-
Popular Articles
Virus cost SAB Miller £7.2 million
Lessons Learned from Sap Grc Projects
LinkedIn's response to password breach raises troubling questions
Does Your Internal Audit Function Really Provide Assurance?
“The opposite of information overload”
Risk Management of Capital Projects
Why Are Risk Managers and Consultants Consumed By The Negative?
The Relationship Between Corporate Governance and Organizational Performance
-
Articles in category: Governance & Risk
Why I Hate the Term GRC
GRC is the most worthless term in the vendor lexicon. Vendors use it to describe whatever they are selling and Gartner clients use it to describe whatever problem they have. For seven years I have battled this monolithic term and I fear I’m losing the battle. The alternative is to try to bring some clarity to its usage by defining some boundaries. Here is our published GRC definition, which I like: GRC is neither a project nor a technology, but a corporate objective for improving governance through more-effective compliance and a better understanding of the impact of risk on business performance.
(Read Full Article)
Developing Enterprise Risk Intelligence
Using learning programmes to bridge the gap between knowing and doing. Most organisations have an understanding of what risk management is and why it is important. Some have expended considerable effort in developing and fine-tuning their risk management and governance infrastructure and programmes. However, many organisations are still struggling to realise the tangible benefits...
(Read Full Article)
As the world gets riskier, it’s time to wake up to risk management
Risk in all its forms is inherent in business, – the preventable risks such as unplanned production downtime or internal fraud, strategic risk such as betting the company on an unproven technology or external risks that are largely beyond our control, but which we should always recognize and take into account in our long range … Continue reading →
(Read Full Article)
Risk Management: Questions The Board Should Be Asking
The latest has the title of Shaping the Risk Oversight Agenda and includes a list of 10 questions board should ask as they consider their oversight of risk management in 2013.
(Read Full Article)
Why Mobile Does Matter to GRC
Explore The Decision Factor Blog
In a recent interview I was asked, “what is mobile GRC, and how does it help?” Afterwards, I realized that I had underestimated the potential impact of mobility on governance, risk, and compliance. Years ago, Marshall McLuhan, an early prophet of the electronic age, coined the phrase “the medium is the message.” Many scholars have attempted to interpret this rather enigmatic phrase. My view is that the interpretation is simple and the implications profound.
(Read Full Article)
Mentions: SAP
A Fun Read for IT Operations, Governance, Risk, And Audit Professionals
Gene Kim, together with Kim Behr and George Spafford, have published a fun read: “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win“ I strongly recommend signing up for their whitepapers and can tell you that I enjoyed reading the book..
(Read Full Article)
Mentions: Amazon
When IT Fails, A New Book on DevOps and IT Risk
A new book called “The Phoenix Project. A Novel About IT, DevOps, and Helping Your Business Win” is a short novel about a fictional company that is much more dependent on IT than the executives understand. When IT starts to go south, so does their business. It’s the story of the different players across IT and the C suite as they work to right the ship and create resilience across the enterprise. The real triumph in this book is that it can be read and understood by both IT and non-IT executives.
(Read Full Article)
Board Oversight Of IT And Technology
PwC have published an excellent guide for boards that merits reading not only by board members but also by all those responsible for management of IT, risk management, and internal audit.
Directors and IT: What Works Best suggests a six-step process, what they refer to as an IT Oversight Framework, that I believe should be effective for the majority of organisations
(Read Full Article)
Mentions: SAP
SAP Helps Customers Avoid Incidents and Achieve Safer, More Sustainable Operations
Explore ERP Software Selection
SAP announced the SAP Incident Management rapid-deployment ERP solution, which helps customers avoid dangerous and costly workplace accidents. For companies today, reducing incidents that can have a devastating impact on people, profits and the environment is a priority.
(Read Full Article)
Mentions: SAP
Myths in Risk Management: Control Effectiveness — Is the Glass Half Empty?
Explore The Decision Factor Blog
Control effectiveness opinions are what we expect from auditors. But what does a control effectiveness opinion really tell us? None of us would conclude a glass is half full without knowing how big the glass actually is. The amount of liquid currently in a glass doesn’t tell you anything unless you know how much liquid the glass will hold. Similarly, control effectiveness opinions are often based on knowing only half the facts.
(Read Full Article)
Financial Models Bog Down In Corporate Bureaucracy
The survey showed that 88 percent of financial institutions believe they would lose their competitive edge, 79 percent believe their profits would decrease, and 54 percent believe risk would be increased, if they were operating poor models – for example, flawed or outdated models.
(Read Full Article)
Myths in Risk Management — Can Risks Be Registered?
Years ago, I worked in a bank. I‘m sure the concept of a “register” came from a banker initially. Banks had registers for everything. One of my jobs was to keep the collateral register postings up to date.
When a customer opened a line of credit, they were required to pledge something, usually marketable securities, as collateral. I posted the collateral in the register and someone else placed the securities in the vault, where they’d stay and gather dust.
(Read Full Article)
Fresh Thinking on Risk Culture
The Institute of Risk Management (IRM) has published two documents on Risk Culture. The first is a pamphlet-sized piece, “Under the Microscope: Guidance for Boards”, and the second is a much longer and detailed document for practitioners.
(Read Full Article)
PwC: Businesses wanted automated risk controls but should be wary
A new study from PricewaterhouseCoopers stresses the importance of understanding the risks associated with upgrading software systems.
The survey focused on how risk management and controls are integrated into the project effort and what are the lessons from the impact of those integrations. PwC said that the professional services firm strictly produced this survey to see what is happening within the marketplace and to see how organizations and C-suite executives view SAP systems.
(Read Full Article)
Mentions: San Francisco SAP Cisco
Protecting Your ERP System from Cyber-Crime
Explore ERP Software Selection
In this data-driven culture of ours, cyber-crime is all too common and ERP systems are not immune. ERP systems can be attacked from outside the organization as well as inside, and these inside jobs are the easiest ones to overlook. Operating as an authorized user, an employee can obtain access to a storehouse of valuable information.
(Read Full Article)
Mentions: Oracle
The Greatest Risk Overlooked By Risk Practitioners
The greatest risk? The risk that the risk management program is insufficient to identify, evaluate and assess, and respond to all the potential effects of uncertainty as we strive to achieve or objectives. How many risk practitioners measure and report on the limitations of the risk management program? (And don’t tell me that everybody has perfect systems that will identify, promptly and accurately, and address appropriately all situations and events. I don’t believe it.)
(Read Full Article)
“The opposite of information overload”
Oversight Systems bucked the trend and decided that, when it comes to mobile BI, less is most definitely more. An interview with CEO Patrick Taylor on the new HTML5 app, Mobile Insights.
(Read Full Article)
Mentions: SAP
Risk Management of Capital Projects
At a time when large capital projects are becoming more necessary as a path to growth in certain industries, they are also prone to a greater range of risks. Accenture believes that mastering capital project risk management will give companies involved in such projects increased capacity to minimize these risks and maximize the benefits. Accenture identifies the four foundations for attaining mastery of capital project risk management.
(Read Full Article)
Why Are Risk Managers and Consultants Consumed By The Negative?
Explore The Decision Factor Blog
The Canadian Institute of Chartered Accountants has produced a variety of excellent board guidance on risk management and other topics. Their latest effort, written by John Caldwell, is A Framework for Board Oversight of Enterprise Risk. It does not meet, in my opinion, the CICA’s normal standard. I am concerned that Mr. Caldwell has defined risk purely from the downside and failed to consider the ability to seize opportunities to achieve or surpass objectives. Does this concern you as much as it does me?
(Read Full Article)
Mentions: SAP
LinkedIn's response to password breach raises troubling questions
LinkedIn’s latest blog post raises more questions than it answers. And does the company have the leadership it needs to respond effectively? LinkedIn has taken to its company blog to explain what it is doing to mitigate a data breach that led to 6.46 million account passwords leaking online. It’s believed the passwords were hashed but measures were not taken to bolster the algorithm’s security — a process known as ’salting’.
(Read Full Article)
Does Your Internal Audit Function Really Provide Assurance?
If you were on the board or in top management and asked the auditor about the results of their audit of an important area, would you be satisfied with a list of their findings? Or would you insist on their professional opinion of the adequacy of the controls in managing the risks?
Why should the board be satisfied with “our audit found these weaknesses” when they can be told “we found these weaknesses, but you don’t have to worry because overall the controls are adequate?
(Read Full Article)
Seeing Is Believing: Visualisation Improves Risk Management
Modern IT departments must navigate through a multitude of dangers, everything from data breaches and insider threats to the proliferation of user-provisioned technologies and the growth of unstructured data. These risks can delay progress, result in data loss, or create significant challenges in managing the applications and data. Uncertainty is the only guarantee.
(Read Full Article)
SAPinsider Special Report: Solutions for the CFO
With an increasing number of challenges facing the finance organisation, now is the time to ensure your CFO and finance team have all the resources they require to navigate an ever-changing business environment. In this special report, you’ll learn more about how to transform your finance organisation to ensure that it can meet your business’s most pressing needs.
(Read Full Article)
Mentions: SAP
Is your CFO qualified to oversee IT?
There is a renewed discussion of the CIO reporting relationships. It is a discussion that is sure to generate debate as who you report to is important both personally and professionally. The perceived increase in CIOs reporting to CFO’s is a topic that goes through this cycle much like call of Paul Revere in the American Revolution – the “The CFO’s are coming, the CFO’s are coming, to arms the CFO’s are coming.”
(Read Full Article)
1-24 of 32 // 1 2 »
RSS Feeds
Recent Comments