Articles in category: Governance & Risk
Using learning programmes to bridge the gap between knowing and doing. Most organisations have an understanding of what risk management is and why it is important. Some have expended considerable effort in developing and fine-tuning their risk management and governance infrastructure and programmes. However, many organisations are still struggling to realise the tangible benefits...(Read Full Article)
Risk in all its forms is inherent in business, – the preventable risks such as unplanned production downtime or internal fraud, strategic risk such as betting the company on an unproven technology or external risks that are largely beyond our control, but which we should always recognize and take into account in our long range … Continue reading →(Read Full Article)
The latest has the title of Shaping the Risk Oversight Agenda and includes a list of 10 questions board should ask as they consider their oversight of risk management in 2013.(Read Full Article)
In a recent interview I was asked, “what is mobile GRC, and how does it help?” Afterwards, I realized that I had underestimated the potential impact of mobility on governance, risk, and compliance. Years ago, Marshall McLuhan, an early prophet of the electronic age, coined the phrase “the medium is the message.” Many scholars have attempted to interpret this rather enigmatic phrase. My view is that the interpretation is simple and the implications profound.(Read Full Article)
Gene Kim, together with Kim Behr and George Spafford, have published a fun read: “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win“ I strongly recommend signing up for their whitepapers and can tell you that I enjoyed reading the book..(Read Full Article)
A new book called “The Phoenix Project. A Novel About IT, DevOps, and Helping Your Business Win” is a short novel about a fictional company that is much more dependent on IT than the executives understand. When IT starts to go south, so does their business. It’s the story of the different players across IT and the C suite as they work to right the ship and create resilience across the enterprise. The real triumph in this book is that it can be read and understood by both IT and non-IT executives.(Read Full Article)
PwC have published an excellent guide for boards that merits reading not only by board members but also by all those responsible for management of IT, risk management, and internal audit.
Directors and IT: What Works Best suggests a six-step process, what they refer to as an IT Oversight Framework, that I believe should be effective for the majority of organisations(Read Full Article)
SAP announced the SAP Incident Management rapid-deployment ERP solution, which helps customers avoid dangerous and costly workplace accidents. For companies today, reducing incidents that can have a devastating impact on people, profits and the environment is a priority.(Read Full Article)
Control effectiveness opinions are what we expect from auditors. But what does a control effectiveness opinion really tell us? None of us would conclude a glass is half full without knowing how big the glass actually is. The amount of liquid currently in a glass doesn’t tell you anything unless you know how much liquid the glass will hold. Similarly, control effectiveness opinions are often based on knowing only half the facts.(Read Full Article)
The survey showed that 88 percent of financial institutions believe they would lose their competitive edge, 79 percent believe their profits would decrease, and 54 percent believe risk would be increased, if they were operating poor models – for example, flawed or outdated models.(Read Full Article)
Years ago, I worked in a bank. I‘m sure the concept of a “register” came from a banker initially. Banks had registers for everything. One of my jobs was to keep the collateral register postings up to date.
When a customer opened a line of credit, they were required to pledge something, usually marketable securities, as collateral. I posted the collateral in the register and someone else placed the securities in the vault, where they’d stay and gather dust.(Read Full Article)
A new study from PricewaterhouseCoopers stresses the importance of understanding the risks associated with upgrading software systems.
The survey focused on how risk management and controls are integrated into the project effort and what are the lessons from the impact of those integrations. PwC said that the professional services firm strictly produced this survey to see what is happening within the marketplace and to see how organizations and C-suite executives view SAP systems.(Read Full Article)
In this data-driven culture of ours, cyber-crime is all too common and ERP systems are not immune. ERP systems can be attacked from outside the organization as well as inside, and these inside jobs are the easiest ones to overlook. Operating as an authorized user, an employee can obtain access to a storehouse of valuable information.(Read Full Article)
The greatest risk? The risk that the risk management program is insufficient to identify, evaluate and assess, and respond to all the potential effects of uncertainty as we strive to achieve or objectives. How many risk practitioners measure and report on the limitations of the risk management program? (And don’t tell me that everybody has perfect systems that will identify, promptly and accurately, and address appropriately all situations and events. I don’t believe it.)(Read Full Article)
Oversight Systems bucked the trend and decided that, when it comes to mobile BI, less is most definitely more. An interview with CEO Patrick Taylor on the new HTML5 app, Mobile Insights.(Read Full Article)
At a time when large capital projects are becoming more necessary as a path to growth in certain industries, they are also prone to a greater range of risks. Accenture believes that mastering capital project risk management will give companies involved in such projects increased capacity to minimize these risks and maximize the benefits. Accenture identifies the four foundations for attaining mastery of capital project risk management.(Read Full Article)
The Canadian Institute of Chartered Accountants has produced a variety of excellent board guidance on risk management and other topics. Their latest effort, written by John Caldwell, is A Framework for Board Oversight of Enterprise Risk. It does not meet, in my opinion, the CICA’s normal standard. I am concerned that Mr. Caldwell has defined risk purely from the downside and failed to consider the ability to seize opportunities to achieve or surpass objectives. Does this concern you as much as it does me?(Read Full Article)
LinkedIn’s latest blog post raises more questions than it answers. And does the company have the leadership it needs to respond effectively? LinkedIn has taken to its company blog to explain what it is doing to mitigate a data breach that led to 6.46 million account passwords leaking online. It’s believed the passwords were hashed but measures were not taken to bolster the algorithm’s security — a process known as ’salting’.(Read Full Article)
If you were on the board or in top management and asked the auditor about the results of their audit of an important area, would you be satisfied with a list of their findings? Or would you insist on their professional opinion of the adequacy of the controls in managing the risks?
Why should the board be satisfied with “our audit found these weaknesses” when they can be told “we found these weaknesses, but you don’t have to worry because overall the controls are adequate?(Read Full Article)
Modern IT departments must navigate through a multitude of dangers, everything from data breaches and insider threats to the proliferation of user-provisioned technologies and the growth of unstructured data. These risks can delay progress, result in data loss, or create significant challenges in managing the applications and data. Uncertainty is the only guarantee.(Read Full Article)
With an increasing number of challenges facing the finance organisation, now is the time to ensure your CFO and finance team have all the resources they require to navigate an ever-changing business environment. In this special report, you’ll learn more about how to transform your finance organisation to ensure that it can meet your business’s most pressing needs.(Read Full Article)
There is a renewed discussion of the CIO reporting relationships. It is a discussion that is sure to generate debate as who you report to is important both personally and professionally. The perceived increase in CIOs reporting to CFO’s is a topic that goes through this cycle much like call of Paul Revere in the American Revolution – the “The CFO’s are coming, the CFO’s are coming, to arms the CFO’s are coming.”(Read Full Article)
While I would hope that the CEO of a major technology firm (albeit a somewhat diminished firm in this case) does not have a copy of the root password, the idea of 'executive privilege' maybe needs to be rethought.(Read Full Article)