance, compliance, and fraud prevention, and they fail to focus on those risks most likely to impact the value of the business: strategic risks. Furthermore, some organizations have over-complicated their risk oversight processes by focusing on a form-over-substance approach to what they are trying to achieve. A recent article in CFO.com highlights ways to increase the relevance of a risk management program.

    Link: Leading a Risk Team

  • Pondering Creation of a Board Risk Committee?

    July 17, 2012

    For most boards of directors, the audit committee has assumed responsibility for managing the board’s risk oversight processes. With the new Dodd-Frank requirement for larger financial institutions to create board-level risk committees, even boards outside the banking industry are evaluating the creation of a risk committee. There are uncertainties as to the advantages and disadvantages of creating risk committees. A recent Deloitte publication provides answers to many of these questions to help organizations consider whether board-level risk committees are best suited for them.

    Link: Pondering Creation of a Board Risk Committee?

  • Preparing for a Corporate Crisis Before Significant Risks Materialize

    July 17, 2012

    Now is the time to prepare your organization's strategy for managing through a major corporate crisis before a risk event materializes. A recent article from Practical Law The Journal offers boards of directors and management guidance on preparing and responding to a corporate crisis. A lack of proper planning can make both managing crisis situations more difficult and possibly lead to more damage. The article discusses five steps the board and management can adopt to better prepare for a crisis once a significant risk event materializes. A strong board culture is also highlighted as an important factor in responding to a crisis. Strategies are offered for promoting an effective board culture.

    Link: Preparing for a Corporate Crisis Before Significant Risks Materialize

  • Program Created to Address Weather-Related Losses

    July 13, 2012

    Some experts believe that too many organizations are naively ignoring risk exposures related to weather related events. In response to a lack of companies that actively respond to weather-related losses, a group of cross-industry sector companies recently created the Partnership for Resilience and Environmental Preparedness (PREP) program to take action on the economic impact of climate change. PREP, a one-year pilot program addressing the potential impacts of climate change on businesses, their supply chains and their surrounding communities, has developed Business ADAPT, a five-step program to help the business community identify bottom-line threats and emerging climate-related market opportunities. According to the article, the Business ADAPT strategy is meant to help businesses cope with future events on par with the 2011 Texas drought that drained the U.S. agricultural sector of $7.6 billion and cut earnings for clothing manufacturers.

    Link: Program Created to Address Weather-Related Losses

  • Visionary Board Leadership Needed to Strengthen Risk Oversight

    July 12, 2012

    Recent corporate governance debacles involving organizations such as JP Morgan Chase and Duke Energy highlight the need for critical evaluation of the visionary nature of board leadership. A recent report from CFA Institute, Visionary Board Leadership: Stewardship for the Long Term, seeks to change the historically short-term thinking of publicly-traded companies by offering steps to build a visionary board that promotes long-term thinking and restores confidence to investors globally. Steps to build a visionary board deal with issues concerning: quarterly earnings practices, shareowner communication, strategic direction, risk oversight, executive compensation and corporate and board culture. According to the article, the CFA Institute urges Visionary Boards and Visionary Directors to be accountable for their role in actively eliminating corporate malfeasance.

    Link: Visionary Board Leadership Needed to Strengthen Risk Oversight

  • Cloud Computing and Risk Management

    July 09, 2012

    The recent Amazon Cloud Computing outage has caused some organizations to steer clear of embracing cloud computing options. However, some experts note that leaders should evaluate cloud computing strategies in a manner similar to how they evaluate other business strategies: through a risk management lens. Like other business strategies, cloud computing can lead to significant strategic opportunities that naturally come with risks that need to be managed. Risk management experts at remind us of the importance of analyzing strategic risks, such as cloud computing risks, by focusing on their underlying nature: preventable risk, strategic risk, or external risk. Each category of risk should be managed in a specific way with regard to business continuity. The article summarizes each of these categories and concludes that the Amazon cloud outage is more a reflection on poor planning and not a condemnation of cloud computing.

    Link: Cloud Computing and Risk Management

  • “Living Wills” Leave Important Questions Unanswered

    July 09, 2012

    Major U.S financial institutions have now developed “living wills” in compliance with the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. The regulatory intent behind living wills is to prompt the largest financial institutions to help officials understand how best to handle a potential failure without bringing down the financial system. A recent press article suggests that banks neglected to explain how cross- border assets and liabilities would be handled in different legal jurisdictions and the writer calls for the plans to be rejected. The article highlights how large international banks book their business in various jurisdictions, but ideally should be organized as separate legal entities with no cross-guarantees or other hidden ways of sharing assets and liabilities. Furthermore, living wills should be an opportunity for officials to force the global banks to simplify along national lines and to build up their equity capital.

    Link: “Living Wills” Leave Important Questions Unanswered

  • Volcker Rule versus Dimon Principle in Mitigating Systemic Risk

    July 06, 2012

    In examining whether more strict and formal rules are the only effective solution to contain too-big-to-fail financial institutions, a recent article in AmericanBanker.com compares the Volcker rule to the Dimon principle. While the Volcker Rule aims to strictly limit the amount of risky proprietary trading by banks, the author argues that it has been debated more than implemented. On the other side, the Dimon principle suggests that banks do not need complex rules and limits and can monitor and control trading risks on their own. The article goes on to compare the effectiveness of these solutions to notable events, including JP Morgan’s failed risk management oversight of the derivatives trades which clearly violated the Dimon principle

    Link: Volcker Rule versus Dimon Principle in Mitigating Systemic Risk

  • Systemic Risk Council to Provide Regulatory Certainty

    July 03, 2012

    Recent reports in late June have suggested the JP Morgan Chase’s original loss of $2 billion could actually total as much as $9 billion, which according to an article from AmericanBanker.com means that JPMorgan Chase continues operating a hedge fund inside the bank. It is hoped that the creation of the Systemic Risk Council (SRC) will help enable regulatory certainty. The article highlights several factors that suggest the SRC has a high probability for securing adoption of its goals. These factors include its influential chairwoman and members, as well as the council’s measurable, specific, applied goals.

    Link: Systemic Risk Council to Provide Regulatory Certainty

  • Risk Management Still Manual For Many Companies

    July 02, 2012

    Results from a recent poll by KPMG at recent governance and risk summit found that only 16 percent of respondents described their risk management processes as automated. While most of the respondents were from sectors heavily dependent on technology, 64 percent described their ERM programs as manual despite the availability of technologies to help manage risk. The results demonstrate that many companies still struggle with how to most effectively manage its risk monitoring methods. Furthermore, the use of IT can provide opportunities to better leverage data in order to gain a competitive advantage in risk management.

    Link: Risk Management Still Manual For Many Companies

  • Evidence About Value of Enhanced Risk Oversight

    July 01, 2012

    As organizations seek to strengthen their enterprise-wide risk oversight, some question the value of that kind of investment in risk infrastructure. Recent research highlights how companies with more mature risk management practices generated the highest growth in revenue, EBITDA and EBITDA/EV. The report analyzes how top financial performers do more than the basic elements of risk management, generally investing in twice the number of risk management capabilities relative to low performers. The report is organized in three sections: where companies want to drive results, what differentiates top performers, and how leading companies are turning risks into results.

    Link: Evidence About Value of Enhanced Risk Oversight

  • Increasing Percentages of Organizations are Embracing Enterprise Risk Management

    July 01, 2012

    Recent research conducted by faculty who lead the Enterprise Risk Management (ERM) Initiative at North Carolina State University reportss a steady increase in the percentage of organizations that claim to have "complete ERM processes in place," with larger organizations and publicly traded companies leading the way. The report, Current State of Enterprise Risk Management: Progress is Occurring but Opportunities for Improvement Remain, notes many organizations are embracing ERM due to "somewhat" to "extensive" pressure from external parties to provide information about risks. While the percentage of organizations embracing ERM is on the risk, the level of risk management sophistication still remains fairly immature for most responding to the survey. There may be opportunities for organizations to strengthen the connection between risk oversight and strategic planning, given that less than 20% believe that the organization's risk management process is a proprietary strategic tool.

    Link: Increasing Percentages of Organizations are Embracing Enterprise Risk Management

  • Benefit of Mature Risk Management Practices

    June 29, 2012

    Recent research performed by Ernst & Young revealed that organizations with greater risk management maturity outperform their peers financially. Mature risk management, according to the article, refers to companies that focus on strategic risks and have integrated their risk management activities, rather than simply automating its internal controls and managing compliance risks. The article highlights specific activities identified as being in the top 20%, based on risk management maturity, that were not present in the bottom 20%. These practices fall into four categories: setting risk strategy, embedding risk management, optimizing risk functions and improving controls and processes. Moving risk management practices up the maturity scale results in the opportunity to drive financial growth.

    Link: Benefit of Mature Risk Management Practices

  • U.S. Needs Better Enterprise Risk Management to Avoid Becoming the Next Eurozone

    June 29, 2012

    In a recent article from PropertyCasualty360.com, Doug Webster’s message from the World Risk Day virtual summit was highlighted. Webster, the president and co-founder of the Association for Federal Enterprise Risk Management (AFERM), stated that the U.S. federal government is filled with unmanaged risks and it must establish an adaptable ERM strategy to avoid becoming the next Eurozone. According to Webster, the federal government’s internal controls are only effective in a stable environment. However, in today’s volatile environment traditional internal controls may not be useful. “Bringing risk management and ERM explicitly into the decision-making process will enable more strategic discussion of where and how to improve value, instead of keeping strategy discussion behind closed office doors at the top level,” Webster states.

    Link: U.S. Needs Better Enterprise Risk Management to Avoid Becoming the Next Eurozone

  • The Risks of Management

    June 28, 2012

    Here’s a new twist to “risk management”: one of the most damaging risks an organization may face is “management” itself. A recent article in Disaster Recovery Journal highlights the realities of how management’s attitude and embrace of risk management approaches can undermine the organization’s effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise’s risk management strategies: management that ignores reasoned words, management that works against others’ efforts and management that is nonexistent in the execution of a plan.

    Link: The Risks of Management

  • Audit Committee Members Call for New Approach to Risk Oversight

    June 28, 2012

    Attendees at the 8th Annual Audit Committee Issues Conference hosted by NACD and KPMG’s Audit Committee Institute expressed continued concerns for audit committees related to governance processes, controls, and risk management, especially in light of new technologies, globalization, and changes to the business which are altering risks on a daily basis. Legacy approaches that audit committees have been using to oversee risks may no longer be effective and audit committees need to insist on more ongoing, substantive involvement by the board in strategy and risk management.

    Link: Audit Committee Members Call for New Approach to Risk Oversight

  • Assessing Risks of the Foreign Corrupt Practices Act

    June 28, 2012

    The alleged bribery scheme involving Wal-Mart’s Mexican subsidiary has moved concern about compliance with the Foreign Corrupt Practices Act (FCPA) back to center stage. A recent interview of the former Chief of the Fraud Section in the Department of Justice (DOJ) provides a number of insights about how cases are reviewed and evaluated by the DOJ and the impact that voluntary disclosures, corrective or remedial actions, and the design and implementation of compliance programs can have on an enforcement action. Some of the noted components of an effective risk management strategy related to FCPA violations include “risk-based diligence and oversight of key employees and third parties” and “free flow of information from the top down and bottom up about the risks the company faces.”

    Link: Assessing Risks of the Foreign Corrupt Practices Act

  • COSO Releases New Thought Paper:  Enterprise Risk Management for Cloud Computing

    June 28, 2012

    Link: COSO Releases New Thought Paper:  Enterprise Risk Management for Cloud Computing

  • Super Bowl Embraces ERM:  Lessons Learned

    June 28, 2012

    Imagine being responsible for managing risks related to the NFL Super Bowl. With the millions of viewers drawn to this event each year, one shudders to think about an event occurring that shuts down the game or postpones it for a period of time. For the 2012 game, the Host Committee decided to embrace enterprise risk management (ERM) principles to help coordinate all the silos of responsibilities being assumed by the staff and the thousands of volunteers involved. A recent article in Risk Management magazine highlights this experience and identifies a number of lessons learned that can be applied to all uses of ERM.

    Link: Super Bowl Embraces ERM:  Lessons Learned

  • C-Suite Desires Strategic Risk Management Approach

    June 21, 2012

    A recent study by the Risk and Insurance Management Society Inc. (RIMS), found that senior management of organizations are looking for a more strategic risk-management approach and they expect more strategic insights from risk managers. According to the survey, when questioned about the key abilities required to lead a company’s risk management, senior management indicated that they are looking for something beyond traditional risk management functions such as insurance, compliance, and internal audit. Two-thirds of C-suite members surveyed agreed the top requirement to lead risk management is an intimate knowledge of the company’s business and industry.

    Link: C-Suite Desires Strategic Risk Management Approach

  • Is ERM Relevant for Small Businesses?

    June 18, 2012

    Some believe enterprise risk management is something reserved for large complex organizations and not appropriate for smaller businesses. However, nothing suggests that small businesses are immune to risks. A recent article at HuffingtonPost.com argues that risk management is essential for organizations of all sizes, including smaller ones, and that it is never too soon in the life of a small business to think about and address these elements. The author outlines four categories that can be used to provide a framework to improve an organization’s focus on enterprise-wide risks: market risk, credit risk, operational risk and reputational risk. Each risk is defined and the article provides ways to identify and measure these risks. While managing these four risks is beneficial, it is recommended that small businesses consider adopting an enterprise risk management method instead of approaching risk management within silos.

    Link: Is ERM Relevant for Small Businesses?

  • Businesses Struggle to Manage IT Security Risks

    June 15, 2012

    Entities of all sizes are incredibly dependent on information technologies and, given the rapid evolution of those technologies, they face an ever-changing portfolio of IT-related risks. Results from a recent survey reported in InformationWeek's 2012 Strategic Security Survey highlight several concerns related to IT risk management. Notable survey results include: 39 percent have difficulty enforcing IT security policies, 34 percent have trouble with preventing data breaches from outside attacks, and 21 percent of IT departments still struggle with meeting regulatory compliance requirements. Furthermore, the security risks that organizations should consider are often ignored. A recent article about the survey reported by Midsizeinsider.com suggests that businesses focus on possible security weaknesses in their organization and look for ways to customize their current security systems to prevent an attack, rather than practice emergency triage after an invasion.

    Link: Businesses Struggle to Manage IT Security Risks

  • Assessing and Managing Risks Related to Intangible Assets

    June 14, 2012

    Given that intangible assets correspond to roughly 80 percent of the value of today’s corporations, it is essential companies improve risk governance practices concerning intangible assets to mitigate against the related risks. In an article from Corporate Finance Review, the authors discuss the evolution of ERM and recommend changes to the management of intangible assets as a way of enhancing enterprise value. In addition, key elements of an ideal oversight system are reviewed.

    Link: Assessing and Managing Risks Related to Intangible Assets

  • Articulating Risk Appetite:  A Credit Union Perspective

    June 08, 2012

    A recent article in InsuranceNewsNet.com outlines critical aspects of a board’s involvement in risk oversight, including the articulation of risk appetite and the sharing of leadership responsibilities related to the embrace of ERM within the organization. While the context of the article focuses on credit unions, the points made are useful in other industries as well. For example, the article describes the importance of engaging in CEO and board of director discussions about the amount of risk the entity is willing to take among different elements of risk in order for the CEO to have a clear picture of what the board expects. The advantages of an ERM committee and utilizing scenario planning are also discussed.

    Link: Articulating Risk Appetite:  A Credit Union Perspective

  • RMA’s Enterprise Risk Management Council Discuss Stronger Risk Management

    June 06, 2012

    Kathleen A. Flannery, the chief risk policy officer at PNC Financial Services Group, emphasizes that companies today need to maintain a strong ERM framework that evolves as an institution's portfolios change. Given that regulators now have higher expectations for risk management, a “strong” risk management program needs include a strong risk culture and a highly effective risk management organization. One way PNC maintains “strong” risk management is by periodically assessing its risk appetite to ensure it still holds true and can be applied across the entire enterprise. RMA's Enterprise Risk Management Council is currently developing a series of workbooks to help smaller institutions achieve strong risk management. The Risk Appetite Workbook, for example, will provide a practical approach for financial institutions seeking to determine the types of risks they want to mitigate.

    Link: RMA’s Enterprise Risk Management Council Discuss Stronger Risk Management

  • Further Risk Oversight Needed by Bank Boards

    June 06, 2012

    With all the events affecting the banking industry not only in the U.S. but also abroad, more attention is being placed on the role boards of directors should be playing to oversee risks affecting financial institutions. Ultimate responsibility of the board is to oversee management, and the board’s ability to do so is dependent on their own risk management skills and experiences. In a recent speech, a senior executive of the Federal Reserve Bank of New York calls for boards of banks to do more to have a clear understanding of the risks the bank is assuming. Signals, such as “excessive” profits in a business segment, should prompt boards to examine more closely the risks that the bank may be taking on in pursuit of those returns. Banking regulators are working more closely with bank boards to improve their risk oversight.

    Link: Further Risk Oversight Needed by Bank Boards

  • Systemic Risk Council Formed

    June 05, 2012

    Sheila C. Bair, the former chairwoman of the Federal Deposit Insurance Corporation, recently announced the formation of the Systemic Risk Council, which will monitor and encourage regulatory reform. According to an article in the NYTimes.com, the new group is expected to begin issuing reports quickly and its members will include a long list of former regulators and officials from both political parties. In forming this new organization, Ms. Blair asserted, “We need a more effective and efficient early-warning system to detect issues that jeopardize the functioning of U.S. financial markets before they disrupt credit flows to the real economy.”

    Link: Systemic Risk Council Formed

  • Managing the Risks Related to Mobile Banking

    June 04, 2012

    As more institutions offer mobile financial services, a proactive program in place to address those related risks becomes crucial. In a recent article from BankInfoSecurity.com, Bank of America’s Keith Gordon discusses the increasing risks of mobile banking and steps his company is taking to anticipate and stop mobile attacks. Gordon, who oversees authentication and security strategies for Bank of America's consumer online and mobile banking units, notes that a great concern is mobile payments and how fraudsters are striking when the money leaves the bank. Gordon leads an emerging threats program to identify threats, both within the bank and with other institutions outside financial services, to see what is happening in the marketplace that the general consumer may not know of. The team hopes to apply the threats they're seeing to their own environment and identify security gaps.

    Link: Managing the Risks Related to Mobile Banking

  • Executives Take on Enterprise Risk Management Post- Recent Crisis

    June 01, 2012

    A survey of 192 U.S executives conducted in the spring of 2012 revealed a significant finding that 91% of respondents “plan to reorganize and reprioritize their approaches to risk management in some form in the coming three years” Respondents made several recommendations to improve the efficiency of their ERM processes and to make it more of a valued strategic tool. This Deloitte thought paper outlines several key implications to strengthen enterprise-wide risk oversight. Because preconceived notions and lack of awareness of ERM knowledge can stagger the benefits that are to be reaped, this thought paper is designed to spur thinking and dialogue to help executives to be better equipped to understand and implement effective ERM strategies.

    Link: Executives Take on Enterprise Risk Management Post- Recent Crisis

  • Risk Appetite: A Conversation of Governance

    June 01, 2012

    Managers often view risk appetite as a highly theoretical concept: one that is determined instead of discussed, irrelevant instead of practical, or static instead of adaptive. This paradigm is due to the notion that risk appetite reflects a short term risk philosophy of the company, and that risk appetite is congruent with risk tolerance. This Protiviti white paper discusses the importance of developing and maintaining a risk appetite statement as well as using it to spur conversation between management and the board of directors in the governance process. Read More

    Link: Risk Appetite: A Conversation of Governance

Custom Enterprise Risk Management Initiative Executive Education Training