We’ve created this article resource by pulling from ERM-related feeds across the web. Each article links to the original publication site. Is there a feed you think we should include? Email aferm.webmaster@gmail.com

TSA Modernization: Use of Sound Program Management and Oversight Practices Is Needed to Avoid Repeating Past Problems, Oct 17, 2017

What GAO Found The Transportation Security Administration's (TSA) new strategy for the Technology Infrastructure Modernization (TIM) program includes using Agile software development, but the program only fully implemented two of six leading practices necessary to ensure successful Agile adoption. Specifically, the Department of Homeland Securi (more...)


The Global Economy’s New Frontiers

The global economy is in transition, not so much as the result of fluctuating superpower politics, but more so as the quiet byproduct of shifting investment in emerging economies. We are at the end of supersized returns previously found in Brazil, Russia, India, China, and South Africa (BRICS), foreign direct investment constants since 2001 that ha (more...)


Insider Threats Part I: Background and Organizations Working to Counter Insider Threats

Insider Threats are not new. They have plagued the country throughout its history. Since Benedict Arnold in 1789, Insider Threats have endured as a challenge for government. Yet, the seriousness of Insider Threats motivates the ongoing efforts to implement systems and processes to inhibit t (more...)


N. Calif. Wildfires Continue Widespread Destruction

The National Interagency Fire Center (NIFC) increased the National Preparedness Level to 3 today due to wildfire activity in eight Northern California counties, including Napa, Sonoma and Mendocino, where evacuations, road, trail and area closures are in effect. Since their start on the night of Oct. 8, the wildfires in California’s wine cou (more...)


Biodefense: Federal Efforts to Develop Biological Threat Awareness, Oct 11, 2017

What GAO Found Key biodefense agencies—the Departments of Homeland Security (DHS), Defense (DOD), Agriculture (USDA), and Health and Human Services (HHS), and the Environmental Protection Agency—conduct a wide range of activities to develop biological threat awareness for intentional and naturally occurring threats, and reported usi (more...)


Physical Security: NIST and Commerce Need to Complete Efforts to Address Persistent Challenges, Oct 11, 2017

What GAO Found GAO found that efforts to transform the physical security program at the National Institute of Standards and Technology (NIST) have incorporated some key practices, particularly with regard to leadership commitment to organizational change. For example, GAO estimates that, as of May 2017, 75 percent of staff GAO surveyed believe (more...)


Bridging the Security Gap in the Internet of Things

To build an effective security strategy for the internet of things (IoT), we first need to understand the value of the data that is generated. The ability to use data, collected from a variety of locations and sources, to drive decision making is a key asset of the IoT. This valuable data will help organizations to innovate, solve customer problems (more...)


Lawsuits Question Arkema Emergency Preparedness Plan

Last week officials in Harris County, Texas were granted permission to file a lawsuit against international chemical company, Arkema, Inc., in attempt to recover the costs of responding to the crisis at the company’s plant in Crosby during Hurricane Harvey in August into September. The County has asked a court to review the plant’s envi (more...)


8 Legal Developments You Need to Know About

In a new RIMS Professional Report, attorneys Mark Plumer and Xandra Bernardo (of Pillsbury Winthrop Shaw Pittman LLP) and Patrick Walker, a risk professional at mining company Rio Tinto Group, shed light on the top risk management legal developments of 2017. According to the authors, risk managers “must be familiar with the legal princip (more...)


Grid: Locked — Managing the Risks of Hacking the Electric Grid

On Dec. 17, 2016, hackers successfully targeted an electric transmission substation outside of Kiev, Ukraine, leaving part of the city without power for about an hour. Widely thought to be attributable to the Russian government, the incident was the second attack to cause a power outage in Ukraine in as many years. The incident was far from catast (more...)


The Risks of Voice Technology

These days, voice technology is everywhere. Voice-enabled digital devices and virtual assistants from Amazon, Apple, Google, Microsoft and others can answer a question, provide a weather report, turn up the thermostat or even order a pizza. Businesses are using voice technology to improve call center performance, verify customer account informatio (more...)


Enhancing Security with Big Data Analytics

Security information and event management systems have long been the foundation for many organizations’ information security programs. While they remain an essential part of ensuring and maintaining strong cybersecurity, they need improvement to meet the demands of today’s rapidly evolving threat landscape. Security information and eve (more...)


Managing the New Dynamics of Terrorism

Terrorist attacks in mainland Europe and the U.K. over the past few years have impacted the way individuals and businesses view travel to these destinations previously considered “low risk.” Images of gunmen in central Paris, knife-wielding extremists in London, and high-casualty bombings in Belgium are just a few of the events that ha (more...)


Alternative Energy Strategies

Businesses in the United States are getting serious about using less energy, acquiring their energy from renewable resources and installing onsite generators to address potential risks, according to the Deloitte study Energy Management: Sustainability and Progress. While the primary motivation for businesses to launch an energy resource management (more...)


Community, Diversity Spotlighted at RIMS Canada

TORONTO—The 2017 RIMS Canada Conference quickly found its groove on Monday morning, kicking off the annual conference with performances by a choir of local schoolchildren and an opening session centered on the theme of community. Focusing first on the RIMS community, the RIMS Canada Council announced its top honors for accomplishment in (more...)


The Strategic Value of Risk Taking

With profound economic, geopolitical, demographic, and technological changes taking place around the world, the business environment is rife with risk and uncertainty, but also opportunity. In such an environment, the need for risk-informed decision making has never been greater. A recent Deloitte survey asked several hundred board members and C-le (more...)


Immersive Technology for Government: Part 1 - Virtual Reality

In many ways, virtual reality (VR) is old hat to the government. Airmen, astronauts, and soldiers have long been putting in time in simulators training for the real thing. While training is a valuable application for this technology, it is not the only one. There are a number of other opport (more...)


Weekly Roundup: September 11 - 15, 2017

Back from a summer hiatus, the IBM Center's Weekly Roundup highlights articles and insights that we found interesting over the last couple of weeks.   Michael J. Keegan Military IT chiefs want combat-ready infrastructure. A streamlined IT infrastructure isn't just efficient, it's essen (more...)


Paying it Forward: Industry Leaders Celebrate at Spencer Gala

Every year in September, leaders in the insurance world celebrate the profession and show their support for the next generation of risk management and insurance professionals. This year, close to 700 executives made their way to the Spencer Educational Foundation’s 9th Annual Gala on Thursday night at the New York Hilton Midtown. Nearly (more...)


RIMS Membership Has a Say in COSO’s New ERM Framework

When Risk & Insurance Management Society (RIMS) members use the new ERM framework published Sept. 6 by the Committee of Sponsoring Organizations of theTreadway Commission (COSO), they may recognize their own ideas prominently displayed. Carol Fox, RIMS vice president of strategic initiatives announced the call for public comment on Risk Managem (more...)


Understanding Cognitive Counter-Fraud, Waste and Abuse

Over the past decade, federal government agencies have made notable progress with respect to combatting fraud and improper payments as part of agency-specific program integrity efforts. Greg Greben, Vice President and Client Group Leader, Federal Civilian & Healthcare Agencies, IBM Global Business Services, authored this article In (more...)


Actionable Cybersecurity Practices for the 21st Century: Perspectives from Experts

A recent meeting of public and private sector experts identified real challenges and practical opportunities for change. The IBM Center recently partnered with the National Institute for Standards and Technology (NIST) and George Washington University Center for Cyber and Homeland Security to convene a set of interactive discussions among (more...)


Post-Harvey Lessons For Chemical Plant Managers

One of the many hazards exposed by Hurricane Harvey occurred in Crosby, Texas, when the Arkema chemical plant suffered fires and small explosions on Aug. 31 and Sept. 1. Floodwaters caused the fires by penetrating the facility and shutting down the cooling systems designed to stabilize 500,000 pounds of highly flammable materials inside. This ultim (more...)


Timing is Everything In Crime Insurance Claims

In current discussion of fraud and crime coverage, emerging cyberrisks and appalling financial schemes grab the headlines, and the direct loss conundrum captivates coverage counsel. While policyholders and their risk managers should of course monitor those issues, they also should remember the basic timing requirements that could undermine otherwis (more...)


Ensuring Your Company’s Disaster Relief Donations Are Well Received

With Hurricane Harvey’s effects being felt in Texas and Louisiana for some time to come, businesses may want to help victims by making corporate donations. Corporate decision-makers should carefully consider ways to contribute, since some recent post-disaster efforts have not helped as intended. Depending on your industry and your company’s size (more...)


The Hunt for Risk Management’s Panda

You may never have heard of Chi Chi the giant panda, but you would almost certainly recognize her image. In 1961, Sir Peter Scott used sketches of Chi Chi to design the original logo for the World Wildlife Fund (now the World Wide Fund for Nature) and, in so doing, created one of the most recognizable and enduring symbols of international conse (more...)


The Psychology of Risk

Over the past several years, psychologists, behavioral scientists and academics have helped to advance our understanding of human psychology and, specifically, how humans respond to high-risk and crisis situations. This research has highlighted how a lack of pre-crisis training and preparation may exacerbate risk and cause unnecessary errors du (more...)


Four Key Cyberrisk Management Questions for Directors and Officers

Courts have historically made it difficult to hold directors and officers personally liable for breaches of fiduciary duties. But as cyberrisk management liability standards evolve, directors and officers increasingly face the risk of personal exposure. In September 2015, following Home Depot’s high-profile data breach that exposed more than 5 (more...)


College Captive Offers Hands-On Experience

According to the U.S. Bureau of Labor, as workers retire or change jobs, in the next five years alone, the insurance industry will need to replace 104,000 insurance agents, 71,900 claims adjusters, 67,400 claims/policy processing clerks, 28,900 underwriters, 8,500 software developers/programmers, 7,500 computer/information analysts, and 6,900 a (more...)


5 Best Practices for IoT Privacy Compliance

According to a January 2017 forecast from Gartner, 8.4 billion internet of things items will be in use worldwide this year—a 31% increase from 2016—to the tune of almost $2 trillion in annual spending on devices and services. As companies create these interactive items, most of which can track consumers, the Federal Trade Commission (FTC)—the g (more...)


Managing Public Sector Auto Risks

Fleets are a serious and growing risk management challenge for public entities. The public sector collectively has the largest vehicle fleet in the United States. With 1.3 million cars and trucks, that sector is even larger than the commercial fleet segment, according to Government Fleet magazine, so the challenges of commercial auto insurance (more...)


Global Risk Concerns

Headline news correlated directly with the top-10 concerns of risk managers globally in 2016, according to Aon’s Global Risk Management Survey. An increase in product recalls and scandals flamed by social media, for example, has raised organizations’ reputational risk exposure in the past few years. “Damage to reputation/brand” is at the top (more...)


Air Traffic Control Modernization: Progress and Challenges in Implementing NextGen, Aug 31, 2017

What GAO Found The Federal Aviation Administration (FAA) is implementing the Next Generation Air Transportation System (NextGen) incrementally and has taken actions to address challenges to implementation. NextGen has enhanced surface traffic operations at 39 of the 40 busiest airports in the United States by providing electronic communications (more...)


Empowering your risk management strategy

This eBook explores five key areas of risk management that can help transform the way in which organisations understand and manage risk. It further provides real-world examples to show how IBM solutions can help you deliver demonstrable business value and achieve your full potential. (more...)


A New Approach to Managing a ‘Classic’ Reputation

A new Coca-Cola-sponsored contest seems to publicly acknowledge its reputational risk, but at a minimal cost that could manage or even reduce it. In early August, the beverage giant announced its Sweetener Challenge, seeking non-employees (preferably scientists or agriculture or nutrition professionals) who can bring the company a “natural, (more...)


Can You Have Too Many Coffee Shops?

The collective mood among Starbucks (SBUX) shareholders may have been dark and intense on Wednesday, following a 1% downgrade of the coffee company’s share price by BMO Capital Markets due to “store overlap.” BMO analyst Andrew Strelzik wrote: “There are now 3.6 Starbucks locations within a one-mile radius of the typical Starbucks in the U.S. relat (more...)


Risk Management Isn’t Just for the Finance Staff

Operational leaders have an opportunity to align resources against their greatest vulnerabilities. (more...)


The ERM Value Connection

Research has shown that enterprise risk management (ERM) adds value. One research paper showed that ERM adds to the value metric called Tobin’s Q. Other award-winning research has shown that ERM enables better decision making. The authors of that research state: “Specifically, as companies implement an ERM process, the new knowledge it provides th (more...)


The Risk of Being Too Delicious

Shockwaves were felt around the wing-eating world last week, when Buffalo Wild Wings announced it will be discontinuing its Tuesday night half-priced wing promotion. According to reports, the franchise’s decision was a difficult one as the promotion was “a major driver of traffic” and “boosted same-store sales” for some locations. Ultimately, th (more...)


Ransomware Ready: How to Prepare for the Day You Get Locked Out

In May, a strain of ransomware known as WannaCry infected more than 230,000 computers in 150 countries, demanding about $300 in the cryptocurrency bitcoin to restore access. Primarily striking Europe and Asia, the attack crippled operations for a wide swath of enterprises, from the U.K.’s National Health Service to German state railways to thou (more...)


A New Method for Measuring Captive Performance

In order to drive operational effectiveness and capital deployment efficiency, leaders of captive insurance companies are increasingly in need of improved methods for performance evaluation and tools that go beyond simple financial ratio analysis or industry benchmarking comparisons. This need includes validation of the risk management program (more...)


Practical Lessons for Managing Cyberrisks

Of all the dangers that consume risk managers’ thoughts, cybersecurity is arguably the most intangible. It is difficult to truly “see” the many factors that can cause breaches or attacks, which often leaves cyberrisk confined to the realm of hypothetical and worst-case scenarios. However, we continue to hear about successful attacks that penetr (more...)


Improving Vendor Risk Management

Evolving and increasing regulatory requirements. Growing vendor inventories. Heightened internal pressures to perform risk management functions. Shifting responsibility and accountability for the actions of vendors. These are only a handful of the challenges and considerations companies face when managing third-party risks. In light of the heig (more...)


Exploring Liability for Exploding E-Cigarettes

Electronic nicotine and non-nicotine delivery systems, more commonly known as e-cigarettes, represent a global market worth almost $10 billion. In the United States alone, e-cigarette sales reached about $4.1 billion in 2016. But as the market continues to grow, reports of exploding e-cigarettes have raised concerns about product safety and lia (more...)


Defense Cybersecurity: DOD's Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened, Aug 01, 2017

What GAO Found Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM) (see table). Also, DOD and congressional committees have identified actions that could mitigate risks associate (more...)


Refugees: State and Its Partners Have Implemented Several Antifraud Measures but Could Further Reduce Staff Fraud Risks, Jul 31, 2017

What GAO Found The Department of State (State) and the United Nations High Commissioner for Refugees (UNHCR) have worked together on several measures designed to ensure integrity in the resettlement referral process. State and UNHCR have established a Framework for Cooperation to guide their partnership, emphasizing measures such as effective ov (more...)


Companies Must Evolve to Keep Up With Hackers

If you ask a CFO if their company’s current cybersecurity strategy is working, it’s very likely that they do not know. While at first they may think it is, because the company’s bank accounts are untouched, an adversary could be lurking in their network and collecting critical data to later hold for ransom—threatening to destroy it if the money isn (more...)


Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, Jul 27, 2017

What GAO Found The Internet of Things (IoT) is the set of Internet-capable devices, such as wearable fitness devices and smartphones, that interact with the physical environment and typically contain elements for sensing, communicating, processing, and actuating. Even as the IoT creates many benefits, it is important to acknowledge its emerging (more...)


Weekly Roundup: July 17 - 21, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending July 21, 2017. Michael J. Keegan White House pushes TBM for IT savings and smarter spending.  Chris Liddell, the president's director of strategic initiatives, thinks the federal government may be spending as much as $200 billi (more...)


Corporate Culture and Risk Management

According to an April New York Times article, “Uber’s core company values included making bold bets, being “obsessed” with the customer, and to “always be hustling.” The company emphasized meritocracy, setting employees up as rivals and overlooking transgressions of its high performers. At its worst, Uber maintained an “unrestrained culture” that h (more...)


Reimagining Enterprise Risk - How Today’s Finance Leaders Can Use Data and Clear Vision to Navigate Risk

This infographic explores the key emerging risk management hazards as well as the four forces disrupting the CFO role. It further explores an opportunity for data-inspired leadership and growth. (more...)


Wildfires Blaze through Western U.S. and Canada

Following a wet spring, at least six western states are now fighting wildfires, which have been intensified by extremely high temperatures, wind gusts and lightening. In northern California, about 4,000 people evacuated and more than 7,000 were told to prepare to leave as fires burned in the Sierra Nevada foothills, about 60 miles north of Sacramen (more...)


Marsh Tracks Top Captive Trends

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and (more...)


How to Know Which NIST Framework to Use

Some agencies are confusing NIST's Cybersecurity Framework with the Risk Management Framework. (more...)


Management Report: Opportunities for Improvement in FHFA's Evaluation of Internal Control over Financial Reporting, Jun 14, 2017

What GAO Found During its audit of the Federal Housing Finance Agency's (FHFA) fiscal years 2016 and 2015 financial statements, GAO identified deficiencies in FHFA's evaluation of internal control over financial reporting. This includes the FHFA Office of the Inspector General's (FHFA-OIG) evaluation of its own internal control over financial r (more...)


5 Strategies to Maximize Your Risk Assessments

While risk assessments enable organizations to understand their business issues and identify uncertainties, the best assessments go further. They prioritize top risks, assign risk ownership, and most critically, integrate risk management and accountability into front line business decision-making. Simply put, “checking the boxes” just i (more...)


Lloyd’s Plans for Post-Brexit Subsidiary

Just one day after the U.K. set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced it was establishing a subsidiary in Brussels, intending to be able to write EU business for the Jan. 1, 2019, renewal season. The new company will write risks from all 27 European Union c (more...)


A complete perspective - Managing and monitoring a single view of concentration risk

This white paper explores managing and monitoring a single view of concentrated risk. It examines the need for tools that can streamline credit risk management systems and create a single enterprise-wide view of risk as an early warning system against future crises. (more...)


Preparing for Brexit

One year ago, few business leaders would have put their money on the United Kingdom voting to leave the European Union. Indeed, the June 2016 referendum has been a wake-up call for corporations, showing that voters still have significant power to a country’s economic future, and that massive, rapid geopolitical changes can happen anywhere. C (more...)


Insuring Against Terrorism

Concerns about political unrest and terrorism continue to be high on the agenda for risk managers of multinational businesses. According to the 2017 Allianz Risk Barometer, these fears ranked eighth among the top corporate perils cited by risk consultants, underwriters, senior managers and claims experts. The most commonly cited concerns were acts (more...)


Cyber and the C-Suite: New Cyberrisk Responsibilities for Chief Risk Officers

How to Use the World Economic Forum’s Cybersecurity Principles A 2017 WEF report outlines best practices for boards and the C-suite to help strengthen an organization’s cyber practices by providing guidance for managing cyberrisks much in the same way that organizations manage enterprise risk. Read more about these 10 steps and how to (more...)


Preparing for an Immigration Crackdown

President Trump has vowed to protect U.S. workers and jobs and it is clear that one way he plans to achieve this goal is by policing immigration compliance. Under the Trump Administration, U.S. Immigration and Customs Enforcement (ICE) will increase worksite enforcement actions against employers, which could involve issuing I-9 Notices of Inspecti (more...)


Contingency Planning for Environmental Spills

Fuel spills and discharges of hazardous materials, pollutants and other regulated materials, even in small quantities, can turn into expensive incidents for spill generators and their insurers. Therefore, the time to prepare for an environmental release is before it happens. Spill preparedness starts with a risk assessment. Companies at risk for e (more...)


Investing in the Insurtech Toolbox

Just a few years ago, the nascent insurtech sector received scant attention from the insurance industry. But with the number of companies in the space growing exponentially, more insurers, intermediaries and risk managers are being forced to take notice. Insurtech refers to the subset of technology startups focused on process enhancements in under (more...)


Put Your Money Where Your Risk Is

Compared to property, plant and equipment (PP&E) assets, the impact of business disruption to cyber assets is 72% greater, organizations value cyber assets at 14% more, and quantify probable maximum loss from cyber assets is 27% higher, according to the 2017 Cyber Risk Transfer Comparison Global Report from Aon and the Ponemon Institute. What& (more...)


Running with Risk

When I was 12 or 13 years old, I ran in my first competitive race, a neighborhood 5K that had been organized around the 40th anniversary of my hometown. I don’t remember my time, but I do know that I came in second in my age group, which, even though there were only three runners in my bracket, seemed pretty cool. I also remember throwing up (more...)


Weekly Roundup May 19, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting. Michael J. Keegan   $500M IT modernization bill passes House. The Modernizing Government Technology Act passed the House of Representatives on a voice vote, but the Senate outlook is less certain. (more...)


Homeland Security: Progress Made to Implement IT Reform, but Additional Chief Information Officer Involvement Needed, May 18, 2017

What GAO Found The Department of Homeland Security (DHS) has fully implemented 28 of the 31 selected Federal Information Technology (IT) Acquisition Reform Act (FITARA) action plans; however, as of December 2016, DHS did not fulfill all aspects of 3 action plans. For example, one action plan is to use an updated process for reviewing troubled p (more...)


North Korea Now Suspected in Ransomware Attack

The massive cyberattack targeting computer systems of businesses, government agencies and citizens in more than 150 countries is now being linked to the North Korean government. Called WannaCry, the ransomware encrypts the victim’s hard drive and demands a ransom to be paid in the virtual currency bitcoin equivalency of about $300. According (more...)


Pentagon Financial Office Not Complying with Improper Payments Law, Watchdog Finds

Five out of six requirements in estimating and risk assessments were missed. (more...)


Navigating Risk Management Around the Globe

Over the past few years, I’ve had the wonderful opportunity to travel the world and visit factories, distribution centers, ports, warehouses, and several offices for the company where I work. Apart from being a great way to see the world, it has also been an opportunity to learn from the ways different cultures see and manage risk. Coming fro (more...)


In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders. Today, risk management is not just recommended, it is considered (more...)


10 Insurance Tips to Help Manage Construction Risk

Construction involves risks that can and should be managed, often by transferring that risk to insurance. The following 10 tips can help in that effort: Remember that the construction contract is the cornerstone of risk management. The contract documents should set forth the risk allocation plan, including additional insured pro (more...)


Ransomware Attacks Increase, With U.S. the Primary Target

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec. “Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangero (more...)


Total Cost of Risk Drops for Third Straight Year, RIMS Finds

Despite the challenges of a slowed economy in an election year, a shifting risk landscape as a result of technological advances, and a slow to negative growth rate in some sectors, 2016 saw the total cost of risk (TCOR) decline for the third consecutive year, according to the 2017 RIMS Benchmark Survey. Even in the face of such uncer (more...)


Risk Uprising: Navigating Today’s Political Turmoil

In March 2016, the Economist Intelligence Unit rated the possibility of a Donald Trump presidency as one of the top 10 risks facing the world—riskier even than the U.K. leaving the European Union, and just as unlikely. Judging impact and probability on a scale of one to 25, with 25 considered the most dangerous, the analysis rated the possib (more...)


The Importance of Financial Disaster Preparedness

Containment of financial loss, regardless of its cause, is a key goal of virtually every organization’s risk strategy, providing a compass for many of the actions taken to avoid, mitigate, transfer and retain risks enterprise-wide. Yet catastrophic events too often result in losses that exceed the expectations of management. Such losses high (more...)


Risk-Based Approaches to Cybersecurity

There has been tremendous progress in the cybersecurity discipline in terms of defining strategy by outcomes rather than the methods used. This is especially apparent in the financial services industry, where frameworks such as CBEST and FFIEC encourage practitioners to not only think about risk-based approaches, but also to understand levels of m (more...)


Using Contracts to Curb Cyberrisks

Organizations frequently share information—some of it sensitive or confidential—with vendors in their supply chain. But many data breaches, such as Target’s 2013 breach that exposed the financial data of 40 million customers, have resulted from poor cybersecurity on the part of a vendor. While no organization or vendor can ever b (more...)


Notepad: Risk in Review – May

North Carolina Repeals Bathroom Bill After a year of protest, economic fallout, and the ousting of the governor who signed it, North Carolina legislators repealed the controversial House Bill 2 (HB2), also known as the “Bathroom Bill.” The measure restricted enactment of anti-discrimination policies protecting LGBT citizens and require (more...)


Border Security: Additional Actions Could Strengthen DHS Efforts to Address Subterranean, Aerial, and Maritime Smuggling, May 01, 2017

What GAO Found GAO's analysis of Department of Homeland Security (DHS) data showed that there were 67 discovered cross-border tunnels, 534 detected ultralight aircraft incursions, and 309 detected drug smuggling incidents involving panga boats (a fishing vessel) and recreational vessels along U.S. mainland borders from fiscal years 2011 through (more...)


Unlocking the Power of NIST’s Cybersecurity Framework

In the not-so-distant past, it was hard to get people to think cyber risk management. (more...)


Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference (more...)


And the 2017 RIMS Awards Go to…

PHILADELPHIA—At today’s RIMS 2017 Awards Luncheon, the society issued its top honors for achievement in the risk management and insurance industry. Scott B. Clark, area senior vice president and enterprise risk management consultant at Arthur J. Gallagher & Co., received the society’s most prestigious honor, the Harry and Doro (more...)


It’s a Great Time to Be a Risk Manager

2017 has so far been a wild ride of change. Companies are navigating through a new U.S. administration, Brexit and cyber risks that are more daunting each day. We are bombarded with uncertainty and unchartered waters. Nevertheless, it’s a great time to be a risk manager. This kind of disruption is the reason many of us got into the risk and i (more...)


SSA Disability Benefits: Comprehensive Strategic Approach Needed to Enhance Antifraud Activities, Apr 17, 2017

What GAO Found The Social Security Administration (SSA) has taken steps to establish an organizational culture and structure conducive to fraud risk management in its disability programs, but its new antifraud office is still evolving. In recent years, SSA instituted mandatory antifraud training, established a centralized antifraud office to co (more...)


Protecting Employees in the Face of International Risks

Increasing globalization and the growing world market presents employees with opportunities to travel and experience new countries and cultures. With travel comes risk, however. In the event of an unforeseen incident, it is an organization’s top priority to ensure its employees are safe and out of harm’s way. By following proactive trav (more...)


Elevating Data Risk Management to the Board Level

For years, the security industry has worked to promote cybersecurity as a critical topic for the most senior corporate decision-makers: the c-suite and board of directors. Work remains, but most organizations now realize that data risk management and data-centric security must have board-level priority. That said, for many, data risk management an (more...)


Mitigate Model Risk and Reduce Model-Related Costs

This white paper explores approaches to model risk management and its challenges. The paper provides a solution to help organisations better manage model risk by establishing risk mitigation and cost reduction strategies.. (more...)


Nuclear Security: DOE Could Improve Aspects of Nuclear Security Reporting, Apr 11, 2017

What GAO Found The Department of Energy's (DOE) and the National Nuclear Security Administration's (NNSA) annual reports for 2014 and 2015 on the security of nuclear facilities holding special nuclear material did not fully meet the definition of quality information under the federal internal control standards. These standards define quality in (more...)


Homeland Security Acquisitions: Earlier Requirements Definition and Clear Documentation of Key Decisions Could Facilitate Ongoing Progress, Apr 06, 2017

What GAO Found For the first time since GAO began its annual assessments of the Department of Homeland Security's (DHS) major acquisitions, all 26 programs that were reviewed had a department-approved baseline. During 2016, over half of the programs reviewed (17 of the 26) were on track to meet their initial or revised schedule and cost goals. (more...)


Marine Corps Asia Pacific Realignment: DOD Should Resolve Capability Deficiencies and Infrastructure Risks and Revise Cost Estimates, Apr 05, 2017

What GAO Found The Department of Defense (DOD) has coordinated the relocation of Marines from Okinawa to other locations in the Asia-Pacific region through developing a synchronization plan and organizing working groups. However, DOD has not resolved selected identified capability deficiencies related to the relocation of Marine units; training (more...)


Why Do M&As Fail?

Snapping up rivals or merging with powerful competitors to create mega-companies that dominate markets has long been a strategy for business growth, and nothing excites financial markets more than news of large deals. But there is a catch: Most mergers fail. In fact, McKinsey estimates that around 70% of mergers do not achieve their expected (more...)


Flaws in the Data

Given the avalanche of information that has become available to ­businesses over the past several years, data-driven decision-making (DDDM), the practice of basing business decisions on data analysis rather than intuition, has become a critical tool to help organizations reduce risk, avoid costly mistakes and take advantage of opportunities. D (more...)


New Rules for Absence Management

A variety of regulations regarding the rights of employees with disabilities have spurred employers to reassess workers compensation and return-to-work programs. In addition to actions by the Equal Employment Opportunity Commission (EEOC) that have resulted in high-profile, multi-million dollar settlements, employment law changes have underscored (more...)


Oroville Dam Highlights Infrastructure Risks

The near-collapse of the Oroville Dam in northern California in February could have been catastrophic. Communities as far as 100 miles downstream from the dam were at risk of flooding that could have resulted in $21.8 billion in structural damages, according to Risk Management Solutions. What’s more, a bad situation would have been made wors (more...)


The Real Risks of Fake News

Fake news is nothing new—we have long been exposed to propaganda, tabloid news, and satirical reporting. But now, with the dependence on the internet, promotion of trending stories on social media, and new methods of monetizing content, we have found different ways to relay information without using traditional media outlets. A single story (more...)


W-2 Phishing Scam Targets Tax Season

In February, the FBI issued an official warning to businesses about a new form of tax season scam in which fraudsters use social engineering attacks known as business email compromise (BEC) or CEO fraud to target W-2 forms. In the cases submitted to the Internet Crime Complaint Center, attackers spoofed or hacked the email account of a company&rsq (more...)


Q&A: Bridging the Gaps at PayPal

For Laura Langone, senior director of global risk management and insurance at PayPal, risk management is all about bridges. As PayPal has made a practice of bridging the banking, retail and technology sectors, Langone’s approach to insurance coverage focuses on manuscripting to bridge traditional industry verticals. Underwriting innovation d (more...)


Lloyd’s to Establish EU Base in Brussels

One day after the UK set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced that it has chosen Brussels as the location for its European Union subsidiary. A market of syndicates in London, Lloyd’s said its intention is to be ready to write business for the Jan. 1, 2019, renewal seaso (more...)


Identity Theft Services: Services Offer Some Benefits but Are Limited in Preventing Fraud, Mar 30, 2017

What GAO Found Identity theft services offer some benefits but have limitations. Credit monitoring helps detect new-account fraud (that is, the opening of new unauthorized accounts) by alerting users, but it does not prevent such fraud or address existing-account fraud, such as misuse of a stolen credit card number. Consumers have alternati (more...)


DOD Major Automated Information Systems: Improvements Can Be Made in Applying Leading Practices for Managing Risk and Testing, Mar 30, 2017

What GAO Found Most of the 18 selected Department of Defense (DOD) major automated information system (MAIS) programs that GAO reviewed had experienced changes in their planned cost and schedule estimates and half of the programs had met their technical performance targets. Specifically, 16 programs experienced changes in their cost estimates r (more...)


Defense Acquisitions: Assessments of Selected Weapon Programs, Mar 30, 2017

What GAO Found Since GAO's 2016 assessment, the number of programs in the Department of Defense's (DOD) portfolio of major defense acquisitions decreased from 79 to 78, while DOD's planned investment over the life of these programs increased by $9.4 billion to $1.46 trillion. GAO observed mixed performance in the portfolio this year. For exampl (more...)


Private Deposit Insurance: Credit Unions Largely Complied with Disclosure Rules, but Rules Should Be Clarified, Mar 29, 2017

What GAO Found About 2 percent of credit unions (125) have private deposit insurance, which is provided by one company—American Share Insurance (ASI). Regulatory and other assessments have suggested that ASI's reserves have been adequate and that the company has had a strong ability to cover present and future losses for the credit unions (more...)


Information Technology: Implementation of IT Reform Law and Related Initiatives Can Help Improve Acquisitions, Mar 28, 2017

What GAO Found The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 to improve federal information technology (IT) acquisitions and can help federal agencies reduce duplication and achieve cost savings. Successful implementation of FITARA will require the Office of Management and Budget (OMB) and feder (more...)


Defense Acquisition Workforce: DOD Has Opportunities to Further Enhance Use and Management of Development Fund, Mar 28, 2017

What GAO Found The Department of Defense (DOD), enabled by congressional action, has improved the timeliness of the funding process for the Defense Acquisition Workforce Development Fund (DAWDF). For fiscal year 2015, DOD was authorized to transfer expired funds, which allowed it to fund DAWDF in 2 months. In contrast, for fiscal year 2014, DOD (more...)


Grants Management: Corporation for National and Community Service's Grant Monitoring Process Could Be Improved, Mar 28, 2017

What GAO Found The Corporation for National and Community Service (CNCS) process for monitoring grants is not fully aligned with federal internal controls (see fig.). Risks may go unidentified because CNCS’s assessment process does not include all grants in the year they are first awarded; its scoring model does not assign the riskiest gr (more...)


Accounts Receivables Coverage Helps Fill Supply Chain Gaps

It is standard for companies to insure and protect cash, inventory, property, plants and equipment, and more recently, data. Companies are insuring every step in the supply chain and sales process from concept to delivery. What is often not insured, however, is the last but most important part of a sales transaction—getting paid. You can safe (more...)


Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview (more...)


Aviation Certification: FAA Has Made Continued Progress in Improving Its Processes for U.S. Aviation Products, Mar 23, 2017

What GAO Found The Federal Aviation Administration (FAA) has made progress in addressing two rulemaking committees' recommendations regarding its certification process and the consistency of its regulatory interpretations. FAA has completed 13 of 14 initiatives for addressing the 6 certification process recommendations. For example, 5 of th (more...)


Immigration Status Verification for Benefits: Actions Needed to Improve Effectiveness and Oversight, Mar 23, 2017

What GAO Found The Department of Homeland Security's (DHS) United States Citizenship and Immigration Services (USCIS) has taken steps to assess the accuracy of the information reported by its Systematic Alien Verification for Entitlements (SAVE) system. For example, since 2014 USCIS has conducted monthly checks to ensure SAVE is accurately repo (more...)


Veterans Health Administration: Actions Needed to Better Recruit and Retain Clinical and Administrative Staff, Mar 22, 2017

What GAO Found Challenges in recruiting and retaining both clinical and human resources (HR) employees along with weak HR-related internal control practices are undermining the Department of Veterans Affairs' (VA) Veterans Health Administration's (VHA) ability to meet the health care needs of veterans. In July 2016, GAO found that VHA losses (more...)


The financial paradigm shift – The risk management and performance challenge

This white paper examines how well firms are managing portfolios given the data, tools and techniques they are currently using, as well as their level of preparedness for sudden shifts in the investment landscape. (more...)


Grants Management: Monitoring Efforts by Corporation for National and Community Service Could Be Improved, Mar 21, 2017

What GAO Found The Corporation for National and Community Service (CNCS) assesses its grants before the beginning of each fiscal year and prioritizes its grant monitoring based on the scoring of certain indicators, such as potential performance or financial problems and the length of time since the last compliance visit. For fiscal year 2015, C (more...)


RIMS Conference Veterans Offer Advice to First Time Attendees

Last week a member of the RIMS Opis online community asked an important question: “What advice can RIMS Annual Conference & Exhibition veterans give to someone attending the show for the first time?” Luckily, the risk management community rushed in with some sage advice. First and foremost, several people pointed out how helpful the (more...)


Third-Party Risk Management - How to successfully mitigate your organisation's third-party risk

This white paper addresses organisational approaches to third party risk management and due diligence. The paper is full of insight, advice and examples to help organizations recognize and address their third-party risk. (more...)


Weekly Roundup for March 6-10, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending March 10, 2017. John Kamensky Kickstarting Data-Driven Government.  Stephen Goldsmith and Katherine Hillenbrand write in Governing that cities are increasingly making data-drive (more...)


Food Defense Initiatives Can Safeguard Your Company

When most people think of product contamination and recalls, the first thing that comes to mind is food poisoning cases from bacteria such as e-coli and listeria. Food and drug companies, however, are experiencing malicious and intentional product tampering that can be equally deadly and dangerous. Many of us can’t forget the 1982 cyanide Tyl (more...)


International Women’s Day: Risk Management Issues to Watch

A 2013 piece on the role of women in risk management remains the most controversial article we’ve ever run in Risk Management magazine and the one that received the most comments and letters to the editor, hands down. Many of those reader comments were…let’s just say less than kind or receptive. Today, International Women’s (more...)


Applying Risk Management Strategies to Reduce Improper Payments

This report continues our long interest in risk management with a specific focus on employing risk management strategies to reduce improper payments at the U.S. Department of Labor’s (DOL) Unemployment Insurance (UI) program. Federal agencies make more than $2 trillion in payments to in (more...)


Operational risk in financial services – Navigating risk management challenges in an uncertain world

This research analyses the findings from a recent survey that polled senior risk, compliance and legal professionals about current trends in risk management and governance. The paper addresses the emerging regulatory, risk and technological threats affecting many of today’s organisations. (more...)


Weekly Roundup: February 6 - 10, 2017

Articles from across the Web that we at the IBM Center for The Business of Government found interesting for the week of February 6 – 10. Ethical Hacking.  Federal News Radio reports: “The federal market for “white hat” hackers continues to grow. Not only are ethi (more...)


Moving Forward on Cybersecurity

The President promises to beef up cybersecurity efforts. Press reports on a draft Executive Order from the Administration parallel campaign commitments to launch an immediate review of all US cyber defenses by a Cyber Review Team comprised of individuals from the military, law enforcement, and private sector. (more...)


Liquidity Risk Innovations for Competitive Advantage - Battling the Build vs. Buy Dilemma

This white paper explores how organisations can enhance liquidity risk management through innovation and examines the build vs buy dilemma. (more...)


Weekly Roundup: January 9-13, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending January 13, 2017. Michael J. Keegan Obama appointee to lead VA under Trump. Dr. David Shulkin, the Department of Veterans Affairs current undersecretary for health, was tapped by Pr (more...)


Weekly Roundup: December 12-16, 2016

Articles from across the Web that we at the IBM Center for The Business of Government found interesting, week of December 12-16, 2016. John Kamensky New Volcker Alliance Report: What Americans Want from Government.  The Volcker Alliance report, by Dr. Paul Light, says: “Americans (more...)


Third Party Risk Management: Put data & insights into your work today

This report analyses various organisational approaches to third party risk management and due diligence. The report further discusses the top challenges to third party risk management programs. (more...)


Special Report - FY 2016 Purchase Card Risk Assessment

Special Report - FY 2016 Purchase Card Risk Assessmentl (more...)


Enterprise Risk Management - Whitepaper

Enterprise Risk Management - Whitepaper, September 10, 2015 (more...)