be_ixf;ym_201909 d_19; ct_100

Ignore KRIs & KPIs at Your Own Peril: Best Practices for Key Risk Indicators

Stop me if you’ve heard this story before. There’s been significant management turnover at a $1 billion financial institution (FI), and the new management is eager to make an impact. Their solution: a new digital service provider to increase its digital footprint. It’s a project that has a budget impact across all lines of business

More
Risk Assessment Movies

Summer Blockbusters Revisited: Assessing My Risk Assessments

When it can cost nearly $100 to take a family of four to the movies (including snacks, of course), you don’t want to risk wasting your cash on a so-so movie. That’s why earlier this summer I brought my work home with me to risk assess some of the most-anticipated movie sequels, prequels, and reboots

More

Is Your Institution Prepared for These Emerging Risks?

Across the business world, businesses in all industries are worried about the pace of change. That’s according to Gartner’s most recent Emerging Risks Monitor Report, issued last month. Among the 133 senior executives surveyed, 71 percent cited the pace of change as a key risk facing their organizations. Why do executives feel like they won’t

More

6 Silo-Busting ERM Tips

How do seasoned risk professionals fight risk management inertia? They find ways to dismantle silos and develop processes to spark discussion about risk throughout the enterprise. It’s easier said than done, but with determination and a clear game plan, it’s possible. We reached out to professional risk managers for their best silo-busting tips. Here’s what

More

A Model CIO: Equifax CIO Keeps Showing Us How *Not* to Respond to a Breach

The big news out of Equifax this week is its $700 million settlement, including up to $425 million in consumer restitution, as a result of its 2017 data breach, which exposed the private financial data of over 145 million Americans. It’s the most expensive breach settlement ever. While the settlement really drives home the point

More
Risk Management and HR

The Risk Management/HR Connection

How often do you engage with human resources (HR)? Risk managers may not give a lot of thought to HR, but they should. According to COSO and its industry leading ERM framework (Enterprise Risk Management – Integrating Strategy and Performance), attracting, developing, and retaining capable individuals is a key element of governance and culture. Why does

More

Hate Illegal Telemarketing Calls? So Does the FDIC.

Have you ever felt like there isn’t being enough done to enforce the Do Not Call List? Between spoofed robo-dialing and other unwanted calls, picking up your home phone barely feels worth the effort. It’s the audio equivalent of a mailbox full of advertising flyers. The good news is at least one agency is taking

More
data driven risk management

Are You Using a Data-Driven Approach to Compliance Risk?

There are financial institutions that usually feel confident about enterprise risk management. They feel they’ve identified and assessed potential risk, risk tolerance levels have been defined, and strategies are in place for mitigating risk. Yet too often their risk monitoring activities fall short. Unfortunately, many institutions get monitoring wrong. From missing essential steps to monitoring

More
risk podcast ABA

3 Elements of a Vendor Cyber Monitoring Program

Growing cyber threats have made real-time monitoring of vendors an increasingly important element of a vendor management program. I sat down with Sam Lisker, ABA’s senior vice president of innovation in the office of member engagement, at the 2019 ABA Risk Management Conference in Austin, to talk about this evolving technology and how it can

More

Frequently Asked Questions About Cyber Monitoring

Vendor cybersecurity monitoring provides real-time data on vendors’ cybersecurity by collecting and assessing publicly available information. It detects threats and vulnerabilities before they are exploited so that action can be taken to prevent breaches. Cybersecurity ratings can: Uncover and address cybersecurity issues that need to be resolved before they are exploited. Identify third-party vendors that

More
 Featured image for Ask Me Anything Q&A
NGAGE 2019
COAST TO COAST
User Conference