This post first appeared on Risk Management Magazine. Read the original article. At its most basic, business is about numbers: revenues come in and expenses are paid. Some adding, some subtracting, and profits are realized. But what if the underlying numbers are imprecise? The result is a higher risk of an accounting restatement, an announcement (more…)

This post first appeared on Risk Management Magazine. Read the original article. A successful identity governance program answers the following questions: Who has access to what? Who should have access to what? And how is that access being used? Much of the identity governance landscape we see today stems from the late 1990s, when many (more…)

This post first appeared on GAO Reports. Read the original article. What GAO Found The electric grid faces significant cybersecurity risks: Threat actors. Nations, criminal groups, terrorists, and others are increasingly capable of attacking the grid. Vulnerabilities. The grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. (The (more…)

This post first appeared on Risk Management Magazine. Read the original article. As a theory, combining governance, risk management and compliance seems to make perfect sense, especially given Open Compliance and Ethics Group’s definition of GRC as “the integrated collection of capabilities that enables an organization to reliably achieve objectives, address uncertainty and act with (more…)

This post first appeared on Risk Management Magazine. Read the original article. Many promising enterprise risk management (ERM) programs are launched as a disciplined process for an organization to understand and address critical exposures. However, they often become difficult to maintain beyond the initial phases as key team members need to focus attention on their (more…)

This post first appeared on Risk Management Magazine. Read the original article. As the world’s highest-profile sporting event approaches, organizers must prepare for an ­evolving array of cyberthreats, from nation-state hackers to opportunistic cybercriminals.During the London 2012 Summer Olympics, technical staff logged 165 million individual cybersecurity-related events. Most were trivial things like login failures, but 97 (more…)

This post first appeared on Risk Management Magazine. Read the original article. For ski resorts, unsurprisingly, business has traditionally been confined to the winter season. But that began to change in 2014 with the enactment of the Ski Area Recreational Opportunity Enhancement Act, which expanded the services that could be offered in ski areas operating (more…)

This post first appeared on Risk Management Magazine. Read the original article. Contract review and negotiation is a crucial risk management task, but sometimes we must accept terms we do not like for any number of ­reasons. Perhaps the client refuses to make changes to their form of agreement. Maybe the project is critical to (more…)

This post first appeared on Risk Management Magazine. Read the original article. Working with third parties has become an essential part of business operations. Unfortunately, third-party risk management still receives insufficient attention, especially when it comes to data security. According to a study by the Ponemon Institute, the average company shares sensitive information with approximately (more…)