Category: Governance & Risk

While I would hope that the CEO of a major technology firm (albeit a somewhat diminished firm in this case) does not have a copy of the root password, the idea of 'executive privilege' maybe needs to be rethought.

After seeing several recent GRC projects, SAP Mentor Gretchen Lindquist of PwC shares some of her experiences. See why she now believes the solution has something for every SAP installation, large or small, public or privately held.

The recent financial crisis has changed the corporate landscape; today we live in a world of crowdsourcing and “doing more with less.” Cloud computing, social media, smartphones, tablet computers, and the thousands of apps that run on them are designed to do just that. All that sounds good on paper, but is there another side to this story? As a risk and compliance professional, I tend to focus on the risk aspect of each situation (yes that puts me in the minority, as most of the business world focuses

In September, I asked people to describe how they would explain the term GRC to their CEO if they met on the elevator. The results are in, and in this post I will discuss them – with no names or attribution.

SABMiller, the brewer of brands including Peroni, Foster's and Coors Light, has revealed how the Conficker virus caused it to lose £7.2 million in lost production. SABMiller's Chief Information Security Officer (CISO) Mark Brown made the revelation to illustrate how CISOs can demonstrate their value to the business beyond providing technical security. The Conficker worm was one of the most severe computer security problems in recent years. It took advantage of a vulnerability in Microsoft's software, infecting at least three million PCs, forming a massive botnet.

Hewlett-Packard CEO Leo Apotheker has been removed from his job and the HP board to be replaced by former eBay CEO Meg Whitman, after less than a year in post.

Threat levels are rising, however British businesses are generally not insuring themselves properly against e-crime risks, according to KPMG.

Corporate Governance Matters: A Closer Look at Organizational Choices and Their Consequences is a book by David Larcker and Brian Tayan. I found this excerpt interesting and worthy of discussion. The first issue I have is with their definition of corporate governance. I find it too defensive: We define corporate governance as the collection of control mechanisms that an organization adopts to prevent or dissuade potentially self-interested managers from engaging in activities detrimental to the welfare of shareholders and stakeholders. At a minimum, the monitoring system consists of a board of directors to oversee management and an external auditor to express an opinion on the reliability of financial statements. In most cases, however, governance systems are influenced by a much broader group of constituents, including owners of the firm, creditors, labor unions, customers, suppliers, investment analysts, the media, and regulators.   Surely, it is not just a monitoring system, designed to protect the shareholders and stakeholders from the evil management might inflict on their asset!  This is the OECD definition, which I prefer: A set of relationships between a company's management, its board, its shareholders and other stakeholder. Corporate governance also provides the structure through which the objectives of the ...