Liz Andrews 2700041WEU firstname.lastname@example.org | | Tags:  risk-management risk_management risk-analytics risk financial-risk | 0 Comments | 1,368 Visits
Many of our GRC members may not be familiar with TH!NK, Algorithmics, an IBM Company’s semi-annual magazine exploring the world of financial risk management. However, the June 2012 issue has something for everyone - and is centered on the perspective that to successfully identify and respond to the economic challenges of our times, we must seek a balance between learning from the past and developing the solutions of the future.
You will find in this issue articles that seek to explore this balance between past wisdoms and new possibilities, like our cover story “Back to the Future,” which revisits capital and its role in the bank of tomorrow. In our latest “In Conversation” piece, IBM’s Brenda Dietrich serves as our first IBM contributor to TH!NK, discussing how research and new data systems are changing the way we think about information. Other articles explore some of the most pressing topics in financial services, such as the interconnectivity of risk on the Buy Side or the very real trading benefits to a bank in establishing a CVA desk. As always, TH!NK seeks to build insight and linkages across seemingly disparate realms – such as social media and financial risk management, which as you will read, may not be so disconnected after all.
I encourage you to "flip through" this valuable resource - and please visit our Discussion Forum if anything in particular piques your inte
Richard Steinberg 270004HRBG email@example.com | | Tags:  openpages education risk-analytics compliance risk-management risk | 0 Comments | 1,594 Visits
You may remember hearing about problems with the College Board, which owns the SAT, and the Educational Testing Service (ETS), which administers the tests. In the recent SAT cheating scandal the College Board and ETS were accused of having lax security and a system that failed to punish cheats. But problems go back further, when a couple of years ago the SAT has serious issues with incorrect scoring of tests. And media reports speak to extensive incorrect scoring and losing test results in England in 2008, with the UK Parliament calling their operation a "shambles." And as far back as 1983 cheating was suspected in California. For details you may want to refer to my blog posting of November 2011, which includes analysis of what the accused organizations did, or rather didn’t do, to right the wrongs.
Well, we now find another player in this industry accused of wrongdoing. Princeton Review, which provides help to students in preparing for college entrance exams and sells study guides, finds itself accused of defrauding the federal government. An arm of the company that provides after-school tutoring to students at troubled schools is said to have falsified records – including forging student signatures, falsifying sign-in sheets, and making false certifications – in order to boost payments due the company. Relevant is that the company was informed of these allegations back in 2006, but prosecutors, who are now suing, say the fraud continued as nothing was done to fix the system. For what it’s worth, Princeton Review reportedly closed its tutoring division and says most of its current management joined the company after the alleged fraudulent activity took place.
But what’s striking is how the few players comprising this industry have had serious problems – not only in allowing fraud to occur, but also in failing to act in the face of wrongdoing. And this is an industry supposedly driving high academic standards! Yes, we know academic institutions are not immune to misconduct, but we can wonder how these industry players each went so very wrong. And food for thought – do we see other industries with an inordinate number of companies experiencing widespread instances of non-compliance, fraud or other misconduct? And what does that say about the culture not only of the individual organizations, but the industry as a whole? Hmmmm.
Richard Steinberg 270004HRBG firstname.lastname@example.org | | Tags:  openpages erm risk itg it-risk coso risk-management | 0 Comments | 1,501 Visits
If you haven't already seen it, it's worth a look – The Committee of Sponsoring Organizations of the Treadway Commission just published a thought paper dealing with risks related to cloud computing. It leverages off COSO's enterprise risk management framework, speaking specifically to issues surrounding hosted services delivered over the internet. The paper is geared not to the techie, but rather to management level personnel who need to understand not only the benefits, but also the associated risks. The paper briefly outlines the many benefits of cloud computing, including greater technology value at lower cost, faster speed of deployment, common technology platforms, reduced need for support personnel and related expenditures, and environmental benefits.
Naturally, most of the focus is on the risks. These include the strategic – with lower barriers of entry for new competitors and related challenge to current business models – and dependency on cloud service providers which in turn drives legal and related risks. Others include lack of transparency, reliability and performance issues, security and compliance concerns, and elevated risk of cyber attack or data leakage. The paper also deals with issues inherent in moving to the cloud, such as the extent to which management considers the impact on the company's organization and IT and other personnel resources, noting "In many cloud scenarios, the organization no longer has complete or direct control over technology and technology-related management processes. Management must determine if it has the risk appetite for the entire universe of potential events associated with a given cloud solution as some of these events extend beyond the organization's traditional borders and include some events that have an impact on the [cloud service provider(s)] supporting the organization."
The paper also discusses cloud issues in the context of COSO's ERM Framework's eight components, outlining how each can be addressed and used in evaluating cloud computing alternatives. It provides suggestions for dealing effectively with the more significant risks, and highlights key decisions to be made by senior management – as well as responsibilities of C-suite executives – and areas on which the board of directors needs to focus its attention. If your company is already in the cloud or considering going there, the paper is worth the read.
Osvaldo Jose Oliveira Menezes Rellegus TI 270004D4A7 email@example.com | | Tags:  grc isaca governança ojomenezes | 0 Comments | 1,332 Visits
Coloquemos neste espaço o papel dos profissionais de TI na atuação de GRC.
Podemos dizer que o GRC é recente (2005), e assim sendo, ainda há uma lacuna grande entre os estrategistas de negócio e a área de TI.
Uma coisa fica claro, com o GRC consegue-se administrar muito melhor os investimentos e os retornos sobre os investimentos em TI.
O trabalho para customização do CobiT junto ao Planejamento Estratégico é extenso.
Prezados colaboradores, vamos post
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Tags:  grc risk reporting ibm compliance fsr cognos regulatory solvency ii basel openpages | 0 Comments | 1,907 Visits
Convergence of Performance Management and Risk Management - Part 2
the increase of the Governance, Risk & Compliance maturity level at many of
my clients I see that clients start to realize the benefits of the integration
of GRC activities in their Performance Management cycle. Therefore a follow up
on my previous article around Risk Management and the convergence with
Let me share some insights on Risk & Performance Management initiatives that keep clients busy around Europe. The following 4 items came up in the last 3 months.
1. Cost control and process performance improvement give us the opportunity to embed controls in our process. Lessons learned from Six Sigma and Lean can give us guidance here.
2. How do I manage organizational and regulatory change and monitor the impact on business processes, policies and my risk and control framework?
3. Trending topic is emerging risks, am I able to identity risks that are coming to me over time?
4. Integrated Financial and Risk reporting, an excellent example of ‘Where Performance Management meets Risk Management’.
Cost control and Process improvements
Implementing and testing controls has become a huge cost for many organizations. That is why some of my clients are now looking for a way to reduce cost by embedding controls in their existing business processes. This goes hand in hand with the global initiative on cost reduction. While optimizing or even re designing core business processes internal controls are being embedded in the process. What I see is that the organizations that involve process owners and process contributors are most successful. This is an initiative that we have seen before in Lean Six Sigma projects. The only way to optimize processes and to reduce waste is to involve the process owners. Instead of increasing regulatory pressure we should seek a solution in this area in my opinion. Business cases around this have proven to be very successful and savings up to millions of Euros per year have been achieved.
Regulatory changes are a huge concern of many risk, compliance, legal and audit professionals. How can we monitor these changes and how can we understand the impact on our organization? Taking this together with the fact that policy management is changing from a ‘must do’ once a year to a continuous process tells us that an integrated approach to Governance, Risk & Compliance is necessary to drive performance. I come across clients that have a monthly Performance Report that shows how they derived business objectives from their policies and how they are performing on a compliance level to these objectives. What risks did they identify in this process and how will they respond to these risks? Organizations realize that they need to understand the correlation between processes, policies, regulations, business objectives, risks and controls and how they might impact each other. An integrated GRC view is the only way to face this challenge.
Emerging Risk Modelling
One of the trending topics among customers is Emerging Risks. Can we model risks that we see coming and can we follow up on risks that are getting closer or fading away? Analytical Risk modeling is an answer to this question. This also let you perform risk forecasting with different scenarios. Interesting question is how the increase of a risk exposure in an operating entity will impact my group level exposure? Risk Analytics, derived from the Performance Management area can help us answer these questions. A financial performance management cycle contains the exact same characteristics.
Integrated Financial and Risk performance reporting
Financial and Risk reporting are standard items in today’s Annual Reports, Tax statements, Management reports and Regulatory reports. The big question is how do I keep all of this information organized in such a way that I understand the source of the information, the transformation it has gone through, the owner of the information and most important when information changes at the last moment that all information output contains the latest version? No bigger reputational risk than sending out inconsistent information to stakeholders. Some organizations saw their share price drop with 25% due to inconsistent external reporting. One of my clients has implemented a solution that orchestrates all of these information sources with workflow capabilities and even XBRL output. From a risk perspective this is a great mitigation of your reputational risk and an excellent example of ‘Where Performance Management meets Risk Management’.
Blog post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM Europe
Twitter : http
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Tags:  value solvency cio risk ibv openpages insurance of institute ibm business it governance basel bank grc compliance | 0 Comments | 1,826 Visits
Impact of Big Data, Cloud, Mobile
and Regulatory Pressure on your IT Risk and Governance Model.
This 30% decrease was established by optimizing and
automating the risk process, end users are now able to complete the whole risk
cycle in one platform with risk identification, risk assessment, risk
management, risk reporting (real time!) and risk monitoring.
2. Customer decreased their manual IT control test
effort with 140 hours per week only for Segregation of Duties and access
management. This was done by automating control tests.
Blog post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM Europe
Twitter : http