Category: Risk Management

Ten GRC Issues

The initial focus for a Governance, Risk & Compliance (GRC) program is to collect and disseminate information to stakeholders across the enterprise to enable early and systematic management of risk exposures and disclosures, and to prevent, detect, report and remedy violations for all applicable laws, regulations and policies. This is no small task. It entails automation of manual processing and elimination of redundancy and inconsistency in data and processes. Here is a list of the 10 most pressing GRC issues corporations are concerned with today:
1. Regulatory compliance (e.g., Solvency II, Dodd-Frank, Basel III, etc.).
2. Vendor supply chain (e.g., food, drug, medical).
3. Audit (detection of internal control weaknesses, potential violations of policy).
4. Enterprise risk management (both financial and nonfinancial, including brand reputation).
5. Fraud (financial crimes in medical, financial, government and other areas, including money-laundering).
6. Business continuity (disaster recovery from flood, storm, earthquake, terrorism, explosion, contamination).
7. Health and safety environment (e.g., cessation of operations when workforce would be at unmanageable risk).
8. Predatory and fair lending and financial reform.
9. Sustainability and green initiatives.
10. Privacy and information security.
When it’s time to choose a software solution to manage and automate data for GRC, ensure that it addresses operational risk management, policy management, the audit function, and business strategy planning and management. The emphasis beyond that base level of operational coverage is something that each organization will make based upon its needs, goals and risk appetite. GRC is the direction toward which all firms need to move to be successful and avoid the surprises that can cause them to cease operation or be acquired by a competitor (e.g., Enron, WorldCom, Lehman Brothers, Countrywide, New Century, IndyMac, Washington Mutual and Wachovia).

Dec 19, 2011 | 0 comments View Post

Five factors to measure your risk-bearing capacity

Five factors to measure your risk-bearing capacity

By Paul F. Nunes, Accenture | Published: December 13, 2011

There is no single number that represents a company’s risk-bearing capacity. A risk-bearing capacity analysis looks at these five dimensions individually and in interaction with one another to provide both qualitative and quantitative indicators of overall capacity, as well as currently employed and identified reserve capacity.
Financial strength – An aggregation of the firm’s financial measures and ratios such as cash flow at risk and debt equity. Traditional solvency parameters include leverage, credit rating, cash generation capabilities, trading multiples, earnings strength and diversification.

Management capacity – An evaluation of management processes and how they are employed to add value to the shareholder; a blend of credit rating, investment analysis and corporate governance analysis. Management capacity also covers leadership’s strategy execution and crisis resolution.

Competitive dynamics – Refers broadly to a company’s position in the marketplace relative to competitors and market trends.

Operational flexibility – Ability to react to market trends and developments while still maintaining strategic focus and financial continuity. Operational flexibility includes components such as production line switchability or alternative supply chain sourcing capabilities.

Risk management systems – Risk management systems include the people, technology, systems and processes that a company employs to identify, measure, mitigate and monitor its risk exposures and protect its solvency and stability. The protective dimension includes disaster recovery, business continuity planning and crisis management planning.

This article originally appeared in Outlook, an Accenture publication. Copyright 2010 Accenture. All rights reserved. Condensed and reprinted by permission.

Dec 14, 2011 | 0 comments View Post

New Rules For Businesses Accepting Credit Cards

The IRS has implemented new compliance requirements through Internal Revenue Code Section 6050W that will affect all merchants (including government and non-profit entities). Beginning in calendar year 2011, all merchants will be required to report gross payments received through debit or credit card transactions to the IRS on an annual basis. To verify this reporting, banks and merchant service providers will be required to provide both merchants and the IRS with Form 1099-K by January of 2012.

Sep 02, 2011 | 0 comments View Post

PCI Compliant?

What, exactly, does it mean to be PCI compliant?

With an increased number of security breaches, the Payment Card Industry (PCI) has made it mandatory for all merchants accepting cards issued by Visa, MasterCard, American Express, Discover, and JCB to make their systems PCI compliant.

PCI compliance involves implementing a set of 12 specific security requirements that protect credit card data and secure payment applications and PIN devices.

Regardless of your size or your number of monthly transactions, you must comply with these new PCI requirements or risk fines and removal from the credit card system.

Compliance focuses on securing networks, network monitoring, use of proper and up-to-date applications, as well as PIN transaction devices. It also requires annual validation via paperwork and Network Security Scans conducted by approved vendors.

Besides the fact that you must be PCI compliant in order to continue accepting credit and debit cards, doing so is also valuable from a legal perspective.

Just because the majority of companies suffering from security breaches and subsequent lawsuits are large conglomerates, it doesn’t mean that hackers won’t go after small businesses, causing you a glut of legal pain.

Though implementing security measures won’t give you 100% protection, it will significantly increase the odds of hacking. Additionally, it is a very powerful tool should you be hacked and face a lawsuit.

You will be able to point to your PCI compliance to demonstrate that you were not negligent in the handling of customer financial data, and that you were in accord with industry standards.

So if you’re not yet PCI compliant, hurry up and do it now. It’s for your own good.

Aug 04, 2011 | 0 comments View Post

No Social Security Checks Affects More Than The Elderly. Only Accountants Benefit.

by Webb Hubbell

President Obama tried to get Congress off the dime by saying come August the government may not be able to issue Social Security checks. Now I don’t believe this will ever happen. My bet is still a stop-gap solution with everyone pointing fingers and continuing to push the issue down the road. However, risk managers are paid to worry about such possibilities. So let’s just take one example, one the President has told the American people is a possibility, and run with it.

First, one month without checks would bring our economy to a halt. For the most part, recipients of SS checks spend the money as soon as the money hits the bank. If the money isn’t there grocers, landlords, and care takers don’t get paid. A huge monthly influx into the economy is shut down. Let’s look at one minor example go further. Millions of people receive SS Disability checks. What most people don’t understand is that almost all private disability policies provide that if the recipient receives SS the monthly private benefit is reduces by the amount of the SS payment. If SS Disability stops for even a month then for every individual who recieves both SS Disability and private insurance dollars the insurance companies are on the hook to their disabled customers for the monthly amount again. That means millions of dollars in cash must be used to pay policyholders who were off the books so to speak, causing cash flow problems for the insurance companies, restatement of balance sheets, and losses to shareholders.

This is just one possible repercution. Every major company in the country will be scrambling to put a number to the effect on their company our failure to pay the bills as they come due, will have. This is not just for the short term, if we default for one day, then every company, insurance company, bank, and business will forever have to footnote their balance sheet to compensate for future defaults. Once it floods, a piece of land is forever in the 100 year flood plain. Once the U.S. defaults it will forever be in the record book of once being in default, and individuals and countries will have to factor the likliehood again.

Look at the bright side of all this, one day of default will make the accounting industry’s year.

Jul 29, 2011 | 0 comments View Post

Surely It Won’t Come To That?

By Webb Hubbell

Daily we watch this giant game of chicken being played by both Republicans and Democrats in Congress and the President over raising the debt ceiling and the ever increasing budget deficit. Both sides appear to move and then step back, bob and weave like fighters, and wax philosophically blaming each other for the mess we are in. It’s great opera if it wasn’t so serious, and the fat lady has certainly not sung.

Meanwhile a different cast of characters are in high panic. They are called risk managers and they are employed throughout corporate America to help their employers identify, analyze, control and manage risk both from internal risks and external events. They have been around for a while in small numbers, but since Sarbanes – Oxley was passed, they have taken on a major role in corporate America. In fact the chief risk officer at Bank of America last year made more than the President of BofA.

What risk managers dislike is risk that is impossible to control, unpredictable, and is infinite in the number of outcomes that are possible. Their perfect storm may be about to occur, and the damage that might be imminent is immeasurable in size or duration. Imagine today’s emergency meeting – “Has anyone analyzed the effect on the company if they don’t raise the debt ceiling? It won’t come to that? We have a responsibility to prepare for it if it does? It won’t come to that? Are we prepared? It won’t come to that?”

My bet is that our leaders will come up with a short term solution, possibly just a short term extension of the debt limit and everyone will blame the other side for failure to reach a solution and go off campaigning for 2012. Meanwhile what happens when risk managers and their equivalents overseas see that Congress is incapable of working with the President, and simply decide they don’t want to play with us anymore. They take their chips to the bank and cash out. But surely, “It won’t come to that?”

Meanwhile our nation, like Rome, is burning. Our leaders define leadership as the ability to bicker and fight among each other and simply push problems down the road. We say we want to tackle our problems, but we never do. It is easier to blame somebody else than tell each other the truth. Meanwhile health care costs continue to skyrocket, people are living and working longer, medicine is making dramatic strides in longevity while we make no plans for a population explosion of older individuals, and the rest of the world is losing confidence in our ability to pay our bills. We have stopped “sticking to our own knitting” and “minding our own house.” In the areas of education, public health, and the environment we are lagging behind the rest of the world. We have failed to provide the opportunity for everyone who wants to work to be employed and earn a living wage, while our basic infrastructure crumbles.

Not one of these problems is impossible to repair or beyond our capabilities, but it is not time to punt again and hope for a miracle on defense. Or the voice of “surely it won’t come to that,” will change to ‘how did it happen?”

Jul 12, 2011 | 0 comments View Post

Charities — Cleaning House or House Cleaned?

By Webb Hubbell

Last week, nearly 275,000 charities had their non-profit status revoked, with the Internal Revenue Service releasing a list of non-profit groups that either failed to complete the required forms or had not submitted documentation for the last three years.

This represents about 17% of non-profits across the country, and although it is likely that a large portion of the de-listed organizations are no longer in existence this is a problem for more than just the charities that failed to do their paper work. What about the donors who may be continuing to fund de-listed charities? How do you determine your due diligence before making your contribution is still valid? Are long standing commitments still valid if a charity is de-listed? What about the nonprofit organizations that still exist, but have been de-listed? How do they get back non-profit status, and what do they do about contributions in the interim?

The one thing is certain is every non-profit better find out their status. If your charity is de-listed find out how do you get your status back and be prepared to answer your donor’s questions. I recommend hiring a professional like my friend Carlye Christianson to steer your charity out of “troubled waters.”Are you prepared to return donations? Can’t afford a professional, think again unless you are prepared to return donations.

If you have not been delisted, be prepared to prove your status to all potential donors. An old 501c3 letter would not do the trick if I were a substantial donor. Finally, if I am a contributor I want to know the current status of any recipient of my contributions, and if I get word that one of my donations went to a de-listed charity I recommend consulting with my tax advisor.

If your charity had its status as a nonprofit revoked, there may still be some time to file your paperwork. If your organization has annual gross receipts below $50,000, the IRS will allow you to apply for reinstatement before the end of 2012.

If you dodged the current bullet don’t think you are Scot-Free. Remember that, in all likelihood, you will need to file yearly forms with the IRS if you wish to maintain your tax-exempt status. The IRS is providing a bit of leeway given the recent changes in law, but next time you might have to go to greater lengths should your status as a non-profit be revoked.

Jun 21, 2011 | 1 comment View Post

Million Dollar Verdicts Continue Against Employers

By Webb Hubbell.

Time and time again when I was evaluating client’s exposure to risk, I would come across an employer or manager who thought employment related practices insurance was a waste of money and time spent on an employment practices audit was wasted time. “There employees were happy, they had anti-discrimination rules in the employee handbook, etc.,” they would argue. What happened to other employers wasn’t possible in their workplace. Here are a couple of companies who probably did have procedures in place but wish they took their risk manager’s advice more seriously.

• Wal-Mart was hit with an $187.6 million dollar verdict over meal breaks and rest breaks in Pa. While the $187.6 million verdict is probably one of the largest single verdict Wal-Mart has faced over meal breaks and rest breaks, Wal-Mart has previously agreed to pay about $640 million in damages in 2008 to settle around 60 other state and federal lawsuits over missed breaks, according to Bloomberg. Can your business afford to even defend a similar claim? Ask your independent insurance agent or risk consultant for help before you are sued, not after a judgment.

• What did Wal-Mart do wrong? Well, if all the facts in the complaint are true – and apparently a Pennsylvania jury thought they were – they were violating state law by encouraging employees to cut their meal breaks and not take their rest breaks. Many states have laws that require employers to give employees certain breaks throughout the work day. Not all of these breaks may be paid, and many states require only unpaid breaks. But, breaks are usually required – and must be given, otherwise employees can file suit.

• Ashley Alford sued Aaron’s in a sexual harassment lawsuit. The jury awarded her a verdict against the company to the tune of $95 million. Aaron’s Inc. is a national rent-to-own furniture store. This one plaintiff, Ashley Alford, a former employee, claimed that she suffered humiliating and degrading sexual harassment from the store manager at the branch where she worked, reports the New York Daily News.

Each month I continue to be amazed at the judgments that are reached in these type cases. Do not let this happen to you and your company.

Jun 15, 2011 | 0 comments View Post

Risk Management’s Razor

In the movie, Contact, Jodie Foster testifies before Congress that she is familiar with the scientific principle called “Occam’s Razor — “the simplest explanation is most likely the correct one.” Actually that summary is not an accurate portrayal of the principle, but its close enough for our purposes.

In Risk Management analysis, an Ockham’s Razor type principle might be “the more one knows about the business, the better you can advise your client.” It would certainly seem an obvious hypothesis that an expert in the field would be able to analyze your company’s risks better than a novice. However many a time, expertise in the field is not the same as expertise in Risk management principles. An expert about your business is likely to skip over the obvious and get to the “fine print” of your business. Where a risk manager who knows little about your business, but knows the principles or risk management, in the process of learning “just enough” about your business is very likely to “spot the obvious.” Where an expert can easily overlook the nuts and bolts because he is anxious to get inside the engine.

When considering employing a risk manager, you are usually looking for someone who can take a fresh look especially if the risk manager is well schooled in the principles of risk management. The expert in your business is less likely to listen to how your clock ticks. He already has that knowledge he/she thinks. The expert is schooled in your business not risk management.

Just food for thought.

Jun 08, 2011 | 2 comments View Post

Employment Handbooks — Risk Waiting To Happen

by Webb Hubbell

Is an employee handbook the company gave out on Day One a contract enforceable against the employer? When is the last time it was updated? Is it on the Company’s Intranet? Does it conflict with your Union Contract? If so, what controls. Does it matter if employee never received a copy? Is there disclaimer language in the handbook? Has every employee signed that they have read the handbook and had an opportunity to ask questions? The list of issues goes on and on, and what about the manager who says, “Since when, have we had a handbook?

At least thirty states will enforce terms stated in an employment handbook or personnel manual, reports the ABA Family Legal Guide. In most of those states, a copy of the handbook must have been distributed to the employee. What if you operate in multiple states, what law applies? What if the language isn’t specific. A promise like “all employees will be treated fairly” might not get enforced in court, since the terms are vague. But a promise like “employees will be fired only for just cause” can be a specific, enforceable promise.

If the employee handbook contains a clear disclaimer, courts will probably find no contract. So something like “this handbook does not create a contract, and can be changed or revoked at any time” will probably mean the handbook created no contract, reports the ABA Family Legal Guide.

How enforceable are the changes you make to the handbook once you realize it is a walking time bomb? The Arizona Supreme Court ruled in Demasse v. ITT Corp. (1999) that employers may not change employee handbooks or other personnel policies, under certain circumstances, unless the employees accepted the proposed changes and were compensated for the policy modification. Wow, imagine having to value changes you make to an employee handbook and pay the value out. Try running this by the CFO.

Maybe it is time you had that drink after work with that labor attorney who wants to do a little marketing. Bring the handbook with you, but not your wallet. He/she will be in it soon enough.

May 11, 2011 | 0 comments View Post

Checking Out the Groom — A New Perspective In Due Diligence

When I asked my prospective father-in-law for his daughter’s hand in marriage, he said yes, but before the “deal” was finalized he had me “checked-out.” For example, he called my former football coach to find out what type of person I was. He wanted to know not about my skills on the football field, but my character. I am sure there was more involved, but he admitted the conversation with Coach Broyles after several glasses of celebratory champagne. He was just doing his parental due diligence and engaging in what we now call risk management. (An older profession than one might imagine ).

When I practiced law lawyers would engage all the time in due dilligence before structuring a merger of two companies, a major financial loan transaction, or an aquisistion. Due dilligence was usually handled by the lawyers and at best they may ask for insurance certificates to make sure traditional coverages were in place, but a close examination of insurance policies and coverages was seldom part of a due diligence process.

Today, transactions are more complex and if you are representing the lender, or the successor company or acquiring company you might consider engaging a CRM (Cerified Risk Manager) or at least a trusted insurance specialist to assist your legal team in knowing what to ask for in their due dilligence efforts. A company or borrower’s insurance files may contain a treasure trove of information that may assist you in discovering “flies in the oinment” or “pigs in the poke.” Most lenders or aquiring companies specialize in evaluations, but dislike with a passion surprises. Insurance documents if one knows what to ask for may contain the “key” to a profitable loan or a write-off, a great acquisistion or a ‘loser.”

Workers Comp documents may disclose a health or workplace problem that needs further investigation. Loss runs may show excellent or poor management in place, surplus lines coverages may indicate a previous underwriting problem or an unusual issue not disclosed. The list is longer than Rapunzel’s hair. Lawyers are quick to welcome outside help when it comes to evaluating insurance coverage and other issues. At a minimum know what to ask for going into a transaction, a reluctance to satisfy a risk manager’s inquiries may raise a “red flag.”

I have never found a major lender or law firm who began working with a CRM who didn’t find their work beneficial and well worth the small expense. A little risk management may be the advantage you have been looking for.

Apr 26, 2011 | 1 comment View Post

Social Media Policy — Creating “A Silk Purse”

Why Me? You ask yourself, as you have been handed the assignment to draft your company’s “Social Media Policy.” You call your counterpart at another company asking for their policy to use for guidance and he responds, “We don’t have one yet, but send me yours when it is done.” You go online and any sample policy you find uses terminology you never have heard of, and couldn’t explain if asked. What do you do? Call your lawyer you met over martini’s last week, she said she was in IP, and gave you her number on a napkin. Her response, “the legal world is devoid of any concrete rules about the intersection of social media and the law. It’s a relatively new field and there is no case law yet of any substance, and yes, I would be happy to go out for dinner tonight.” Great you have a date with a girl you can’t remember what she looks like, and still where do you start.
This is a real and current problem for the business world, as the prevalence of social media can give rise to employer liability. The employer may not even know what “social media” is and find himself sued or at substantial risk when an employee breaks the law or causes an uncomfortable working environment.
It’s imperative to create a social media policy–guidelines that spell out what employees can and can’t do–at work and at home and with company technology.
When creating a social media policy, you can choose to address specific mediums, or simply create overall rules. Either way, it requires an understanding of the way employees use the internet–there are social networks, email, blogs, video services, message boards, and all related commenting.
According to Business Insider, any policy should include the following:
• Improper use of intellectual property on the company’s social media platforms, internet connection and computers.
• Use of both the company’s and customers’ private data.
• Disclosure of affiliation with company when acting on behalf of the business or speaking about it in a personal capacity.
• Proper advertising, including reminding third parties that they must make proper FTC disclosures when reviewing products in exchange for money or goods.
Also think about expanding your harassment policy to social media–even off-the-clock tweeting can lead to a hostile work environment for which you are responsible. Finally, run your draft policy by your children, you might learn more than you expected or even dreamed.
Related Resources:
• How to Draft a Company Social Media Policy (Outspoken Media)
• Small Business Social Media 101 (FindLaw’s Free Enterprise)
• Social Media 104: The Perils of Paid Reviews (FindLaw’s Free Enterprise)
• Can Employees Get Fired For Social Media Posts? (Chicago Employment Law Blog)

Apr 25, 2011 | 0 comments View Post

Transparency – Seeing Behind the Curtain

by Carlye Christianson

For a nonprofit, transparency is one of those ubiquitous concepts about which we hear, but one that we cannot quite understand what it means or how to achieve it. Transparency is an essential aspect of sound governance. It builds trust; it enables donors, service recipients and other constituents to make better decisions; and transparency encourages charitable giving.

Shortly after the passage of the Sarbanes Oxley Act of 2002, the discussion of transparency in nonprofits focused on addressing information concerning
• financial accountability and
• the cost and effectiveness of the mission and programs.

Increased interest in process has expanded the standards of transparency to include disseminating information as to
• how decisions are made and
• how information is communicated.

But the question remains: How to evaluate the quality of your communications for transparency. In large measure there are few objective measurements. One approach is to look at the information your organization provides on its website and in marketing materials to determine if you are:
• presenting all relevant information, and
• presenting the information in a way so that a donor can feel confident that all knowable and relevant information has been provided.

Posting the Form 990 and audited financial statements seems to be a minimum. But making the information accessible also must be supported by making the information understandable. Many people may need, or the information contained in the reports may dictate, a narrative of some aspect of the financials. This is especially true if there has been a significant change in revenues or expenses or reserves. So, if reserves were significantly diminished because of reconstruction in office space, add a paragraph. If revenues decreased by more than an expected level, explain what was taken into consideration in budgeting anticipated revenues. If fundraising expenses increased because of a capital campaign, address the issue. If space is being rented from a board member explain the process undertaken to ensure the rent being paid is appropriate.

Including brief biographic information on board members and senior staff leadership opens the door to donors or other constituents to know the people who are involved in the decision making processes.

Identifying the standards – objective or otherwise – used to determine whether a program is successful is an important piece of transparency. If your nonprofit provides services for the homeless and success is measured in the number of beds available, that information should be highlighted. If the success though is measured in terms of the number of people or families transitioned to permanent housing, that measure should be highlighted as well. Look at you website and your marketing material to ensure adequate information is provided so the reader knows the impact of your efforts.

In its March, 2011 publication, the Chronicle of Philanthropy printed an article by Bob Carlson of the Missouri Attorney General’s office. His office deals with complaints regarding nonprofits. He noted that lack of transparency, failure to disclose information and other related topics are at the source of more complaints than almost any other issue. The complaints are not a result of unmet expectations, but rather as a result of the absence of information. The vacuum created with a lack of information creates distrust.
“Transparency sheds light on an organization’s practices, and that enhances incentives for ethical, efficient and effective operations and facilitates oversight by the public and others.”

Interest in what is happening behind the scenes has never been greater than it is now. Take care in letting people see what’s behind the curtain.

Editors Note: Carlye Christianson is a leading expert in discrimination law and risk management for non-profit organizations. She writes, lectures, consults and trains nationwide. She is headquartered in the DC area. We are fortunate to have her as a new contributor and affiliated with our site. Look for more of her analysis in week’s to come. Carlye can be reached at carlye.cb@cox.net.

Apr 14, 2011 | 1 comment View Post

Deductibles – Become Your Own Risk Manager.

For most Americans and small businesses, times are still very tough. Whether at home or at our business, we are looking for ways to cut expenses without fundamentally altering how we live or work. Here is a recommendation that will help your bottom line, for some in a significant way, and at the same time not force you to alter your lifestyle or layoff employees. Become your own risk manager.

What many risk managers do for their clients is help the clients assess their “appetite for risk.” Ask, “How much risk am I willing to take on? Also, give some thought to frequency and likelihood. If you have a teenager just about to start driving, you may want to have a low deductible for collision coverage; where, if you are the only driver and haven’t had a ticket in years, you might ask yourself, “What level of risk am I willing to take?” What dollar amount is not worth the hassle of reporting a claim?

Call your Independent Agent, like my friend Marvin Address, and ask him to give you quotes on your homeowners, auto, personal umbrella policy, etc. with higher deductibles. You might be surprised to find out how much you can save by increasing your deductibles. Set a goal with your agent. Say, I want to save $100, $200, $500 a month on my personal insurance bill. “How do I make it happen?” You might be pleased with the answers. Talk to your agent about your life insurance. How can I lower my payments. Is there a better and less expensive policy out there. Again, the agent can work magic if you get out of the mode of just paying the bill when it rolls around without opening the envelope.

In your business, the savings by raising deductibles can be significant. Also, have your agent explain your coverages. You often will discover coverages where there are little or no risks. When these coverages are eliminated you may find the savings that allow you to keep that key employee working. I have discussed several times about workers compensation savings. Talk to an agent who has taken and bought into the AWCA type program to reduce workers compensation costs. Talk to your employees about safety programs and how they mean money to pay salaries. Your workers compensation bill may be 25% too high just because your Mod factor isn’t properly managed. Again set a goal of reducing your insurance costs and ask your agent to help you make it happen. The savings are there especially if you truly analyze your own appetite for risks.

Finally, call your Marvin Address and talk to him about your health insurance premiums. Ask him to analyze the cost savings that a higher deductible plan may offer you and your employees. If the saving are significant then enlist the agent in developing a plan to sell the plan to your employees. Show them how it saves them their jobs, lowers their share of premiums, engage them in the dialogue about safety programs, wellness, and environmental health. You might be surprised not only with the financial savings; but the employees’ appetite for risk as well.

If you are big enough, engage a risk management consultant with the goal, again, of reducing cost. You will be shocked at the results and the addition to your bottom line. What will be even more shocking will be the long term benefits to you, your company, and your employees. If you aren’t big enough yet, become your own risk manager and use the resources that are available to you at no cost, including your Independent agent and yours truly website.

Mar 29, 2011 | 0 comments View Post

Unplanned Transparency Continues to Concern Risk Professionals

WikiLeaks type fallout continues in the business community especially for risk managers, compliance officers, internal auditors and assurance officers. All Risk Management Professionals should prepare. There are things you can do to prevent most leaks from occurring and mitigate the damages if your organization becomes a victim.

 In most organizations processes are manual and dominated by hundreds – in some cases thousands – of spreadsheets. Such manual processes will always leave professionals chasing the data and never quite able to rid the backlog of issues, controls, tests, and assessments. Professionals should automate these manual processes and set up continuous monitoring indicators to monitor risk and compliance exposures. Automation will allow you to spend more time on analysis or proactively monitoring exposures.

 Social networking options, including Twitter, Facebook and blogs make it easy for people to share their ideas and personal peeves with the world. These social platforms are also the perfect place for employees to reveal what they perceive as unethical or illegal practices that are happening. Whistleblowers are provided a financial reward who report unethical and illegal practices to regulators. So in addition to the appeal of being ethical, employees now also have financial incentive to report alleged improper practices. The challenge for risk management professionals is to create a culture and the appropriate communication channels so that employees prefer to report these incidents internally.

 In addition to processes, proactively monitoring, and providing an environment where employees prefer to communicate issues internally, risk professionals must also ensure that everyone – from the top down – is acting appropriately and not creating a paper trail that when subject to public scrutiny may give off the wrong impression. Most risk professionals know whether their organization consistently walks a fine line that separates the ethical and unethical boundaries. Continuing in a role within an organization that is consistently in the grey area is career suicide. Sooner or later an employee who is frustrated is going to report questionable behavior to a regulator or post the details on his blog, social network or WikiLeaks. When this happens, all eyes will be on the key risk  professional and his/her preparation and actions.

Mar 03, 2011 | 1 comment View Post
Next Page »