We’ve created this article resource by pulling from ERM-related feeds across the web. Each article links to the original publication site. Is there a feed you think we should include? Email aferm.webmaster@gmail.com

Announcing the Center’s Newest Research Report Topics

The Center for The Business of Government continues to support research by recognized thought leaders on key public management issues facing government executives today We are pleased to announce our latest round of awards for new reports on key public sector challenges, which respond to prio (more...)


Using ERM to Protect Your Business from The Equifax Fallout

As with many data breaches, the general conclusion of the Equifax attack is that personnel were not aware of the issue beforehand. This conclusion, however, is false. In early September, I anticipated that a vulnerability in Equifax’s software was known ahead of time, and that this scandal was, therefore, entirely preventable. A month later, (more...)


Risk and Crisis Management Explored at Cyber Event

NEW YORK—Cyberattacks and data security need to be high priorities for all businesses, experts stressed at ALM’s cyberSecure 2017 event here, Dec. 4 and 5. In fact, not only is failing to prepare for an attack or breach risky, it’s foolish, Kathleen McGee, internet & technology bureau chief for the Office of the Attorney Gener (more...)


Medicare and Medicaid: CMS Needs to Fully Align Its Antifraud Efforts with the Fraud Risk Framework, Dec 05, 2017

What GAO Found The approach that the Centers for Medicare & Medicaid Services (CMS) has taken for managing fraud risks across its four principal programs—Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and the health-insurance marketplaces—is incorporated into its broader program-integrity approach. According (more...)


Medicare and Medicaid: CMS Needs to Fully Align Its Antifraud Efforts with the Fraud Risk Framework, Dec 05, 2017

What GAO Found The approach that the Centers for Medicare & Medicaid Services (CMS) has taken for managing fraud risks across its four principal programs—Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and the health-insurance marketplaces—is incorporated into its broader program-integrity approach. According (more...)


Santa’s Impact on Business and Finance

Just as Santa Claus brings gifts down chimneys, his name alone also carries the stigma of risks that transcend all industries. Indeed, thanks to the logistics of his job we have a firm grasp of the risks of reindeer-led aviation. But perhaps more importantly, Kris Kringle’s presence has long influenced finance and business. Mentioning him on (more...)


Year in Risk 2017

Whether it was natural disasters, cyberattacks, corporate crises, political uncertainty or terrorist activity, risk events made high-profile and often sobering headlines in 2017. Although by no means exhaustive, the following review of the year in risk can help risk professionals learn from the past so that they can better prepare for future threa (more...)


On the Ground: Risk Management in a Historic Hurricane Season

A devastating hurricane season left catastrophic damage across the Atlantic basin, with the most severe storms in more than a decade striking the Caribbean and southern United States in close succession. While the year is not yet over, 2017 is already one of the most expensive in history for natural disasters. Risk Management spoke with individual (more...)


Technology to the Rescue

The trio of powerful hurricanes that impacted Florida, Texas, Puerto Rico, the Virgin Islands and the rest of the Caribbean in 2017 left large swaths of destruction in their wake and much work to be done to restore business and infrastructure operations. To assist in the response and recovery processes, many organizations turned to technology, suc (more...)


Risk Management’s Strategic Role

The financial crisis that began a decade ago undoubtedly triggered a renewed focus on risk management. One result is that finance executives and risk professionals are increasingly asked to provide insights on risks to inform decisions that impact organizational strategy. In the 2017 AFP Strategic Role of Treasury Survey from the Association of Fi (more...)


How to Manage Personal Device Risk

In the decade since the iPhone was released in 2007, mobile device adoption has exploded in the workplace. Bring your own device (BYOD) policies are proliferating at a faster rate than the use of corporate-owned devices. Many security teams have moved to control corporate-owned devices with enterprise mobility management programs, and some go as f (more...)


Inside New York’s Cyber Regulation

In March 2017, the New York State Department of Financial Services passed 23 NCRR 500, which establishes cybersecurity requirements for financial services companies. The regulation is one of the first to advocate a risk-based approach to security that does more than simply react to threats. Core to the regulation is the completion of a risk assess (more...)


ERM and the Art of Motorcycle Adventure

This summer, I took a six-day motorcycle trip through Montana and Wyoming. While touring some of the most beautiful parts of the country, it struck me that operating a motorcycle and implementing ERM have a lot in common. On the road, the continuous monitoring of your speed, body posture, the weather and road conditions, the lane you are traveling (more...)


ERM Benchmarks

Since the financial crisis nearly 10 years ago, the financial industry has led the way in adoption and advancement of enterprise risk management programs, according to the RIMS 2017 Enterprise Risk Management Benchmark Survey. In 2013, more than half of respondents in the financial sector said they had a fully or partially integrated ERM program, (more...)


What Organizations Need to Know about Risk Culture Audits

Today’s risks require more proactive oversight by boards of directors on the issue of risk management. Transitioning to this approach is easier said than done, however. The trouble is that many organizations are weighed down by antiquated risk management frameworks that prevent them from being proactive. Even today, how financial services and (more...)


Drivers Transforming Government: Risk

Mitigating risk, managing cybersecurity, and building resiliency to meet the mission of government Note: The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers of change in government. It is based on our research and numerous insights (more...)


Is Environmental Regulation Dead?

With the dramatic change in the governing philosophy of the nation’s commander-in-chief, coupled with Republican domination of Congress and state governments, some are wondering: Is environmental regulation dead? The answer to this question has critical relevance to risk managers who focus on identifying, evaluating and anticipating enterpris (more...)


Open Offices and Holidays: A Parade of Risks

‘Tis the season for many businesses to stay open through the holidays and for some to take part in the tradition of partying or watching a parade warmly from behind office windows. That’s why businesses located near public events should inform employees of how their offices will be impacted during the holiday season. Parades pose variou (more...)


Keeping Parades and Events Safe for Businesses and Employees

Holiday parades will be marching down many U.S. city streets during the next six weeks, with millions of revelers expected to attend. And while these are historically joyous occasions, safety is a top concern for businesses located near the festivities—especially considering the high-profile violence that has recently dominated headlines. Re (more...)


Insurance Industry Responds to House Approving NFIP Renewal

Insurance industry trade groups lauded the U.S. House of Representatives’ vote on Nov. 14, reauthorizing the National Flood Insurance Program (NFIP). The 21st Century Flood Reform Act (H.R. 2874) would reauthorize the program for five years and enact operational changes. Advocates from RIMS, the risk management society, the Property Casu (more...)


Financial Audit: Securities and Exchange Commission's Fiscal Years 2017 and 2016 Financial Statements, Nov 15, 2017

What GAO Found GAO found (1) the United States Securities and Exchange Commission’s (SEC) and its Investor Protection Fund’s (IPF) financial statements as of and for the fiscal years ended September 30, 2017, and 2016, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; ( (more...)


Drivers Transforming Government: Agility

Adopting new ways for government to operate, using agile principles and putting user experiences and program results at the forefront. Note:  The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers of change in government. It is ba (more...)


The Strengths and Weaknesses of Country Risk Maps

Country risk maps are a type of infographic developed by consultancies and insurance firms that shows how exposed countries around the world are to particular threats such as political instability, terrorism or crime, among others. In some cases, the maps assess an aggregate risk like security or travel risk, both of which have many component eleme (more...)


The Eightfold Path for Enterprise Risk Management

Enterprise Risk Management (ERM) practitioners often struggle with thematic challenges cutting across both industry and geography. These difficulties include capturing all categories of risk with metrics that reflect an organization’s decision style and performance measurement methods, avoiding the trap of being perceived as bureaucracy or re (more...)


Disaster Assistance: Opportunities to Enhance Implementation of the Redesigned Public Assistance Grant Program, Nov 08, 2017

What GAO Found The Federal Emergency Management Agency (FEMA) redesigned the Public Assistance (PA) grant program delivery model to address past challenges in workforce management, but has not fully assessed future workforce staffing needs. GAO and others have previously identified challenges related to shortages in experienced and trained FEMA (more...)


High Performance Risk Management

LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” Chris Mandel, senior vice president of strategic s (more...)


Drivers Transforming Government: Insight

Policy makers, agency leaders, and frontline staff regularly find themselves having to make sense out of data and information, drawing out insights to inform decisions. Note:  The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers (more...)


Coverage, Breaches Highlighted at Advisen Cyber Conference

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 20 panels and sessions on Oct. 26. The keynote was delivered by former New York City Mayor Rudolph W. Giuliani, currently the chair of Greenberg Traurig LLP’s Cybersecurity, Privacy and Crisis Manage (more...)


The ERM Imperative

In recent years, many corporations, including BP, Target and Volkswagen, have been prosecuted for various scandals and suffered financial and reputational damage for inflicting harm on their respective employees, customers, shareholders and communities. While these companies come from a wide range of industries that each face unique challenges, th (more...)


Cyber Scorekeepers

Few enterprise risks are more complex, unwieldy and overwhelming than cyberrisks. A well-orchestrated cyberattack can derail business for weeks at a time and cause severe reputation damage. In preparing for such possibilities, risk managers and their colleagues in IT and security must not only focus inward on fast-changing corporate vulnerabilitie (more...)


Downstream Disaster

Many companies have suffered tarnished reputations when their products have become associated with the unpopular actions of other parties. For example, heavy-equipment manufacturer Caterpillar has long been lambasted for selling equipment to the Israeli Defense Force and having its bulldozers and other trucks used to quell civil disturbances in th (more...)


Construction Industry Addresses Risks

The commercial building industry is expected to continue surging through the end of the year, with many independent forecasters predicting growth into 2018. ConstructConnect forecasted a 6.3% increase in total construction growth over 2016 and a 7.2% rise in construction spending this year, for example. The leading recipients of this investment ar (more...)


How Risk Management Can Enable Growth

Traditionally, finance and strategy teams have been tasked with working together to promote corporate growth. Now, new research suggests they need to enlist a third partner—risk management—to achieve sustainable long-term growth. A study conducted by CEB (now Gartner) of the Fortune 1000 and S&P Euro 350, found that just 60 compani (more...)


Developing a Data Backup Strategy

Whether it has been natural disasters or  hacking incidents, recent crises have served as a dramatic reminder that it takes a lot to get back in business following a disruption. Complete disaster recovery means setting up a fully functioning physical or virtual infrastructure, establishing all necessary network connectivity and capability, an (more...)


Managing Pain in the Workforce

Pain is the top cause of adult disability in the United States, costing the workforce as much as $334 billion each year in lost productivity costs, according to a 2012 study in the Journal of Pain. While the musculoskeletal “pain points,” such as back pain and carpal tunnel, are well known and their direct costs well-documented, there (more...)


Cyberrisk, Talent Pose Top Risks for Financial Services

Risk management is gaining prominence in the financial services industry, with 44% of boards of directors devoting more time to oversight of risk management, according to Deloitte’s latest Global Risk Management Survey. The most common risk management responsibilities cited by boards were reviewing and approving the overall risk management p (more...)


Zombie Risk Management 101

An emerging risk over the past 10 years has been the rise of undead walkers, or “zombies” and their influence on supply chains, natural resources and mortality rates. These once-alive individuals thrive on human flesh and spread deadly diseases; their exploits have been well documented in California and Georgia for years on basic cable (more...)


Critical Infrastructure Protection: DHS Risk Assessments Inform Owner and Operator Protection Efforts and Departmental Strategic Planning, Oct 30, 2017

What GAO Found The Department of Homeland Security (DHS) primarily conducts assessments for each of the three elements of risk—threat, vulnerability, and consequence—for critical infrastructures from the three sectors GAO reviewed—Critical Manufacturing; Nuclear Reactors, Materials, and Waste; and Transportation Systems. In li (more...)


Military Readiness: Actions Are Needed to Enhance Readiness of Global Response Force to Support Contingency Operations, Oct 27, 2017

What GAO Found The Department of Defense's (DOD) Global Response Force (GRF) has two distinct uses: one is to enhance DOD's ability to rapidly deploy forces in response to a range of worldwide contingencies with a tailorable joint force; and the other is to provide a set, or “menu,” of units that combatant commands can request to au (more...)


Federal Facility Security: Selected Agencies Should Improve Methods for Assessing and Monitoring Risk, Oct 26, 2017

What GAO Found None of the four agencies GAO reviewed—U.S. Customs and Border Protection (CBP), the Federal Aviation Administration (FAA), the Agricultural Research Service (ARS), and the Forest Service—used security assessment methodologies that fully aligned with the Interagency Security Committee's Risk Management Process for Fe (more...)


Protecting Your Company from Rogue Employees

While employee malfeasance rarely takes down entire companies, it can result in serious fines, sanctions, court judgments, settlements and reputational damage. Big data analytics is one way leading companies are able to mitigate risk, by proactively detecting threatening or illegal behavior. Traditional ERM Approaches Won’t Do Compliance offi (more...)


Recovery Plans Critical Following Active Shooter Incidents

October has been mired by mass shootings in the United States. Incidents in which four or more people were shot—the criteria for a mass shooting—have occurred 15 times in the last 18 days. The Oct. 18 occurrence at a business park in Maryland, involving an employee who killed three co-workers on-site and injured two more, has increased (more...)


A Legacy of Risk: Technology Transformation in Practice

This white paper examines the challenges faced by risk management executives when attempting to replace their risk technology architectures. It highlights lessons learned during this process and pitfalls to avoid, including those related to technical, operational, and cultural factors. (more...)


RIMS Legislative Summit 2017: Focus on Flood

WASHINGTON—The RIMS Legislative Summit kicked off on Wednesday in Washington, D.C. with a panel lead by Congressional office staff. Panelists included Lisa Peto, chief counsel for the Financial Services Committee; Democratic Staff in the U.S. House of Representatives: Jason Tuber, Senior Advisor to Senator Menendez (D-NJ); Ed Skala, Deputy St (more...)


TSA Modernization: Use of Sound Program Management and Oversight Practices Is Needed to Avoid Repeating Past Problems, Oct 17, 2017

What GAO Found The Transportation Security Administration's (TSA) new strategy for the Technology Infrastructure Modernization (TIM) program includes using Agile software development, but the program only fully implemented two of six leading practices necessary to ensure successful Agile adoption. Specifically, the Department of Homeland Securi (more...)


The Global Economy’s New Frontiers

The global economy is in transition, not so much as the result of fluctuating superpower politics, but more so as the quiet byproduct of shifting investment in emerging economies. We are at the end of supersized returns previously found in Brazil, Russia, India, China, and South Africa (BRICS), foreign direct investment constants since 2001 that ha (more...)


Insider Threats Part I: Background and Organizations Working to Counter Insider Threats

Insider Threats are not new. They have plagued the country throughout its history. Since Benedict Arnold in 1789, Insider Threats have endured as a challenge for government. Yet, the seriousness of Insider Threats motivates the ongoing efforts to implement systems and processes to inhibit t (more...)


N. Calif. Wildfires Continue Widespread Destruction

The National Interagency Fire Center (NIFC) increased the National Preparedness Level to 3 today due to wildfire activity in eight Northern California counties, including Napa, Sonoma and Mendocino, where evacuations, road, trail and area closures are in effect. Since their start on the night of Oct. 8, the wildfires in California’s wine cou (more...)


Biodefense: Federal Efforts to Develop Biological Threat Awareness, Oct 11, 2017

What GAO Found Key biodefense agencies—the Departments of Homeland Security (DHS), Defense (DOD), Agriculture (USDA), and Health and Human Services (HHS), and the Environmental Protection Agency—conduct a wide range of activities to develop biological threat awareness for intentional and naturally occurring threats, and reported usi (more...)


Physical Security: NIST and Commerce Need to Complete Efforts to Address Persistent Challenges, Oct 11, 2017

What GAO Found GAO found that efforts to transform the physical security program at the National Institute of Standards and Technology (NIST) have incorporated some key practices, particularly with regard to leadership commitment to organizational change. For example, GAO estimates that, as of May 2017, 75 percent of staff GAO surveyed believe (more...)


Bridging the Security Gap in the Internet of Things

To build an effective security strategy for the internet of things (IoT), we first need to understand the value of the data that is generated. The ability to use data, collected from a variety of locations and sources, to drive decision making is a key asset of the IoT. This valuable data will help organizations to innovate, solve customer problems (more...)


Lawsuits Question Arkema Emergency Preparedness Plan

Last week officials in Harris County, Texas were granted permission to file a lawsuit against international chemical company, Arkema, Inc., in attempt to recover the costs of responding to the crisis at the company’s plant in Crosby during Hurricane Harvey in August into September. The County has asked a court to review the plant’s envi (more...)


8 Legal Developments You Need to Know About

In a new RIMS Professional Report, attorneys Mark Plumer and Xandra Bernardo (of Pillsbury Winthrop Shaw Pittman LLP) and Patrick Walker, a risk professional at mining company Rio Tinto Group, shed light on the top risk management legal developments of 2017. According to the authors, risk managers “must be familiar with the legal princip (more...)


Grid: Locked — Managing the Risks of Hacking the Electric Grid

On Dec. 17, 2016, hackers successfully targeted an electric transmission substation outside of Kiev, Ukraine, leaving part of the city without power for about an hour. Widely thought to be attributable to the Russian government, the incident was the second attack to cause a power outage in Ukraine in as many years. The incident was far from catast (more...)


The Risks of Voice Technology

These days, voice technology is everywhere. Voice-enabled digital devices and virtual assistants from Amazon, Apple, Google, Microsoft and others can answer a question, provide a weather report, turn up the thermostat or even order a pizza. Businesses are using voice technology to improve call center performance, verify customer account informatio (more...)


Enhancing Security with Big Data Analytics

Security information and event management systems have long been the foundation for many organizations’ information security programs. While they remain an essential part of ensuring and maintaining strong cybersecurity, they need improvement to meet the demands of today’s rapidly evolving threat landscape. Security information and eve (more...)


Managing the New Dynamics of Terrorism

Terrorist attacks in mainland Europe and the U.K. over the past few years have impacted the way individuals and businesses view travel to these destinations previously considered “low risk.” Images of gunmen in central Paris, knife-wielding extremists in London, and high-casualty bombings in Belgium are just a few of the events that ha (more...)


Alternative Energy Strategies

Businesses in the United States are getting serious about using less energy, acquiring their energy from renewable resources and installing onsite generators to address potential risks, according to the Deloitte study Energy Management: Sustainability and Progress. While the primary motivation for businesses to launch an energy resource management (more...)


Community, Diversity Spotlighted at RIMS Canada

TORONTO—The 2017 RIMS Canada Conference quickly found its groove on Monday morning, kicking off the annual conference with performances by a choir of local schoolchildren and an opening session centered on the theme of community. Focusing first on the RIMS community, the RIMS Canada Council announced its top honors for accomplishment in (more...)


The Strategic Value of Risk Taking

With profound economic, geopolitical, demographic, and technological changes taking place around the world, the business environment is rife with risk and uncertainty, but also opportunity. In such an environment, the need for risk-informed decision making has never been greater. A recent Deloitte survey asked several hundred board members and C-le (more...)


Immersive Technology for Government: Part 1 - Virtual Reality

In many ways, virtual reality (VR) is old hat to the government. Airmen, astronauts, and soldiers have long been putting in time in simulators training for the real thing. While training is a valuable application for this technology, it is not the only one. There are a number of other opport (more...)


Weekly Roundup: September 11 - 15, 2017

Back from a summer hiatus, the IBM Center's Weekly Roundup highlights articles and insights that we found interesting over the last couple of weeks.   Michael J. Keegan Military IT chiefs want combat-ready infrastructure. A streamlined IT infrastructure isn't just efficient, it's essen (more...)


Paying it Forward: Industry Leaders Celebrate at Spencer Gala

Every year in September, leaders in the insurance world celebrate the profession and show their support for the next generation of risk management and insurance professionals. This year, close to 700 executives made their way to the Spencer Educational Foundation’s 9th Annual Gala on Thursday night at the New York Hilton Midtown. Nearly (more...)


RIMS Membership Has a Say in COSO’s New ERM Framework

When Risk & Insurance Management Society (RIMS) members use the new ERM framework published Sept. 6 by the Committee of Sponsoring Organizations of theTreadway Commission (COSO), they may recognize their own ideas prominently displayed. Carol Fox, RIMS vice president of strategic initiatives announced the call for public comment on Risk Managem (more...)


Understanding Cognitive Counter-Fraud, Waste and Abuse

Over the past decade, federal government agencies have made notable progress with respect to combatting fraud and improper payments as part of agency-specific program integrity efforts. Greg Greben, Vice President and Client Group Leader, Federal Civilian & Healthcare Agencies, IBM Global Business Services, authored this article In (more...)


Actionable Cybersecurity Practices for the 21st Century: Perspectives from Experts

A recent meeting of public and private sector experts identified real challenges and practical opportunities for change. The IBM Center recently partnered with the National Institute for Standards and Technology (NIST) and George Washington University Center for Cyber and Homeland Security to convene a set of interactive discussions among (more...)


Post-Harvey Lessons For Chemical Plant Managers

One of the many hazards exposed by Hurricane Harvey occurred in Crosby, Texas, when the Arkema chemical plant suffered fires and small explosions on Aug. 31 and Sept. 1. Floodwaters caused the fires by penetrating the facility and shutting down the cooling systems designed to stabilize 500,000 pounds of highly flammable materials inside. This ultim (more...)


Timing is Everything In Crime Insurance Claims

In current discussion of fraud and crime coverage, emerging cyberrisks and appalling financial schemes grab the headlines, and the direct loss conundrum captivates coverage counsel. While policyholders and their risk managers should of course monitor those issues, they also should remember the basic timing requirements that could undermine otherwis (more...)


Ensuring Your Company’s Disaster Relief Donations Are Well Received

With Hurricane Harvey’s effects being felt in Texas and Louisiana for some time to come, businesses may want to help victims by making corporate donations. Corporate decision-makers should carefully consider ways to contribute, since some recent post-disaster efforts have not helped as intended. Depending on your industry and your company’s size (more...)


The Hunt for Risk Management’s Panda

You may never have heard of Chi Chi the giant panda, but you would almost certainly recognize her image. In 1961, Sir Peter Scott used sketches of Chi Chi to design the original logo for the World Wildlife Fund (now the World Wide Fund for Nature) and, in so doing, created one of the most recognizable and enduring symbols of international conse (more...)


The Psychology of Risk

Over the past several years, psychologists, behavioral scientists and academics have helped to advance our understanding of human psychology and, specifically, how humans respond to high-risk and crisis situations. This research has highlighted how a lack of pre-crisis training and preparation may exacerbate risk and cause unnecessary errors du (more...)


Four Key Cyberrisk Management Questions for Directors and Officers

Courts have historically made it difficult to hold directors and officers personally liable for breaches of fiduciary duties. But as cyberrisk management liability standards evolve, directors and officers increasingly face the risk of personal exposure. In September 2015, following Home Depot’s high-profile data breach that exposed more than 5 (more...)


College Captive Offers Hands-On Experience

According to the U.S. Bureau of Labor, as workers retire or change jobs, in the next five years alone, the insurance industry will need to replace 104,000 insurance agents, 71,900 claims adjusters, 67,400 claims/policy processing clerks, 28,900 underwriters, 8,500 software developers/programmers, 7,500 computer/information analysts, and 6,900 a (more...)


5 Best Practices for IoT Privacy Compliance

According to a January 2017 forecast from Gartner, 8.4 billion internet of things items will be in use worldwide this year—a 31% increase from 2016—to the tune of almost $2 trillion in annual spending on devices and services. As companies create these interactive items, most of which can track consumers, the Federal Trade Commission (FTC)—the g (more...)


Managing Public Sector Auto Risks

Fleets are a serious and growing risk management challenge for public entities. The public sector collectively has the largest vehicle fleet in the United States. With 1.3 million cars and trucks, that sector is even larger than the commercial fleet segment, according to Government Fleet magazine, so the challenges of commercial auto insurance (more...)


Global Risk Concerns

Headline news correlated directly with the top-10 concerns of risk managers globally in 2016, according to Aon’s Global Risk Management Survey. An increase in product recalls and scandals flamed by social media, for example, has raised organizations’ reputational risk exposure in the past few years. “Damage to reputation/brand” is at the top (more...)


Air Traffic Control Modernization: Progress and Challenges in Implementing NextGen, Aug 31, 2017

What GAO Found The Federal Aviation Administration (FAA) is implementing the Next Generation Air Transportation System (NextGen) incrementally and has taken actions to address challenges to implementation. NextGen has enhanced surface traffic operations at 39 of the 40 busiest airports in the United States by providing electronic communications (more...)


Empowering your risk management strategy

This eBook explores five key areas of risk management that can help transform the way in which organisations understand and manage risk. It further provides real-world examples to show how IBM solutions can help you deliver demonstrable business value and achieve your full potential. (more...)


A New Approach to Managing a ‘Classic’ Reputation

A new Coca-Cola-sponsored contest seems to publicly acknowledge its reputational risk, but at a minimal cost that could manage or even reduce it. In early August, the beverage giant announced its Sweetener Challenge, seeking non-employees (preferably scientists or agriculture or nutrition professionals) who can bring the company a “natural, (more...)


Can You Have Too Many Coffee Shops?

The collective mood among Starbucks (SBUX) shareholders may have been dark and intense on Wednesday, following a 1% downgrade of the coffee company’s share price by BMO Capital Markets due to “store overlap.” BMO analyst Andrew Strelzik wrote: “There are now 3.6 Starbucks locations within a one-mile radius of the typical Starbucks in the U.S. relat (more...)


Risk Management Isn’t Just for the Finance Staff

Operational leaders have an opportunity to align resources against their greatest vulnerabilities. (more...)


The ERM Value Connection

Research has shown that enterprise risk management (ERM) adds value. One research paper showed that ERM adds to the value metric called Tobin’s Q. Other award-winning research has shown that ERM enables better decision making. The authors of that research state: “Specifically, as companies implement an ERM process, the new knowledge it provides th (more...)


The Risk of Being Too Delicious

Shockwaves were felt around the wing-eating world last week, when Buffalo Wild Wings announced it will be discontinuing its Tuesday night half-priced wing promotion. According to reports, the franchise’s decision was a difficult one as the promotion was “a major driver of traffic” and “boosted same-store sales” for some locations. Ultimately, th (more...)


Ransomware Ready: How to Prepare for the Day You Get Locked Out

In May, a strain of ransomware known as WannaCry infected more than 230,000 computers in 150 countries, demanding about $300 in the cryptocurrency bitcoin to restore access. Primarily striking Europe and Asia, the attack crippled operations for a wide swath of enterprises, from the U.K.’s National Health Service to German state railways to thou (more...)


A New Method for Measuring Captive Performance

In order to drive operational effectiveness and capital deployment efficiency, leaders of captive insurance companies are increasingly in need of improved methods for performance evaluation and tools that go beyond simple financial ratio analysis or industry benchmarking comparisons. This need includes validation of the risk management program (more...)


Practical Lessons for Managing Cyberrisks

Of all the dangers that consume risk managers’ thoughts, cybersecurity is arguably the most intangible. It is difficult to truly “see” the many factors that can cause breaches or attacks, which often leaves cyberrisk confined to the realm of hypothetical and worst-case scenarios. However, we continue to hear about successful attacks that penetr (more...)


Improving Vendor Risk Management

Evolving and increasing regulatory requirements. Growing vendor inventories. Heightened internal pressures to perform risk management functions. Shifting responsibility and accountability for the actions of vendors. These are only a handful of the challenges and considerations companies face when managing third-party risks. In light of the heig (more...)


Exploring Liability for Exploding E-Cigarettes

Electronic nicotine and non-nicotine delivery systems, more commonly known as e-cigarettes, represent a global market worth almost $10 billion. In the United States alone, e-cigarette sales reached about $4.1 billion in 2016. But as the market continues to grow, reports of exploding e-cigarettes have raised concerns about product safety and lia (more...)


Defense Cybersecurity: DOD's Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened, Aug 01, 2017

What GAO Found Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM) (see table). Also, DOD and congressional committees have identified actions that could mitigate risks associate (more...)


Refugees: State and Its Partners Have Implemented Several Antifraud Measures but Could Further Reduce Staff Fraud Risks, Jul 31, 2017

What GAO Found The Department of State (State) and the United Nations High Commissioner for Refugees (UNHCR) have worked together on several measures designed to ensure integrity in the resettlement referral process. State and UNHCR have established a Framework for Cooperation to guide their partnership, emphasizing measures such as effective ov (more...)


Companies Must Evolve to Keep Up With Hackers

If you ask a CFO if their company’s current cybersecurity strategy is working, it’s very likely that they do not know. While at first they may think it is, because the company’s bank accounts are untouched, an adversary could be lurking in their network and collecting critical data to later hold for ransom—threatening to destroy it if the money isn (more...)


Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, Jul 27, 2017

What GAO Found The Internet of Things (IoT) is the set of Internet-capable devices, such as wearable fitness devices and smartphones, that interact with the physical environment and typically contain elements for sensing, communicating, processing, and actuating. Even as the IoT creates many benefits, it is important to acknowledge its emerging (more...)


Weekly Roundup: July 17 - 21, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending July 21, 2017. Michael J. Keegan White House pushes TBM for IT savings and smarter spending.  Chris Liddell, the president's director of strategic initiatives, thinks the federal government may be spending as much as $200 billi (more...)


Corporate Culture and Risk Management

According to an April New York Times article, “Uber’s core company values included making bold bets, being “obsessed” with the customer, and to “always be hustling.” The company emphasized meritocracy, setting employees up as rivals and overlooking transgressions of its high performers. At its worst, Uber maintained an “unrestrained culture” that h (more...)


Reimagining Enterprise Risk - How Today’s Finance Leaders Can Use Data and Clear Vision to Navigate Risk

This infographic explores the key emerging risk management hazards as well as the four forces disrupting the CFO role. It further explores an opportunity for data-inspired leadership and growth. (more...)


Wildfires Blaze through Western U.S. and Canada

Following a wet spring, at least six western states are now fighting wildfires, which have been intensified by extremely high temperatures, wind gusts and lightening. In northern California, about 4,000 people evacuated and more than 7,000 were told to prepare to leave as fires burned in the Sierra Nevada foothills, about 60 miles north of Sacramen (more...)


Marsh Tracks Top Captive Trends

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and (more...)


How to Know Which NIST Framework to Use

Some agencies are confusing NIST's Cybersecurity Framework with the Risk Management Framework. (more...)


Management Report: Opportunities for Improvement in FHFA's Evaluation of Internal Control over Financial Reporting, Jun 14, 2017

What GAO Found During its audit of the Federal Housing Finance Agency's (FHFA) fiscal years 2016 and 2015 financial statements, GAO identified deficiencies in FHFA's evaluation of internal control over financial reporting. This includes the FHFA Office of the Inspector General's (FHFA-OIG) evaluation of its own internal control over financial r (more...)


5 Strategies to Maximize Your Risk Assessments

While risk assessments enable organizations to understand their business issues and identify uncertainties, the best assessments go further. They prioritize top risks, assign risk ownership, and most critically, integrate risk management and accountability into front line business decision-making. Simply put, “checking the boxes” just i (more...)


Lloyd’s Plans for Post-Brexit Subsidiary

Just one day after the U.K. set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced it was establishing a subsidiary in Brussels, intending to be able to write EU business for the Jan. 1, 2019, renewal season. The new company will write risks from all 27 European Union c (more...)


A complete perspective - Managing and monitoring a single view of concentration risk

This white paper explores managing and monitoring a single view of concentrated risk. It examines the need for tools that can streamline credit risk management systems and create a single enterprise-wide view of risk as an early warning system against future crises. (more...)


Preparing for Brexit

One year ago, few business leaders would have put their money on the United Kingdom voting to leave the European Union. Indeed, the June 2016 referendum has been a wake-up call for corporations, showing that voters still have significant power to a country’s economic future, and that massive, rapid geopolitical changes can happen anywhere. C (more...)


Insuring Against Terrorism

Concerns about political unrest and terrorism continue to be high on the agenda for risk managers of multinational businesses. According to the 2017 Allianz Risk Barometer, these fears ranked eighth among the top corporate perils cited by risk consultants, underwriters, senior managers and claims experts. The most commonly cited concerns were acts (more...)


Cyber and the C-Suite: New Cyberrisk Responsibilities for Chief Risk Officers

How to Use the World Economic Forum’s Cybersecurity Principles A 2017 WEF report outlines best practices for boards and the C-suite to help strengthen an organization’s cyber practices by providing guidance for managing cyberrisks much in the same way that organizations manage enterprise risk. Read more about these 10 steps and how to (more...)


Preparing for an Immigration Crackdown

President Trump has vowed to protect U.S. workers and jobs and it is clear that one way he plans to achieve this goal is by policing immigration compliance. Under the Trump Administration, U.S. Immigration and Customs Enforcement (ICE) will increase worksite enforcement actions against employers, which could involve issuing I-9 Notices of Inspecti (more...)


Contingency Planning for Environmental Spills

Fuel spills and discharges of hazardous materials, pollutants and other regulated materials, even in small quantities, can turn into expensive incidents for spill generators and their insurers. Therefore, the time to prepare for an environmental release is before it happens. Spill preparedness starts with a risk assessment. Companies at risk for e (more...)


Investing in the Insurtech Toolbox

Just a few years ago, the nascent insurtech sector received scant attention from the insurance industry. But with the number of companies in the space growing exponentially, more insurers, intermediaries and risk managers are being forced to take notice. Insurtech refers to the subset of technology startups focused on process enhancements in under (more...)


Put Your Money Where Your Risk Is

Compared to property, plant and equipment (PP&E) assets, the impact of business disruption to cyber assets is 72% greater, organizations value cyber assets at 14% more, and quantify probable maximum loss from cyber assets is 27% higher, according to the 2017 Cyber Risk Transfer Comparison Global Report from Aon and the Ponemon Institute. What& (more...)


Running with Risk

When I was 12 or 13 years old, I ran in my first competitive race, a neighborhood 5K that had been organized around the 40th anniversary of my hometown. I don’t remember my time, but I do know that I came in second in my age group, which, even though there were only three runners in my bracket, seemed pretty cool. I also remember throwing up (more...)


Weekly Roundup May 19, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting. Michael J. Keegan   $500M IT modernization bill passes House. The Modernizing Government Technology Act passed the House of Representatives on a voice vote, but the Senate outlook is less certain. (more...)


Homeland Security: Progress Made to Implement IT Reform, but Additional Chief Information Officer Involvement Needed, May 18, 2017

What GAO Found The Department of Homeland Security (DHS) has fully implemented 28 of the 31 selected Federal Information Technology (IT) Acquisition Reform Act (FITARA) action plans; however, as of December 2016, DHS did not fulfill all aspects of 3 action plans. For example, one action plan is to use an updated process for reviewing troubled p (more...)


North Korea Now Suspected in Ransomware Attack

The massive cyberattack targeting computer systems of businesses, government agencies and citizens in more than 150 countries is now being linked to the North Korean government. Called WannaCry, the ransomware encrypts the victim’s hard drive and demands a ransom to be paid in the virtual currency bitcoin equivalency of about $300. According (more...)


Pentagon Financial Office Not Complying with Improper Payments Law, Watchdog Finds

Five out of six requirements in estimating and risk assessments were missed. (more...)


Navigating Risk Management Around the Globe

Over the past few years, I’ve had the wonderful opportunity to travel the world and visit factories, distribution centers, ports, warehouses, and several offices for the company where I work. Apart from being a great way to see the world, it has also been an opportunity to learn from the ways different cultures see and manage risk. Coming fro (more...)


In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders. Today, risk management is not just recommended, it is considered (more...)


10 Insurance Tips to Help Manage Construction Risk

Construction involves risks that can and should be managed, often by transferring that risk to insurance. The following 10 tips can help in that effort: Remember that the construction contract is the cornerstone of risk management. The contract documents should set forth the risk allocation plan, including additional insured pro (more...)


Ransomware Attacks Increase, With U.S. the Primary Target

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec. “Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangero (more...)


Total Cost of Risk Drops for Third Straight Year, RIMS Finds

Despite the challenges of a slowed economy in an election year, a shifting risk landscape as a result of technological advances, and a slow to negative growth rate in some sectors, 2016 saw the total cost of risk (TCOR) decline for the third consecutive year, according to the 2017 RIMS Benchmark Survey. Even in the face of such uncer (more...)


Risk Uprising: Navigating Today’s Political Turmoil

In March 2016, the Economist Intelligence Unit rated the possibility of a Donald Trump presidency as one of the top 10 risks facing the world—riskier even than the U.K. leaving the European Union, and just as unlikely. Judging impact and probability on a scale of one to 25, with 25 considered the most dangerous, the analysis rated the possib (more...)


The Importance of Financial Disaster Preparedness

Containment of financial loss, regardless of its cause, is a key goal of virtually every organization’s risk strategy, providing a compass for many of the actions taken to avoid, mitigate, transfer and retain risks enterprise-wide. Yet catastrophic events too often result in losses that exceed the expectations of management. Such losses high (more...)


Risk-Based Approaches to Cybersecurity

There has been tremendous progress in the cybersecurity discipline in terms of defining strategy by outcomes rather than the methods used. This is especially apparent in the financial services industry, where frameworks such as CBEST and FFIEC encourage practitioners to not only think about risk-based approaches, but also to understand levels of m (more...)


Using Contracts to Curb Cyberrisks

Organizations frequently share information—some of it sensitive or confidential—with vendors in their supply chain. But many data breaches, such as Target’s 2013 breach that exposed the financial data of 40 million customers, have resulted from poor cybersecurity on the part of a vendor. While no organization or vendor can ever b (more...)


Notepad: Risk in Review – May

North Carolina Repeals Bathroom Bill After a year of protest, economic fallout, and the ousting of the governor who signed it, North Carolina legislators repealed the controversial House Bill 2 (HB2), also known as the “Bathroom Bill.” The measure restricted enactment of anti-discrimination policies protecting LGBT citizens and require (more...)


Border Security: Additional Actions Could Strengthen DHS Efforts to Address Subterranean, Aerial, and Maritime Smuggling, May 01, 2017

What GAO Found GAO's analysis of Department of Homeland Security (DHS) data showed that there were 67 discovered cross-border tunnels, 534 detected ultralight aircraft incursions, and 309 detected drug smuggling incidents involving panga boats (a fishing vessel) and recreational vessels along U.S. mainland borders from fiscal years 2011 through (more...)


Unlocking the Power of NIST’s Cybersecurity Framework

In the not-so-distant past, it was hard to get people to think cyber risk management. (more...)


Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference (more...)


And the 2017 RIMS Awards Go to…

PHILADELPHIA—At today’s RIMS 2017 Awards Luncheon, the society issued its top honors for achievement in the risk management and insurance industry. Scott B. Clark, area senior vice president and enterprise risk management consultant at Arthur J. Gallagher & Co., received the society’s most prestigious honor, the Harry and Doro (more...)


It’s a Great Time to Be a Risk Manager

2017 has so far been a wild ride of change. Companies are navigating through a new U.S. administration, Brexit and cyber risks that are more daunting each day. We are bombarded with uncertainty and unchartered waters. Nevertheless, it’s a great time to be a risk manager. This kind of disruption is the reason many of us got into the risk and i (more...)


SSA Disability Benefits: Comprehensive Strategic Approach Needed to Enhance Antifraud Activities, Apr 17, 2017

What GAO Found The Social Security Administration (SSA) has taken steps to establish an organizational culture and structure conducive to fraud risk management in its disability programs, but its new antifraud office is still evolving. In recent years, SSA instituted mandatory antifraud training, established a centralized antifraud office to co (more...)


Protecting Employees in the Face of International Risks

Increasing globalization and the growing world market presents employees with opportunities to travel and experience new countries and cultures. With travel comes risk, however. In the event of an unforeseen incident, it is an organization’s top priority to ensure its employees are safe and out of harm’s way. By following proactive trav (more...)


Elevating Data Risk Management to the Board Level

For years, the security industry has worked to promote cybersecurity as a critical topic for the most senior corporate decision-makers: the c-suite and board of directors. Work remains, but most organizations now realize that data risk management and data-centric security must have board-level priority. That said, for many, data risk management an (more...)


Mitigate Model Risk and Reduce Model-Related Costs

This white paper explores approaches to model risk management and its challenges. The paper provides a solution to help organisations better manage model risk by establishing risk mitigation and cost reduction strategies.. (more...)


Nuclear Security: DOE Could Improve Aspects of Nuclear Security Reporting, Apr 11, 2017

What GAO Found The Department of Energy's (DOE) and the National Nuclear Security Administration's (NNSA) annual reports for 2014 and 2015 on the security of nuclear facilities holding special nuclear material did not fully meet the definition of quality information under the federal internal control standards. These standards define quality in (more...)


Homeland Security Acquisitions: Earlier Requirements Definition and Clear Documentation of Key Decisions Could Facilitate Ongoing Progress, Apr 06, 2017

What GAO Found For the first time since GAO began its annual assessments of the Department of Homeland Security's (DHS) major acquisitions, all 26 programs that were reviewed had a department-approved baseline. During 2016, over half of the programs reviewed (17 of the 26) were on track to meet their initial or revised schedule and cost goals. (more...)


Marine Corps Asia Pacific Realignment: DOD Should Resolve Capability Deficiencies and Infrastructure Risks and Revise Cost Estimates, Apr 05, 2017

What GAO Found The Department of Defense (DOD) has coordinated the relocation of Marines from Okinawa to other locations in the Asia-Pacific region through developing a synchronization plan and organizing working groups. However, DOD has not resolved selected identified capability deficiencies related to the relocation of Marine units; training (more...)


Why Do M&As Fail?

Snapping up rivals or merging with powerful competitors to create mega-companies that dominate markets has long been a strategy for business growth, and nothing excites financial markets more than news of large deals. But there is a catch: Most mergers fail. In fact, McKinsey estimates that around 70% of mergers do not achieve their expected (more...)


Flaws in the Data

Given the avalanche of information that has become available to ­businesses over the past several years, data-driven decision-making (DDDM), the practice of basing business decisions on data analysis rather than intuition, has become a critical tool to help organizations reduce risk, avoid costly mistakes and take advantage of opportunities. D (more...)


New Rules for Absence Management

A variety of regulations regarding the rights of employees with disabilities have spurred employers to reassess workers compensation and return-to-work programs. In addition to actions by the Equal Employment Opportunity Commission (EEOC) that have resulted in high-profile, multi-million dollar settlements, employment law changes have underscored (more...)


Oroville Dam Highlights Infrastructure Risks

The near-collapse of the Oroville Dam in northern California in February could have been catastrophic. Communities as far as 100 miles downstream from the dam were at risk of flooding that could have resulted in $21.8 billion in structural damages, according to Risk Management Solutions. What’s more, a bad situation would have been made wors (more...)


The Real Risks of Fake News

Fake news is nothing new—we have long been exposed to propaganda, tabloid news, and satirical reporting. But now, with the dependence on the internet, promotion of trending stories on social media, and new methods of monetizing content, we have found different ways to relay information without using traditional media outlets. A single story (more...)


W-2 Phishing Scam Targets Tax Season

In February, the FBI issued an official warning to businesses about a new form of tax season scam in which fraudsters use social engineering attacks known as business email compromise (BEC) or CEO fraud to target W-2 forms. In the cases submitted to the Internet Crime Complaint Center, attackers spoofed or hacked the email account of a company&rsq (more...)


Q&A: Bridging the Gaps at PayPal

For Laura Langone, senior director of global risk management and insurance at PayPal, risk management is all about bridges. As PayPal has made a practice of bridging the banking, retail and technology sectors, Langone’s approach to insurance coverage focuses on manuscripting to bridge traditional industry verticals. Underwriting innovation d (more...)


Lloyd’s to Establish EU Base in Brussels

One day after the UK set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced that it has chosen Brussels as the location for its European Union subsidiary. A market of syndicates in London, Lloyd’s said its intention is to be ready to write business for the Jan. 1, 2019, renewal seaso (more...)


Identity Theft Services: Services Offer Some Benefits but Are Limited in Preventing Fraud, Mar 30, 2017

What GAO Found Identity theft services offer some benefits but have limitations. Credit monitoring helps detect new-account fraud (that is, the opening of new unauthorized accounts) by alerting users, but it does not prevent such fraud or address existing-account fraud, such as misuse of a stolen credit card number. Consumers have alternati (more...)


DOD Major Automated Information Systems: Improvements Can Be Made in Applying Leading Practices for Managing Risk and Testing, Mar 30, 2017

What GAO Found Most of the 18 selected Department of Defense (DOD) major automated information system (MAIS) programs that GAO reviewed had experienced changes in their planned cost and schedule estimates and half of the programs had met their technical performance targets. Specifically, 16 programs experienced changes in their cost estimates r (more...)


Defense Acquisitions: Assessments of Selected Weapon Programs, Mar 30, 2017

What GAO Found Since GAO's 2016 assessment, the number of programs in the Department of Defense's (DOD) portfolio of major defense acquisitions decreased from 79 to 78, while DOD's planned investment over the life of these programs increased by $9.4 billion to $1.46 trillion. GAO observed mixed performance in the portfolio this year. For exampl (more...)


Private Deposit Insurance: Credit Unions Largely Complied with Disclosure Rules, but Rules Should Be Clarified, Mar 29, 2017

What GAO Found About 2 percent of credit unions (125) have private deposit insurance, which is provided by one company—American Share Insurance (ASI). Regulatory and other assessments have suggested that ASI's reserves have been adequate and that the company has had a strong ability to cover present and future losses for the credit unions (more...)


Information Technology: Implementation of IT Reform Law and Related Initiatives Can Help Improve Acquisitions, Mar 28, 2017

What GAO Found The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 to improve federal information technology (IT) acquisitions and can help federal agencies reduce duplication and achieve cost savings. Successful implementation of FITARA will require the Office of Management and Budget (OMB) and feder (more...)


Defense Acquisition Workforce: DOD Has Opportunities to Further Enhance Use and Management of Development Fund, Mar 28, 2017

What GAO Found The Department of Defense (DOD), enabled by congressional action, has improved the timeliness of the funding process for the Defense Acquisition Workforce Development Fund (DAWDF). For fiscal year 2015, DOD was authorized to transfer expired funds, which allowed it to fund DAWDF in 2 months. In contrast, for fiscal year 2014, DOD (more...)


Grants Management: Corporation for National and Community Service's Grant Monitoring Process Could Be Improved, Mar 28, 2017

What GAO Found The Corporation for National and Community Service (CNCS) process for monitoring grants is not fully aligned with federal internal controls (see fig.). Risks may go unidentified because CNCS’s assessment process does not include all grants in the year they are first awarded; its scoring model does not assign the riskiest gr (more...)


Accounts Receivables Coverage Helps Fill Supply Chain Gaps

It is standard for companies to insure and protect cash, inventory, property, plants and equipment, and more recently, data. Companies are insuring every step in the supply chain and sales process from concept to delivery. What is often not insured, however, is the last but most important part of a sales transaction—getting paid. You can safe (more...)


Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview (more...)


Aviation Certification: FAA Has Made Continued Progress in Improving Its Processes for U.S. Aviation Products, Mar 23, 2017

What GAO Found The Federal Aviation Administration (FAA) has made progress in addressing two rulemaking committees' recommendations regarding its certification process and the consistency of its regulatory interpretations. FAA has completed 13 of 14 initiatives for addressing the 6 certification process recommendations. For example, 5 of th (more...)


Immigration Status Verification for Benefits: Actions Needed to Improve Effectiveness and Oversight, Mar 23, 2017

What GAO Found The Department of Homeland Security's (DHS) United States Citizenship and Immigration Services (USCIS) has taken steps to assess the accuracy of the information reported by its Systematic Alien Verification for Entitlements (SAVE) system. For example, since 2014 USCIS has conducted monthly checks to ensure SAVE is accurately repo (more...)


Veterans Health Administration: Actions Needed to Better Recruit and Retain Clinical and Administrative Staff, Mar 22, 2017

What GAO Found Challenges in recruiting and retaining both clinical and human resources (HR) employees along with weak HR-related internal control practices are undermining the Department of Veterans Affairs' (VA) Veterans Health Administration's (VHA) ability to meet the health care needs of veterans. In July 2016, GAO found that VHA losses (more...)


The financial paradigm shift – The risk management and performance challenge

This white paper examines how well firms are managing portfolios given the data, tools and techniques they are currently using, as well as their level of preparedness for sudden shifts in the investment landscape. (more...)


Grants Management: Monitoring Efforts by Corporation for National and Community Service Could Be Improved, Mar 21, 2017

What GAO Found The Corporation for National and Community Service (CNCS) assesses its grants before the beginning of each fiscal year and prioritizes its grant monitoring based on the scoring of certain indicators, such as potential performance or financial problems and the length of time since the last compliance visit. For fiscal year 2015, C (more...)


RIMS Conference Veterans Offer Advice to First Time Attendees

Last week a member of the RIMS Opis online community asked an important question: “What advice can RIMS Annual Conference & Exhibition veterans give to someone attending the show for the first time?” Luckily, the risk management community rushed in with some sage advice. First and foremost, several people pointed out how helpful the (more...)


Third-Party Risk Management - How to successfully mitigate your organisation's third-party risk

This white paper addresses organisational approaches to third party risk management and due diligence. The paper is full of insight, advice and examples to help organizations recognize and address their third-party risk. (more...)


Weekly Roundup for March 6-10, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending March 10, 2017. John Kamensky Kickstarting Data-Driven Government.  Stephen Goldsmith and Katherine Hillenbrand write in Governing that cities are increasingly making data-drive (more...)


Food Defense Initiatives Can Safeguard Your Company

When most people think of product contamination and recalls, the first thing that comes to mind is food poisoning cases from bacteria such as e-coli and listeria. Food and drug companies, however, are experiencing malicious and intentional product tampering that can be equally deadly and dangerous. Many of us can’t forget the 1982 cyanide Tyl (more...)


International Women’s Day: Risk Management Issues to Watch

A 2013 piece on the role of women in risk management remains the most controversial article we’ve ever run in Risk Management magazine and the one that received the most comments and letters to the editor, hands down. Many of those reader comments were…let’s just say less than kind or receptive. Today, International Women’s (more...)


Applying Risk Management Strategies to Reduce Improper Payments

This report continues our long interest in risk management with a specific focus on employing risk management strategies to reduce improper payments at the U.S. Department of Labor’s (DOL) Unemployment Insurance (UI) program. Federal agencies make more than $2 trillion in payments to in (more...)


Operational risk in financial services – Navigating risk management challenges in an uncertain world

This research analyses the findings from a recent survey that polled senior risk, compliance and legal professionals about current trends in risk management and governance. The paper addresses the emerging regulatory, risk and technological threats affecting many of today’s organisations. (more...)


Weekly Roundup: February 6 - 10, 2017

Articles from across the Web that we at the IBM Center for The Business of Government found interesting for the week of February 6 – 10. Ethical Hacking.  Federal News Radio reports: “The federal market for “white hat” hackers continues to grow. Not only are ethi (more...)


Moving Forward on Cybersecurity

The President promises to beef up cybersecurity efforts. Press reports on a draft Executive Order from the Administration parallel campaign commitments to launch an immediate review of all US cyber defenses by a Cyber Review Team comprised of individuals from the military, law enforcement, and private sector. (more...)


Liquidity Risk Innovations for Competitive Advantage - Battling the Build vs. Buy Dilemma

This white paper explores how organisations can enhance liquidity risk management through innovation and examines the build vs buy dilemma. (more...)


Weekly Roundup: January 9-13, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending January 13, 2017. Michael J. Keegan Obama appointee to lead VA under Trump. Dr. David Shulkin, the Department of Veterans Affairs current undersecretary for health, was tapped by Pr (more...)


Weekly Roundup: December 12-16, 2016

Articles from across the Web that we at the IBM Center for The Business of Government found interesting, week of December 12-16, 2016. John Kamensky New Volcker Alliance Report: What Americans Want from Government.  The Volcker Alliance report, by Dr. Paul Light, says: “Americans (more...)


Third Party Risk Management: Put data & insights into your work today

This report analyses various organisational approaches to third party risk management and due diligence. The report further discusses the top challenges to third party risk management programs. (more...)


Special Report - FY 2016 Purchase Card Risk Assessment

Special Report - FY 2016 Purchase Card Risk Assessmentl (more...)


Enterprise Risk Management - Whitepaper

Enterprise Risk Management - Whitepaper, September 10, 2015 (more...)