ERM Newsfeed

We’ve created this article resource by pulling from ERM-related feeds across the web. Each article links to the original publication site. Is there a feed you think we should include? Email

Climate Change: Activities of Selected Agencies to Address Potential Impact on Global Migration, Jan 17, 2019

What GAO Found From fiscal years 2014 through 2018, a variety of executive branch actions related to climate change—such as executive orders and strategies—affected the Department of State (State), the U.S. Agency for International Development (USAID), and the Department of Defense (DOD), including their activities that could potentia (more...)

Six Tips For Risk Managers When Assessing Automation Hazards

From a risk management perspective, one of the benefits of automation is that robots can play a significant role in reducing injuries when deployed to replace or support workers in high-hazard jobs, such as those involving high force and repetition. Yet, without appropriate risk assessments, their benefits can become skewed in other situations. Unf (more...)

Looking Ahead: The 2019 Risk Landscape

As we enter the final year of this decade, the list of concerns that will keep risk managers up at night continues to grow. The inextricable linkages between political, economic, social and environmental risks have become undeniable, implying that risk managers must become social scientists in order to comprehend the evolving risk matrix, and that (more...)

Press Release: RIMS Commends Congressional Foresight to Extend Flood Program Prior to Government Shutdown

National Flood Insurance Program May 31st Extension Avoids Dangerous Lapse in Coverage NEW YORK (Dec. 22, 2018) – In the waning hours prior to the U.S. Federal Government’s partial shutdown, RIMS, the risk management society, welcomed Congresses’ extension of the National Flood Insurance Program (NFIP). Extended through May 31, 2019, the program w (more...)

The Use of Entity Analytics in Financial Crimes Risk Management

In the last two decades, financial crimes have been steadily rising across the globe—not only in terms of volume, but also in complexity and sophistication. As a result, banks and financial institutions are grappling with the burden of direct losses and staggering remediation and compliance costs stemming from their inability to detect such c (more...)

Critical Infrastructure Protection: Actions Needed to Address Significant Weaknesses in TSA's Pipeline Security Program Management, Dec 18, 2018

What GAO Found Pipeline operators reported using a range of guidelines and standards to address physical and cybersecurity risks, including the Department of Homeland Security's (DHS) Transportation Security Administration's (TSA) Pipeline Security Guidelines , initially issued in 2011. TSA issued revised guidelines in March 2018 to reflect cha (more...)

Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions, Dec 18, 2018

What GAO Found The 23 civilian agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) have often not effectively implemented the federal government's approach and strategy for securing information systems (see figure below). Until agencies more effectively implement the government's approach and strategy, federal systems will re (more...)

Delta Places Age and Time Limits for Support Animal Travel

Travelers might flock to, or flee Delta Airlines, depending on how they feel about emotional support and service animals. The company announced two risk management provisions as changes to its service and support animal policy with regard to the ages of the animals as well as flight durations: Effective Dec. 18, 2018: Service and support animals un (more...)

Q&A With New National Cyber Security Alliance Executive Director Kelvin Coleman

The National Cyber Security Alliance (NCSA) announced that its new executive director is Kelvin Coleman, who has held high-level positions in the United States Department of Homeland Security, and the National Security Council. Coleman’s appointment puts him in charge of the country’s leading cybersecurity and privacy protection educati (more...)

Improper Payments: Additional Guidance Needed to Improve Oversight of Agencies with Noncompliant Programs, Dec 07, 2018

What GAO Found Over half of the 24 Chief Financial Officers Act of 1990 (CFO Act) agencies were reported by their inspectors general (IG) as noncompliant with one or more criteria under the Improper Payments Elimination and Recovery Act of 2010 (IPERA) for fiscal years 2016 and 2017. Nine CFO Act agencies have been reported as noncompliant in one (more...)

PBGC's Fiscal Year 2018 Purchase Card Risk Assessment

PBGC's Fiscal Year 2018 Purchase Card Risk Assessment (more...)

Fraud Risk Management: OMB Should Improve Guidelines and Working-Group Efforts to Support Agencies' Implementation of the Fraud Reduction and Data Analytics Act, Dec 04, 2018

What GAO Found At varying stages, agencies have begun planning for and implementing fraud risk activities (like conducting an evaluation of fraud risks) required by the Fraud Reduction and Data Analytics Act of 2015 (FRDAA), according to GAO's survey of agencies subject to the act. Overall, most of the 72 surveyed agencies (85 percent) indicated (more...)

Year in Risk 2018

As every risk ­manager knows, the world is as fraught with risk as ever. This becomes even more apparent as natural disasters, cyberattacks, corporate malfeasance and political and economic uncertainty make headlines and create new business concerns. The following review of some of the notable risk events of 2018 can both remind us where we ha (more...)

Global Regulation Landscape: Data Protection in 2018

In its Global Risks Report 2018 at the beginning of the year, the World Economic Forum ranked data fraud or theft as the fourth-highest risk in terms of likelihood, citing exponential increases in recorded data breaches and their financial toll. As predicted in the  “2018 Cyberrisk Landscape” from Risk Management’s January/F (more...)

Engaging Employees in Their Own Duty of Care

One of the most challenging aspects of maintaining duty of care is convincing employees to actually follow the risk management policies you have established. You can put together a comprehensive safety program to protect their health and welfare, but if they simply ignore it, then it is just not going to be very effective in practice. Who is then (more...)

Mitigating Third Party Risk in Supply Chains

As a complex web of manufacturers, business partners, suppliers and other third parties, the modern-day supply chain is no stranger to attacks. With cybercriminals constantly looking to steal critical data, the system continues to be fraught with risk. Like death and taxes, cyberattacks have become a near certainty in 2018, and as long as the oppo (more...)

Using Actuarial Reports to Help Manage Risk

Actuarial reports are often a financial reporting requirement for companies that self-insure or have large deductible programs. For captives, an actuarial report may be necessary depending on the location of the domicile. Beyond financial reporting, however, an actuarial report can provide a wealth of valuable information for the rest of the organ (more...)

Nuclear Weapons: NNSA Has Taken Steps to Prepare to Restart a Program to Replace the W78 Warhead Capability, Nov 30, 2018

What GAO Found The Department of Energy's National Nuclear Security Administration (NNSA) has taken steps to prepare to restart a life extension program (LEP) to replace the capabilities of the Air Force's W78 nuclear warhead—a program which was previously suspended. According to NNSA officials, these steps are typically needed to conduct a (more...)

Q&A: Resiliency in India

The 2018 Lloyd’s City Risk Index was analyzed during the RIMS Risk Forum India in Mumbai, and it notes a possible turning point for the subcontinent’s cities regarding resiliency. In short, Indian cities were rated as weak, but recent government and public investments and campaigns that focus on strengthening infrastructures and people (more...)

Transforming the Risk Function to Increase its Effectiveness

Over the last decade or so, banks’ compliance priorities—and compliance budgets—frequently funded only priority risk activities. A new era is now in full bloom with an agenda for increased overall operational efficiency and increased expectations for the effectiveness of the risk function. Financial institutions are establishing m (more...)

RIMS Risk Forum 2018 India Kicks Off In Mumbai

MUMBAI – The inaugural RIMS Risk Forum 2018 India launched on November 13, and leading risk professionals from India and Asia-Pacific countries met for two days to address the challenges facing companies in the region. In a country of 1.3 billion people, expectations are for India’s risk management profession to grow, though some presen (more...)

How to Use ODG Data to Improve Workers Comp Case Management

Regardless of whether or not their organizations operate in states where the use of Official Disability Guidelines (ODG) has been adopted/mandated, risk managers can often leverage ODG data and the claim data from their risk management information systems (RMIS) to benchmark the medical and lost-time components of their workers compensation costs a (more...)

Census Bureau Isn’t Properly Managing Its Risk Management Review System

A lack of continuous assessment and oversight led to bad reporting, which in turn led to bad decision-making and a weak cybersecurity posture. (more...)

Using Adaptive Behavioral Analytics to Detect Fraud

While fraud threats are nothing new for payments processors and financial institutions, the degree and magnitude of such incidents have escalated in recent years. A February 2018 Javelin study found that nearly 16.7 million consumers were victims of identity fraud in 2017—up 8% from the previous year. Fraud prevention solutions must be flexib (more...)

Mini Meteorologists: How Satellite Technology Is Reducing Weather Risks

“Even with all our technology and the inventions that make modern life so much easier than it once was, it takes just one big natural disaster to wipe all that away and remind us that, here on Earth, we’re still at the mercy of nature.”–Neil DeGrasse Tyson, Astrophysicist In recent years, we have witnessed a technological (more...)

Mini Meteorologists: How Innovations in Satellite Technology Are Reducing Weather Risks

“Even with all our technology and the inventions that make modern life so much easier than it once was, it takes just one big natural disaster to wipe all that away and remind us that, here on Earth, we’re still at the mercy of nature.”–Neil DeGrasse Tyson, Astrophysicist In recent years, we have witnessed a technological (more...)

Storm Surge: Lessons Learned from the 2018 Japan Floods

In June and July, parts of western Japan were hit by torrential rains, with some regions experiencing record-breaking totals of more than 1,000 millimeters (39 inches) of precipitation in only a few days. The heavy rains led to widespread floods and mudslides throughout the country as rivers broke through embankments and floodwaters reached more t (more...)

A New Recipe for Food Contamination Risk Management

In April 10, 2018, the Centers for Disease Control and ­Prevention (CDC) announced there had been an outbreak of E. coli O157:H7 that was eventually traced to romaine lettuce. By the time the outbreak was declared over on June 28, 210 people had been infected in 36 states, leading to 96 hospitalizations and five deaths. While no recall was ord (more...)

Taking a Stand Is Taking a Risk

Businesses are increasingly dealing with a new type of risk that carries new threats to their reputation and bottom line: controversial social issues. Such crises often center on hot-button topics like social injustice, immigration, gun control and trade wars. While speaking out may bring significant risk to an organization, staying silent may not (more...)

Continuity Planning with the Bowtie Method

Many organizations make the mistake of treating risk management and business continuity as different programs. Rather, to be optimally effective, the two must be combined and aligned. Business continuity traditionally starts with a business impact assessment, but many companies fail to go beyond that, making no tactical plan or strategic decisions (more...)

An Enterprise Approach to Data Security

Every organization today is undergoing a journey to take advantage of the technological advances that are transforming the way we do business. This business evolution has, in turn, made information and data some of the most valuable corporate assets. But like any asset, data is exposed to myriad cyberrisks and threats that could lead to financial (more...)

Investing in Workplace Safety

A safe workplace does not happen by accident. Rather, it is the result of a well-thought out and flawlessly executed plan that, once conceived, is successfully integrated into your company’s strategy at all levels. But building a truly safe workforce today means going above and beyond the usual safety protocols. Some employers may believe th (more...)

Managing Corporate Spreadsheet Risks

Alongside corporate IT systems, companies and employees often make extensive use of spreadsheets to implement, augment and enhance business processes. While the vast majority of these spreadsheets are only valuable to the specific user, others contain critical data, such as pricing information, foreign exchange information, technical specification (more...)

Defense Nuclear Enterprise: DOD Continues to Address Challenges but Needs to Better Define Roles and Responsibilities and Approaches to Collaboration, Nov 01, 2018

What GAO Found The Department of Defense (DOD) has made progress in implementing the recommendations from the 2014 nuclear enterprise reviews and a 2015 nuclear command, control, and communications (NC3) review and has improved its tracking and evaluation of this progress. For example, since GAO last reported—in October 2017—an additi (more...)

RIMS ERM 2018: Earning the ‘Mandate’ and a ‘Seat at the Table’

MONTREAL – Speaking to more than 300 attendees at the 2018 RIMS ERM Conference on October 29, Martin Vilsoe, partner of the Implement Consulting Group, opened the two-day event by highlighting the importance of ERM’s worldwide capabilities and how to operationalize the best ERM practices. Vilsoe said that risk managers need to “ea (more...)

Former NSA Director Talks Cybersecurity, Insurance at Advisen Conference

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 18 panels and sessions on Oct. 25. The keynote was delivered by Adm. Michael S. Rogers, former Navy commander of U.S. Cyber Command and Director of the National Security Agency (NSA), under the administrations (more...)

Q&A: California Businesses Prepare for the Next Quake

On October 18, more than 10 million Californians participated in The Great Shakeout to prepare for the next catastrophic earthquake and bring awareness to earthquake preparedness across the state. The United States Geological Survey (USGS) predicts a 99% chance of a magnitude 6.7+ earthquake in the Bay Area within the next 30 years, preparation is (more...)

The Paper Threat

Paper is a mainstay of corporations large and small. Even with more organizations relying on technology to streamline workflows, paper is not just surviving, but thriving—according to recent statistics, the average office worker prints 34 pages of paper a day. It is clear that Paper is not going to completely disappear, and that is not necess (more...)

Tropical Storm Michael Upgraded to Hurricane, Approaches Florida

The National Hurricane Center classified Tropical Storm Michael as a category 3 hurricane Monday morning as it passed through Cuba and approached Florida. Over the weekend, Florida Gov. Rick Scott declared a state of emergency for several counties from the Gulf Coast to Navarre on the Panhandle to the Suwanee River. Gov. Scott also directed the st (more...)

Understanding the Risk of “Immutable” Blockchain Applications

When faced with new technological risks and problems that they pose, courts have historically risen to the challenge. Take electricity, for example, and more particularly, the liability for exposure to uninsulated electrical wires, which was the subject of a case decided by the Kentucky Supreme Court in the first year of the 20th century. Although (more...)

Hack the Vote 2: Cyberrisks to Election Infrastructure

In October 2016, the Risk Management cover story “Hack the Vote: Cyberrisk at the Ballot Box” highlighted many of the vulnerabilities in America’s election infrastructure. Continuing investigation in the wake of that election has made the stakes clearer than ever. Two years later, many of the vulnerabilities still remain, and man (more...)

Insuring Against GDPR Liability

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and despite the publicity and prognoses of doom, it did not have any immediate earth-shattering effects. At most, you may have noticed a flood of requests to re-subscribe to websites or to review a company’s updated privacy policy. In fact, (more...)

Burning Up: California’s Wildfires Increase Risks

For the second year in a row, wildfires have wreaked havoc in California, punctuated this year by some of the largest and most destructive fires in state history. While wildfires are an annual threat in California, the past two years seem to have brought a continuous procession of fires of greater frequency, scale and destructive intensity than in (more...)

Disasters Highlight Potential Uses for Drones

In late August, thousands lost power after a torrential downpour from Hurricane Lane dropped some 52 inches of rain across Hawaii’s Big Island in just 48 hours. The downpour also caused landslides, inhibiting recovery efforts. This major storm was on the heels of another natural disaster in the state: the Kilauea volcanic eruption, which spe (more...)

GDPR and the Role of the Data Protection Officer

As it has now been months since its enactment at the end of May, organizations should have already taken the necessary steps to become compliant with the European Union’s General Data Protection Regulation (GDPR). They should have conducted their readiness assessments to understand the data, systems and controls that are impacted by the regu (more...)

Small Business Contracting: Small Business Administration Could Further Strengthen HUBZone Eligibility Reviews in Puerto Rico and Programwide, Sep 24, 2018

What GAO Found The Small Business Administration (SBA) adopted criteria and guidance for a risk-based approach to certifying and recertifying firms for the Historically Underutilized Business Zone (HUBZone) program in March 2017, but the extent to which it conducted a risk assessment to inform its approach is unclear. In 2009, in response to GAO' (more...)

Low-Income Housing Tax Credit: Improved Data and Oversight Would Strengthen Cost Assessment and Fraud Risk Management, Sep 18, 2018

What GAO Found GAO identified wide variation in development costs and several cost drivers for Low-Income Housing Tax Credit (LIHTC) projects completed in 2011–2015. Across 12 selected allocating agencies, median per-unit costs for new construction projects ranged from about $126,000 (Texas) to about $326,000 (California). Within individual (more...)

Artificial Intelligence and Risk Management

The cyber era heralded unparalleled opportunities for the advancement of science, technology and communication, and unleashed a range of new attack vectors for rogue elements, criminals and virtual terrorists. The era of machine learning is doing much the same, for the promise of advancement has gone hand in hand with a range of new perils and an e (more...)

Q&A: School Shooter Preparedness

Schools across the country are back in session. And in the wake of high-profile school shootings earlier this year, safety is a top priority for students, parents, educators and communities. Steve Smith, founder and president of Guardian Defense, specializes in active shooter preparedness and works with education industry leaders to keep their faci (more...)

Pale, Stale & Male: Does Board Diversity Matter?

On the surface, the circumstances surrounding scandals faced by Equifax, Wells Fargo, The Weinstein Company, Uber, Volkswagen, Wynn Resorts and others could not seem any more different. Upon deeper analysis, however, a common thread in each of these cases could offer insight for companies to avoid future problems: At the time of these corporate fa (more...)

Rethinking School Shooter Response and Prevention

According to Education Week, there were 14 school shootings that resulted in injuries or deaths in the first six months of 2018. these shootings left 32 people dead—26 of whom were students—and 67 injured. Advocacy group Everytown for Gun Safety reports that there have been at least 340 incidents of gunfire on school grounds since 2013 (more...)

404 Error: How to Prevent Tech Project Failures

Technology improvements are vital for meeting evolving business needs, but poor project management can lead to unmet expectations and significant excess costs. Adopting new technology products, overhauling existing IT systems, or pursuing new internet services are not easy. In fact, if there is one way an organization can lose a bundle of money (more...)

Managing Energy Sector Risks

In the energy industry, one of the most fundamental issues is pricing. According to a Thomson Reuters study, Risk Management in the Energy Sector, as prices for oil and gas fluctuate, companies can have difficulty determining if their selling prices will cover exploration and other costs. When commodity prices drop, the oil and gas sector is typica (more...)

Jacksonville Murders Force Reassessment of Active Shooter Risks

A mass shooting at a video game tournament in Jacksonville, Florida on Sunday has once again shined a spotlight on the growing risks businesses face even as they conduct normal operations. A lone shooter, 24-year-old David Katz, opened fire on football video gamers at a pizza restaurant, killing two and injuring at least nine before turning the gu (more...)

Follow-Through Needed for Effective Safety Culture

The concept of a culture of safety can be stalled by employers that say they want to be safer, but do little to implement real change. For example, a company hoping to understand the causes of fatigue, but won’t adjust its schedules, can set itself up for injuries and hazards. A new report, Making a Safety Culture Truly Cultural, published by (more...)

Developing a Formal Cyber Incident Response Plan

Among the many topics that battle for risk managers’ attention, cybersecurity incident response planning is one that repeatedly surfaces each year with escalating frequency. Yet surprisingly, according to a 2018 Ponemon Institute study, only 24% of companies have a cybersecurity incident response plan (IRP) implemented consistently acros (more...)

Body Scanners tested for Mass Transit, Installed in L.A.

Security scanners that screen passengers entering stations and terminals are being tested around the country and have been installed in subway stations in Los Angeles. The Associated Press reported that the machines scan for both metallic and non-metallic objects. They can detect suspicious items from a distance of 30 feet and are capable of scanni (more...)

Cyber Insurance Strategies Explored: RIMS Report

High-profile data breaches have been making headlines recently, and their damage can transcend industries, which is why cybersecurity is often a top priority for risk managers. With many traditional insurance policies no longer responding to or outright excluding cyber events, risk professionals must understand their options to ensure the (more...)

New RIMS Report: Establishing and Communicating ERM Info

Recent trends indicate that management is being conferred more than ever by executives and boards who are looking for information that can aid in decision making. This has moved the value of enterprise risk management (ERM) to the forefront, to give the board an overall view of the risks the company faces. A report just released by RIMS, Risk (more...)

Cyber’s Human Side

People are often tired, distracted and overworked. They are bound to make mistakes, inadvertently overlook policies and procedures and have quick lapses in judgement—forgetting hours and hours of training. Human error is a significant problem when it comes to managing cyber exposures. Most cyber surveys point to people as the root cause of a (more...)

Cryptojacking: How Hackers Steal Resources to Mine Digital Gold

With sky-high levels of both value and hype, the cryptocurrency market is booming. As prices have soared, so has interest and incentive to mine digital currency, a resource-intensive process that requires significant computing power—and, in turn, electricity—to complete complex mathematical problems and earn coins. With the average bit (more...)

Fire Traps

On April 8, more than 200 New York City firefighters and emergency service personnel responded to a fire at Trump Tower, a 58-story high-rise building with commercial use on the lower floors (including the headquarters of the Trump Organization) and 263 residential units on the upper floors (including the three-floor ­penthouse that is the pri (more...)

Fire Traps

On April 8, more than 200 New York City firefighters and emergency service personnel responded to a fire at Trump Tower, a 58-story high-rise building with commercial use on the lower floors (including the headquarters of the Trump Organization) and 263 residential units on the upper floors (including the three-floor ­penthouse that is the pri (more...)

Financing Disaster Risk in Latin America

Last September, two powerful earthquakes shook Mexico. Combined, they killed nearly 500 people as buildings crumbled across the capital and at least five other states. The quakes were both among the deadliest to hit the country, with the second of the two coming 32 years to the day after the worst tragedy in the nation’s history, the 1985 Me (more...)

The Surprising Toll of Invasive Species

Summer is here and, once again, wildfires are blazing in the United States, including fires in Alaska, Arizona, California, Colorado, Idaho, Nevada, New Mexico, Oregon, Texas, Utah, Washington and Wyoming. As of July 17, the National Interagency Fire Center reported 67 active large wildfires, covering more than one million acres, with only four co (more...)

The Benefits of Medical Stop Loss Captives

The purpose of any alternative risk structure is to achieve the most appropriate balance between risk assumption and risk transfer to optimize savings while supporting the organization’s risk management, financial and business objectives. In many cases, self-insurance is the most efficient alternative risk transfer mechanism. The benefits th (more...)

Mobile Devices: The Next Frontier for Hackers

For enterprise security teams, mobile has quickly become a top trouble spot. Employees use mobile apps every day to do their work and interact with enterprise data. But many of those apps also provide access for hackers. How widespread is the threat? Just look at the statistics: A remarkable 87% of companies now expect their employees to use person (more...)

A Crash Course in Data Breach Readiness

A study released by IBM and the Ponemon Institute last March found that  77% of businesses worldwide do not have a consistent incident response plan that they can apply in the event of a data breach. Instead, these corporations rely solely on informal or department-specific damage-control strategies. Even more troubling, nearly half of the or (more...)

Total Cost of Risk Declines Again

Abundant risk capital exerted downward pressure on insurance prices in 2017, resulting in a reduction in total cost of risk for the fourth year in a row, according to the 2018 RIMS Benchmark Survey. Produced in collaboration with Advisen, the survey found that the average total cost of risk—defined as the costs of insurance, retained losses a (more...)

Total Cost of Risk Drops for Fourth Straight Year, RIMS Finds

The risk management profession is proving its resiliency. Even in the face of major hurricanes, technological influence and the seemingly common threat of international trade wars, 2017 saw the total cost of risk (TCOR) decline for the fourth consecutive year, according to the 2018 RIMS Benchmark Survey, which was jointly published by RIM (more...)

Calif. Carr Fire Claims 6 Lives

Just when it seemed like things couldn’t get any worse in California, the Carr wildfire ignited, claiming six lives so far. The fire in Northern California near the city of Redding has been burning since July 23 and is now one of the largest in the state. Almost 90,000 acres have burned, destroying more than 500 homes and commercial buildings (more...)

Why Visibility Into Contracts is Crucial for Procurement Pros

Risk is a topic of pervasive and growing concern in supply and sourcing management. Procurement itself is no longer just about acquiring products and services for the best price and controlling expenses. Instead, purchasing and supply professionals are under tremendous pressure to drive out costs and ensure that procurement strategy is in line with (more...)

Data Breach Risk: What’s Next?

Ten years ago, many companies didn’t even ask about using encryption to protect data. Over the years, that has changed. More security and privacy professionals began to see it as an option in their cybersecurity defense. Then it eventually became a necessary component of most companies’ security strategies and the use of encrypted lapto (more...)

Trump Administration Plans National Cyber Risk Management Initiative

The effort will include the Homeland Security, Treasury and Energy departments along with smaller sector-specific agencies. (more...)

Deadly Ferguson Wildfires Threaten Access to Yosemite Park

The Ferguson wildfires have been spreading in Mariposa County, California on the western edge of Yosemite National Park for days, burning 27 square miles and taking the life of one firefighter. The Mercury News reported that more than 1,400 firefighters have been on the scene trying to protect 100 nearby homes and businesses that are in the fire&rs (more...)

Export-Import Bank: The Bank Needs to Continue to Improve Fraud Risk Management, Jul 19, 2018

What GAO Found In managing its vulnerability to fraud, the Export-Import Bank of the United States (the Bank) has adopted some aspects of GAO's A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework). This framework describes leading practices in four components: organizational culture, assessment of inherent program ris (more...)

The Data Analytics Adventure

Is your audience changing? Are your products still relevant and addressing customers’ needs? Are there opportunities for organization to predict—or least make an informed guess—about the future of the market or other trends? Answers to these difficult questions are often buried in the overwhelming amount of data organizations are (more...)

Information Security: Review of GAO's Program and Practices for Fiscal Years 2016 and 2017, Jul 17, 2018

Objectives This is a publication by GAO's Office of Inspector General (OIG) that concerns internal GAO operations. This report addresses GAO's fiscal year 2016 and 2017 compliance with Federal Information Security Modernization Act of 2014 (FISMA) requirements. What OIG Found During the period reviewed, GAO continued efforts to improve upon e (more...)

Medicare: Actions Needed to Better Manage Fraud Risks, Jul 17, 2018

What GAO Found In its December 2017 report, GAO found that the Centers for Medicare & Medicaid Services' (CMS) antifraud efforts for Medicare partially align with GAO's 2015 A Framework for Managing Fraud Risks in Federal Programs (Framework). The Fraud Reduction and Data Analytics Act of 2015 required OMB to incorporate leading practices i (more...)

Resiliency in 2018: Q&A With BCI’s David Thorp

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto. We reached out to Thorp to get his insight on organiza (more...)

Happy Fourth of July!

  Risk Management magazine and the Risk Management Monitor team wish our readers a very safe and happy Independence Day! (more...)

Starbucks And Coffee Industry To Reassess Strategies

The coffee industry is poised for moderate growth in the next five years, but is warned of an emerging risk: an informed consumer, according to a recent IBISWorld report. “Despite long-term, aggregate declines in healthy eating, consumers are more aware of health issues associated with fatty foods and are increasingly going out of their way t (more...)

Information Technology: IRS Needs to Take Additional Actions to Address Significant Risks to Tax Processing, Jun 28, 2018

What GAO Found The performance of the Internal Revenue Service's (IRS) selected information technology (IT) investments that GAO reviewed varied. Specifically, the four selected investments in the development phase that GAO reviewed spent less than planned, but most were behind schedule and delivered less scope than planned (see table below). In (more...)

U.S. Border Agents Hacked Their “Risk Assessment” System to Recommend Detention 100% of the Time

The Trump administration has modified that system that was created in 2013. (more...)

Medicaid: Actions Needed to Mitigate Billions in Improper Payments and Program Integrity Risks, Jun 27, 2018

What GAO Found GAO's work has identified three broad areas of risk in Medicaid that also contribute to overall growth in program spending, projected to exceed $900 billion in fiscal year 2025. 1) Improper payments, including payments made for services not actually provided. Regarding managed care payments, which were nearly half (or $280 billio (more...)

Safety Groups Warn of Added Summer Risks

Summer has arrived, but it is not a time for total relaxation. According to the National Safety Council (NSC), July and August typically see more accidental deaths than any other two-month period—a trend that includes drowning, pediatric vehicular heatstroke, pedestrian deaths, natural disasters and gun-related fatalities. To stress the (more...)

Border Agents Hacked Their 'Risk Assessment' System To Recommend Detention 100% Of The Time

Risk assessment was already problematic. Now immigration authorities are throwing its "scientific veneer" to the wind. (more...)

Despite A ‘Near-Average’ Forecast, Hurricane Flooding May Increase

With so many businesses and individuals affected by Hurricanes including Maria, Harvey and Irma in 2017, risk managers and insurers are looking to revised forecasts of this year’s hurricane season for a glimmer of hope that 2018 will not bring the same destruction. They may have found it in new information released by Colorado State Universit (more...)

New RIMS Report Delivers a ‘Wakeup Call’ To Risk Managers

According to the new RIMS report, Enterprise Risk Management’s Wakeup Call: 10 Years After, an increasing number of organizations are at least partially integrating ERM into their frameworks as they prepare for the possibility of another financial crisis or a new threat. “The evidence shows that risk management has evolved from a promis (more...)

Multiple Risks to Watch Out For at 2018 World Cup

Above: Luzhniki Stadium in Moscow  The 2018 World Cup tournament began on June 14 and lasts until July 15. Thousands of fans will travel to Russia for the event, which consists of 64 matches and 32 teams in 11 cities. Like other mega events, it presents countless challenges for a number of industries including construction, travel, h (more...)

Using Technology to Streamline Governance, Risk and Compliance

Risk can span across multiple areas within the business environment, and a single risk factor can have numerous cross-organizational touch points. Vastly different business units such as information security, vendor management, compliance, business continuity, physical security and human resources are all critical aspects within an overall risk and (more...)

Expect the Unexpected: Mitigating the Risks of Natural Disasters

As we’ve seen with the recent Kilauea volcanic eruption and last year’s catastrophic hurricane season, natural disasters are becoming more frequent and dramatically more powerful. In fact, NOAA recently reported that weather and climate disasters reached an all-time high in damage costs within the United States, exceeding $300 billion i (more...)

High Risk: Agencies Need to Continue Efforts to Address Management Weaknesses of Federal Programs Serving Indian Tribes, Jun 13, 2018

What GAO Found GAO designated the federal management of programs that serve tribes and their members as high risk, and officials from the Department of the Interior's Office of the Assistant Secretary-Indian Affairs (Indian Affairs), the Bureau of Indian Education (BIE), the Bureau of Indian Affairs (BIA), and the Department of Health and Human (more...)

Compliance in 2018: Q&A with James Reese of the SEC

The Securities and Exchange Commission (SEC) recently named James Reese as the Chief Risk and Strategy Officer for the Office of Compliance Inspections and Examinations (OCIE), which also leads the Office of Risk and Strategy (ORS). These offices assess companies’ and products’ risk to the financial markets and influence the SEC&rs (more...)

Secure Messaging in Incident Response and Business Continuity

Today’s businesses face unprecedented risks. As mass interconnectivity replaces operational silos, every aspect of business, from transportation and the supply chain to email, data storage, facilities management and financial transactions, are all vulnerable to compromise, disruption and human error. In addition to the people, processes and t (more...)

The Business Impact of Trump Tariffs

In March, the Trump administration sparked an outcry by announcing that it would impose import tariffs of 10% on aluminum and 25% on steel, following earlier tariffs on solar panels and washing machines. Representatives from the retail, automobile, manufacturing, construction and information technology ­industries, the U.S. Chamber of Commerce (more...)

The Benefits of Diversity & Inclusion Initiatives

Many workplaces today reflect the exceptional diversity of the United States. Proud of their workforce diversity, companies highlight it on annual report covers and in recruitment and marketing materials. But beyond looking diverse, are these workplaces actually inclusive? No figures or statistics can adequately answer that question, but the fact (more...)

Understanding the New ISO and COSO Updates

Earlier this year, the International Organization for Standardization (ISO) published a long-awaited revision to ISO 31000, its risk management guidelines. After the June 2017 revision of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management (ERM) framework, this means that two of the most w (more...)

Making Employees More Cyber-Aware

An organization is only as strong as its weakest link and when it comes to cybersecurity, employees are that weak link—and, in turn, a prime target. While technology plays an essential role in any organization’s defense, it does not stop employees from making basic security mistakes. In its Cost of Cyber Crime Study, Accenture found th (more...)

Fixing the Problems with Passwords

While certainly necessary, the use of passwords for account authentication is flawed. Think for a moment about the passwords you have set for the dozens of work and personal accounts you access every day. At least one password you use is likely derived from the name of a family member, pet, location or some other part of your personal life, and th (more...)

Tech Risk Knowledge Gap

As emerging technology increasingly influences business strategies and operations, many risk professionals are struggling to keep pace with the associated risks, according to a report by Marsh and RIMS. In the 15th annual Excellence in Risk Management survey, 59% of respondents said their organization is currently using or exploring the use of IoT (more...)

Notepad: Risk in Review – June

Hawaii’s Kilauea Volcano Erupts On May 3, the Kilauea volcano on Hawaii’s Big Island erupted, triggering a magnitude-6.9 earthquake and beginning weeks of dangerous volcanic activity. As of mid-May, at least 23 fissures had opened on the island since the eruption, spewing lava, toxic gases and ash. When lava reached the Pacific Ocean, i (more...)

B61-12 Nuclear Bomb: Cost Estimate for Life Extension Incorporated Best Practices, and Steps Being Taken to Manage Remaining Program Risks, May 31, 2018

What GAO Found The National Nuclear Security Administration (NNSA) incorporated most cost estimating best practices to develop the program cost estimate for the B61-12 Life Extension Program (LEP), which seeks to consolidate four versions of a nuclear weapon—the B61 bomb—into a bomb called the B61-12. As shown in the figure below, t (more...)

National Safety Month Targets Preventable Deaths

Hazardous work zones, insufficient planning, prescription and illegal drugs and distracted driving continue to affect the careers and companies of employees in the United States. According to the National Safety Council’s (NSC) Injury Facts, the lifetime odds for the top three accidental causes of death are motor vehicle crashes (1 in 102), o (more...)

Are You Ready for GDPR?

If your work involves personal data, you probably already know the European Union’s (EU) General Data Protection Regulation (GDPR) enforcement date is May 25. While penalties for noncompliance can be stiff, the sky may not be falling just yet. GDPR focuses on personal data originating from the EU, which reaches well beyond the EU’s bord (more...)

NASA Information Technology: Urgent Action Needed to Address Significant Management and Cybersecurity Weaknesses, May 22, 2018

What GAO Found The National Aeronautics and Space Administration (NASA) has not yet effectively implemented leading practices for information technology (IT) management. Specifically, GAO identified weaknesses in NASA's IT management practices for strategic planning, workforce planning, governance, and cybersecurity. NASA has not documented i (more...)

Hawaii Volcanic Activity Reinforces States’ Need for Catastrophe Planning

Recent volcanic activity in Hawaii has turned national attention to emergency preparedness planning. As previously reported, the Kilauea eruption lessened but caused aftershocks, lava flow and lingering hazardous fumes in nearby areas. About 1,800 people live in the area, which was ordered to be evacuated last week by Hawaii County. No deaths or in (more...)

Reputational Crisis Forces Cambridge Analytica’s Closure

Most of us are aware of the recent scandal involving Facebook and political consulting firm Cambridge Analytica, wherein the latter company obtained data from up to 87 million Facebook users and, in turn, built profiles of individual voters and their political preferences to best target advertising and sway voter sentiment. This information was use (more...)

LIRR Misses Critical Juncture for Positive Train Control

Last week, the Long Island Rail Road (LIRR) confirmed interruptions in its ability to fully install positive train control (PTC) across its system by the end of the year. Newsday reported that the LIRR system, which is a unit of the Metropolitan Transportation Authority’s (MTA) network, failed 16 out of 52 factory tests performed in early Mar (more...)

Developing an Effective Disaster Preparedness and Communication Plan

Check out more from Risk Management on:Disaster PreparednessDisaster RecoveryNatural Catastrophes Although weather is often unpredictable and always uncontrollable, businesses can go a long way toward mitigating damage with careful preparation. According to a 2018 report by the U.S. Chamber of Commerce and MetLife, however, more than one-th (more...)

Weathering the Storm: Developing an Effective Disaster Preparedness and Communication Plan

Check out more from Risk Management on:Disaster PreparednessDisaster RecoveryNatural Catastrophes Although weather is often unpredictable and always uncontrollable, businesses can go a long way toward mitigating damage with careful preparation. According to a 2018 report by the U.S. Chamber of Commerce and MetLife, however, more than one-th (more...)

Improving the Business Restoration Process After a Disaster

Check out more from Risk Management on:Disaster PreparednessDisaster RecoveryNatural Catastrophes Companies routinely go to great lengths to increase productivity and efficiency in pursuit of cost savings, higher profits and other important business goals. Yet many organizations still fail to plan and prepare properly ahead of disasters to (more...)

Up and Running: Improving the Business Restoration Process After a Disaster

Check out more from Risk Management on:Disaster PreparednessDisaster RecoveryNatural Catastrophes Companies routinely go to great lengths to increase productivity and efficiency in pursuit of cost savings, higher profits and other important business goals. Yet many organizations still fail to plan and prepare properly ahead of disasters to (more...)

Helping the Helpers: Supporting the Resilience of First Responders

Whether natural or man-made, disasters are life-changing events that can leave lasting effects on all involved. While disaster plans rightfully focus on helping the victims of a crisis, there is another aspect of recovery to consider: Who provides support to the people on the front lines of a disaster response? Who helps the helpers? Check out mo (more...)

Fertility Clinic Failures Highlight Storage Risks

On the weekend of March 3, equipment failures at two unrelated fertility clinics in California and Ohio damaged or destroyed thousands of frozen eggs and embryos. At the Pacific Fertility Center in San Francisco, an embryologist checking on the cryogenic tanks that housed their specimens discovered that the liquid nitrogen level in one was serious (more...)

Growing Cities Mean Growing Risks

On a recent list of the fastest growing American cities, Nashville jumped from 20th to 7th in a year. There are more than 210 active construction projects in the downtown core alone. We are hardly alone. Denver, New York, Charlotte, Atlanta and more are experiencing similar growth. Cities are booming and growing, and the construction cycle is showi (more...)

Prescription Opioid Risks to the Workplace Explored at RIMS 2018

SAN ANTONIO – When the White House declared opioid use a national Public Health Emergency under federal law in 2017, businesses began reviewing their policies and making efforts to curb their employees’ abuse of the drug in its prescribed form. This escalating risk to organizations is why the business impact of prescription opioid use w (more...)

Weekly Roundup: April 16 - 20, 2018

Articles from across the Web that we at the IBM Center for The Business of Government found interesting for the week of April 16 - 20, 2018. John Kamensky New Workforce Reform Goals.  Federal News Radio reports: “The Trump administration is beginning to outline its plan to moderniz (more...)

Business and Employee Safety During Crisis Explored at RIMS 2018

SAN ANTONIO – Emergency preparedness and action plans amid violent crises were explored during educational sessions at RIMS 2018 here. On Monday and Tuesday, experts discussed ways businesses can prepare for active shooter events and kidnapping crises. Experts agreed that in such events, lives, operations, reputation and finances are all at s (more...)

Risk Manager of the Year: Q&A with Rebecca Cady

Rebecca Cady, vice president and chief risk officer of Children’s National Medical Center (CNMC) in Washington, D.C. was named the RIMS 2018 Risk Manager of the Year today. CNMC is the largest freestanding pediatric academic medical center and health system in the greater D.C. area., with annual revenues of nearly $1.2 billion. She was prais (more...)

RIMS Bestows Top Industry Honors and Awards

SAN ANTONIO—At today’s RIMS 2018 Annual Conference & Exhibition Awards Luncheon, the risk management society kicked off the week by issuing its top marks of distinction for leadership and achievement in the industry. Ward Ching, managing director of the western region at Aon Global Risk Consulting, received RIMS’ most prestig (more...)

Risk Management of Technology Risks Lagging, Survey Finds

Technology is becoming more and more necessary for the growth of companies, enhancing their abilities to get products to their destination faster and automate core processes. In fact, it’s predicted that revenues from AI-related technologies will reach $127 billion by 2025.Technology has also led to safer work conditions for employees with th (more...)

Paws and Effect: New Breeds of Assistance Animals Bring Challenge and Opportunity

In January, a performance artist with an “emotional support peacock” was denied entry for a flight on United Airlines out of Newark Airport. The owner brought the bird to the airport, arguing that she purchased a ticket for him, but the airline said it had repeatedly warned her in advance that they could not safely make such an accommo (more...)

The Risks of High-Tech Trash

In 2016, the world generated 44.7 million metric tons of e-waste, equivalent to almost 4,500 Eiffel Towers, according to the Global E-Waste Monitor 2017, a joint report produced by the United Nations University, the International Telecommunication Union and the International Solid Waste Association. This amount is expected to increase to 52.2 mill (more...)

A User’s Guide to Data Breach Insurance Coverage

High-profile data breaches like last year’s Equifax hack, which exposed the personal information of more than 147 million consumers and led to class action lawsuits, criminal investigations and increased regulatory scrutiny, serve as a vivid reminder that all companies need to take steps to protect themselves from such disaster. When preparin (more...)

Active Shooter Coverage Gaining Traction

The Feb. 14 shooting at Marjory Stoneman Douglas High School in Parkland, Florida, left 17 dead and 17 injured. The tragedy is yet another reminder that risk managers in any organization, whether public-sector or private, could be impacted by a mass shooting. In fact, the frequency of such events has escalated in recent years—in 2017, the Gu (more...)

6 Steps to GDPR Implementation

The European Union’s impending General Data Protection Regulation (GDPR), which goes into effect on May 25, applies to every company that offers goods or services to the EU or monitors the behavior of individuals within the EU. The aim of the GDPR is to ensure that an individual’s personal data is stored with consent, for a specific pu (more...)

Q&A: Communicating Risk

Robert Cartwright, Jr., RIMS president for 2018, is a firm believer in networking, communicating and connecting with local communities and RIMS chapters. A RIMS member for more than 25 years, he has served on its board of directors for a decade,  and remains active with the RIMS Delaware Valley Chapter where he has held every board position, (more...)

The Planet’s Plastic Garbage Problem

A giant island composed of plastic waste thrice the size of France is floating in the Pacific Ocean. The Great Pacific Garbage Patch (GPGP) contains 1.8 trillion pieces of plastic weighing 80,000 metric tons. It is located between Hawaii and California, which has the distinction of being the world’s largest accumulation zone for ocean plastic (more...)

Technology Assessment: Artificial Intelligence: Emerging Opportunities, Challenges, and Implications, Mar 28, 2018

What the Participants Discussed Forum participants noted a range of opportunities and challenges related to artificial intelligence (AI), as well as areas needed for future research and for consideration by policymakers. Regarding opportunities, investment in automation through AI technologies could lead to improvements in productivity and econ (more...)

5 Tips for Choosing the Right TPA

While many risk managers have had excellent experience with their third party administrators (TPAs), others have been disappointed. Unfortunately, when the match isn’t right, the risk manager may be left with poor claim outcomes, higher claims and insurance costs, and difficulty identifying issues and making corrections. The key to succe (more...)

USDA’s Sheridan: Cloud Is the Way Out of Infrastructure ‘Death Spiral’

The CIO of the Agriculture Department’s Risk Management Agency believes the cloud can revolutionize the federal IT work model. (more...)

U.S. Dept. of Interior Celebrates National Puppy Day

Today, March 23 is National Puppy Day, celebrated by organizations everywhere that benefit from the smarts and loyalty of our canine friends. Dogs assist humans in a number of situations including bomb-sniffing dogs on the battlefield, TSA dogs used in airports to locate contraband and as reported in Risk Management, arson dogs are employed to dete (more...)

Integrating & Analyzing Data in Government—the Key to 21st Century Security: Observations from Brussels

On February 22, the IBM Center for the Business of Government hosted the second part of a transatlantic roundtable discussion at the US Mission to the European Union (EU) in Brussels, about integrating and analyzing data within and across governments to improve threat prediction and prevention. (more...)

VA Disability Benefits: Improved Planning Practices Would Better Ensure Successful Appeals Reform, Mar 22, 2018

What GAO Found The Department of Veterans Affairs' (VA) plan for implementing a new disability appeals process while attending to appeals in the current process addresses most, but not all, elements required by the Veterans Appeals Improvement and Modernization Act of 2017 (Act). VA's appeals plan addresses 17 of 22 required elements, partially (more...)

Robotic Process Automation for Risk and Compliance

Robotic process automation (RPA), a new technology that uses software “robots” to mimic human behavior and automate certain business processes, has been trending across industries as a new way to drive cost efficiencies, and reduce manual efforts and remediation efforts. Because they have a relatively large amount of manual, repetitive (more...)

Food Safety: Federal Efforts to Manage the Risk of Arsenic in Rice, Mar 16, 2018

What GAO Found The National Research Council (NRC) of the National Academy of Sciences, in 2013, and more recent key scientific reviews reported evidence of associations between long-term ingestion of arsenic and adverse human health effects, such as cardiovascular disease. Many of the studies NRC reviewed as part of its survey of the scientific (more...)

Q&A: Cape Town’s ‘Day Zero’

On March 22, the annual World Water Day will be especially relevant, as the United Nations and its co-sponsors hope to raise global awareness of water risks—particularly in Cape Town, South Africa. As we previously reported, a diminishing water supply is that city’s top priority, as it is counting down to an increasingly (more...)

2 Fertility Clinic Failures a ‘Bad Coincidence’

Equipment failures on the same day at two fertility clinics located across the country from each other—in California and Ohio—may have damaged or destroyed thousands of frozen eggs and embryos. The simultaneous “black swan events” appear to have no connection to each other and have experts mystified. Dr. Carl Herbert, p (more...)

Cape Town’s Water Shortage Approaching ‘Day Zero’

Risk Management magazine recently covered the World Economic Forum’s (WEF) 2018 Global Risks Report, in which environmental and technological risks dominate the worldwide threat landscape. The WEF ranked water crises as the fifth-highest risk based on impact, downgraded from the number one spot in 2015. But a diminishing water suppl (more...)

Will Bitcoin Turn Business on Its Head?

Particularly over the past year, individuals have seen lucrative returns from investing in various types of cryptocurrency like bitcoin, ethereum and ripple—the three most popular by market capitalization. Stories of amateur investors becoming cryptocurrency millionaires have sparked widespread public interest and, as a result, its prospects (more...)

Captives Reach New Heights

Over the past five years, the popularity of captive insurance companies has skyrocketed. Not only do more than 90% of Fortune 500 businesses own at least one captive, but even small and mid-sized companies have formed them. The motivations for creating a captive have not changed much in the half-century since the first captive was formed in (more...)

The Rising Tide of ­Maritime Shipping Risks

Responsible for carrying 90% of the world’s trade, the shipping industry is the backbone of the global economy. Allianz reports that the international marine cargo industry transports goods with an estimated value of $4.5 trillion annually. Between 1980 and 2016, the deadweight tonnage of container ships—a measure of how much weight a (more...)

Environment, Cyberrisk Top WEF Risk Predictions

In the World Economic Forum’s 2018 Global Risks Report, environmental and technological risks dominate the worldwide threat landscape. Of the 1,000 business, government and civil society leaders surveyed, most believe that global risks will only worsen in 2018, with 59% predicting an intensification of risks and only 7% predicting reduction. (more...)

Captive Insurance and the New U.S. Tax Cuts and Jobs Act

Although the Tax Cuts and Jobs Act of 2017, passed in December, has promised to provide a variety of financial benefits for many businesses, its impact on captive insurance companies is not yet clear. “While there is much speculation right now, it is too early to tell what the outcomes might be,” said Daniel Towle, president of the Cap (more...)

Global Fraud Incidents on the Rise

Fraud incidents continue to increase in frequency, with 84% of companies reporting at least one occurrence in the past year, up from 82% in 2016, according to Kroll’s tenth annual Global Fraud & Risk Report. For the first time in the survey’s history, information theft, loss, or attack was the most prevalent type of fraud experienc (more...)

How Can Agencies Effectively Implement Artificial Intelligence?

Managing data, workforce, and risk can help agencies to enhance the successful adoption of AI in improving mission and program performance. Blog Co-Author: Claude Yusti, Partner, Public Sector Watson AI and Data Platform, IBM Global Business Services As the public sector adopts new technolog (more...)

Amtrak Positive About Meeting PTC Deadline

Earlier this month, Amtrak President Richard Anderson told the House railroads subcommittee that his company is on target to complete installation of positive train control (PTC) on the infrastructure it controls and on all of its equipment by the Dec. 31, 2018 federal deadline. He warned, however, that trains without PTC by the deadline (more...)

Companies Continue to Grapple with Cyberrisk, Study Finds

As technology becomes more critical to company success, the number of cyberattacks has climbed. As a result, Cyberrisk has become one of the top risks for companies around the world, according to the Marsh-Microsoft Global Cyber Risk Perception Survey. Almost two-thirds of survey respondents identified cyber risk as one of their organization’ (more...)

Developing a Cyberattack Response Plan

Right now, somewhere in the United States, a cyberattack is happening. In fact, many cyberattacks are likely happening—which is why cybercrime damage costs are estimated to hit $6 trillion annually by 2021. Risk management professionals and executives are not only challenged by the volume of cyberthreats, but by their growing complexity as we (more...)

Critical Infrastructure Protection: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption, Feb 15, 2018

What GAO Found Most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors. Federal policy directs nine federal lead agencies—referred to as sector-specific (more...)

New Bill Would Toughen Calif. Dam Inspections

DWR Photo: Lake Oroville on Jan. 19, 2018 with lake levels at 707 feet. A year after the spillway collapse at the Oroville Dam, leading to evacuations of almost 200,000 residents and a beat-the-clock patching job to avoid a break in the tallest dam in the United States, new legislation to strengthen inspections of dams awaits approval of California (more...)

Thousands of U.S. Bridges Deemed Deficient

More than 54,000 bridges along the Interstate Highway System in the United States were rated as “structurally deficient,” according to new analysis conducted by the American Road & Transportation Builders Association’s (ARTBA). This was just one of many of the concerning statistics detailed by ARTBA in its 2018 Deficient (more...)

Weekly Roundup: January 29 – February 2, 2018

Articles from across the Web that we at the IBM Center for The Business of Government found interesting for the week of January 29 – February 2, 2018. John Kamensky Citizen Satisfaction Rises.  NextGov reports: “Citizen satisfaction reached an 11-year high last year, rising 2 (more...)

Love and Cybersecurity: Q&A with eHarmony’s Ronald Sarian

Now through Feb. 14 is the busy season for the online dating and matchmaking industry. Heavier traffic can present risks to these sites, demanding added precautions. Ronald Sarian, vice president and general counsel (and default risk manager) at eHarmony spoke to Risk Management Monitor about the types of risks he faces—particularly rega (more...)

2018 Cyberrisk Landscape

The risk and insurance community consistently ranks cyberrisk as its top area of interest and concern, and it’s no wonder—these days, every year is a banner year for cybersecurity. The more that stays the same, the more things change. Cyberrisk management and awareness continue to improve, but many companies still lag on even fundament (more...)

Getting Ready for GDPR

On May 25, 2018, an aggressive new regulation, regarding the handling of the personal data of European Union citizens will go into effect. The EU General Data Protection Regulation (GDPR) updates current EU data privacy rules, which were originally implemented in 1995 before the digital ­revolution truly took hold. The latest regulation recogn (more...)

Combating Sexual Harassment in the Workplace

A powerful Hollywood mogul. A high-profile television news host. A well-known actor. A sitting U.S. Senator. From celebrities to politicians, they began to fall. It started with a few voices speaking up and has cascaded into an avalanche of sexual harassment and misconduct charges that has continued well into 2018. While many of the sexual harassm (more...)

Addressing Construction Risks with Technology

Skilled labor will always be the most valuable tool of the construction trade, but technology is increasingly playing a role in how the work gets done. New devices offer safety and procedural enhancements, helping the construction industry address two of its greatest challenges: a labor shortage and high rates of worker injury and fatality. These (more...)

Preventing Employee Lawsuits

In response to the current spate of workplace harassment and discrimination reports, organizations need to take precautions to safeguard their employees and prevent lawsuits, according to the 2017 Hiscox Guide to Employee Lawsuits. The report notes that this problem is costing companies an average of $160,000 for cases that result in a defense and (more...)

62% of Companies Surveyed Lacked Hurricane Prep in 2017

A majority of senior executives of large U.S. companies with operations in Texas, Florida or Puerto Rico admit to being unprepared for last year’s hurricanes that devastated their communities, according to a survey by FM Global. While 64% of respondents said the hurricanes had an adverse impact on their operations, a full 62% said they were n (more...)

VA Disability Benefits: Opportunities Exist to Better Ensure Successful Appeals Reform, Jan 30, 2018

What GAO Found The Department of Veterans Affairs' (VA) plan for implementing a new disability appeals process while attending to appeals in the current process addresses most, but not all, elements required by the Veterans Appeals Improvement and Modernization Act of 2017 (Act). VA's appeals plan addresses 17 of 22 required elements, partially (more...)

Competition Steady Despite Disasters, Fitch Says

In its newest annual outlook report for property and casualty insurers, Fitch Ratings noted that while the 2018 rating outlook for insurers is stable, the fundamental forecast remains negative. Underwriting results deteriorated in the second half of 2017 following events including Hurricanes Harvey, Irma and Maria, along with fourth quarter Ca (more...)

Which Management Initiatives Had the Biggest Impact Over the Past 20 Years?

A new survey identifies four sets of management initiatives that have had the greatest impact on government management efforts over the past twenty years. Blog Co-Author: Mark Abramson, Leadership Inc. This blog is one in a series.  The IBM Center for The Business of Government turns 20 (more...)

Mitigating Cyberrisk in 2018

Businesses face many risks related to technology, including the risk of a cyberbreach resulting in the loss of protected health information (PHI), personally identifiable information (PII) or payment card information. The threats are real, and the potential losses can be steep. The Ponemon Institute found in its 2017 Cost of a Data Breach report, t (more...)

Brand perception: 2017 Hurricane Lessons Learned

The 2017 hurricane season has proven to be particularly trying for many businesses, as they worked around maintaining operations during Hurricanes Harvey, Irma, Maria, and Nate. As a result, many organizations found themselves questioning how to properly adjust policies and practices to mitigate risk and also protect their brand image. Companies wi (more...)

State of Privacy in 2018: Q&A With Richard Purcell

Jan. 28 marks the annual Data Privacy Day (DPD), which was adopted in North America to bring together businesses and private citizens in an effort to share strategies for protecting consumers’ private information. Richard Purcell, DPD advisory board member and CEO of the Corporate Privacy Group spoke to Risk Management Monitor  (more...)

Preparing C-Level Employees for Risk

As risks associated with technology and cybersecurity have increased in the last decade, it is more imperative than ever that corporations undertake the proper protocols to protect themselves. When it comes to implementing risk management processes, many assume C-level executives head up these efforts, involving key departments throughout their org (more...)

Annual Data Privacy Day to Focus on Safeguarding Data

Last year was certainly a turning point in the history of online privacy and cyber security. Between ransomware attacks, the Equifax breach and the Federal Communication Commission’s vote to repeal net neutrality regulations—just to name a few high-profile incidents in the United States—businesses and citizens have more reasons th (more...)

VA Facility Security: Policy Review and Improved Oversight Strategy Needed, Jan 11, 2018

What GAO Found The Department of Veterans Affairs' (VA) risk management policies include some but not all of the elements of standards set by the Interagency Security Committee (ISC). ISC was established via executive order to develop security standards and best practices that federal agencies are to follow when developing and conducting risk a (more...)

OIG Special Report - FY 2017 Purchase Card Risk Assessment (SR-2018-08)

OIG Special Report - FY 2017 Purchase Card Risk Assessment (SR-2018-08) (more...)

Compliance Isn’t Security—But It Helps

For more secure networks, federal IT teams should balance compliance exercises with risk management strategies. (more...)

10 Steps to Effective Enterprise Risk Management

Enterprise risk management (ERM) has emerged as a best practice in gaining an overview of strategic, financial and operational threats, and in determining how to mitigate and manage those risks. A comprehensive approach to risk management is important because it helps management comprehend the true potential of threats and allows organizations to a (more...)

How Risk Is Transforming Government

Risk management is not simply a compliance exercise but goes to the core of agency mission delivery. (more...)

Happpy Holidays from the Risk Management Monitor

Risk Management magazine and the Risk Management Monitor team wish our readers a very safe and happy holiday! (more...)

Proposed Bills Highlight Legal Risks of Sexual Misconduct Claims

In the current climate of sexual harassment incidents being reported in a variety of industries across the country, organizations and their legal departments should be reviewing legislation and considering their legal risks, should they need to defend against sexual harassment or misconduct allegations. Just this month, in fact, legislation was pro (more...)

Amtrak Washington Derailment Could Have Been Prevented

An Amtrak train derailment near Tacoma, Washington on Dec. 18 that killed three passengers and injured about 100 was the result of excessive speed in a steep curve, and could have been prevented with automatic braking technology, according to experts. Amtrak Train No. 501, on its inaugural run, was traveling 80 miles per hour in an area limite (more...)

Announcing the Center’s Newest Research Report Topics

The Center for The Business of Government continues to support research by recognized thought leaders on key public management issues facing government executives today We are pleased to announce our latest round of awards for new reports on key public sector challenges, which respond to prio (more...)

Using ERM to Protect Your Business from The Equifax Fallout

As with many data breaches, the general conclusion of the Equifax attack is that personnel were not aware of the issue beforehand. This conclusion, however, is false. In early September, I anticipated that a vulnerability in Equifax’s software was known ahead of time, and that this scandal was, therefore, entirely preventable. A month later, (more...)

Risk and Crisis Management Explored at Cyber Event

NEW YORK—Cyberattacks and data security need to be high priorities for all businesses, experts stressed at ALM’s cyberSecure 2017 event here, Dec. 4 and 5. In fact, not only is failing to prepare for an attack or breach risky, it’s foolish, Kathleen McGee, internet & technology bureau chief for the Office of the Attorney Gener (more...)

Medicare and Medicaid: CMS Needs to Fully Align Its Antifraud Efforts with the Fraud Risk Framework, Dec 05, 2017

What GAO Found The approach that the Centers for Medicare & Medicaid Services (CMS) has taken for managing fraud risks across its four principal programs—Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and the health-insurance marketplaces—is incorporated into its broader program-integrity approach. According (more...)

Medicare and Medicaid: CMS Needs to Fully Align Its Antifraud Efforts with the Fraud Risk Framework, Dec 05, 2017

What GAO Found The approach that the Centers for Medicare & Medicaid Services (CMS) has taken for managing fraud risks across its four principal programs—Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and the health-insurance marketplaces—is incorporated into its broader program-integrity approach. According (more...)

Santa’s Impact on Business and Finance

Just as Santa Claus brings gifts down chimneys, his name alone also carries the stigma of risks that transcend all industries. Indeed, thanks to the logistics of his job we have a firm grasp of the risks of reindeer-led aviation. But perhaps more importantly, Kris Kringle’s presence has long influenced finance and business. Mentioning him on (more...)

Year in Risk 2017

Whether it was natural disasters, cyberattacks, corporate crises, political uncertainty or terrorist activity, risk events made high-profile and often sobering headlines in 2017. Although by no means exhaustive, the following review of the year in risk can help risk professionals learn from the past so that they can better prepare for future threa (more...)

On the Ground: Risk Management in a Historic Hurricane Season

A devastating hurricane season left catastrophic damage across the Atlantic basin, with the most severe storms in more than a decade striking the Caribbean and southern United States in close succession. While the year is not yet over, 2017 is already one of the most expensive in history for natural disasters. Risk Management spoke with individual (more...)

Technology to the Rescue

The trio of powerful hurricanes that impacted Florida, Texas, Puerto Rico, the Virgin Islands and the rest of the Caribbean in 2017 left large swaths of destruction in their wake and much work to be done to restore business and infrastructure operations. To assist in the response and recovery processes, many organizations turned to technology, suc (more...)

Risk Management’s Strategic Role

The financial crisis that began a decade ago undoubtedly triggered a renewed focus on risk management. One result is that finance executives and risk professionals are increasingly asked to provide insights on risks to inform decisions that impact organizational strategy. In the 2017 AFP Strategic Role of Treasury Survey from the Association of Fi (more...)

How to Manage Personal Device Risk

In the decade since the iPhone was released in 2007, mobile device adoption has exploded in the workplace. Bring your own device (BYOD) policies are proliferating at a faster rate than the use of corporate-owned devices. Many security teams have moved to control corporate-owned devices with enterprise mobility management programs, and some go as f (more...)

Inside New York’s Cyber Regulation

In March 2017, the New York State Department of Financial Services passed 23 NCRR 500, which establishes cybersecurity requirements for financial services companies. The regulation is one of the first to advocate a risk-based approach to security that does more than simply react to threats. Core to the regulation is the completion of a risk assess (more...)

ERM and the Art of Motorcycle Adventure

This summer, I took a six-day motorcycle trip through Montana and Wyoming. While touring some of the most beautiful parts of the country, it struck me that operating a motorcycle and implementing ERM have a lot in common. On the road, the continuous monitoring of your speed, body posture, the weather and road conditions, the lane you are traveling (more...)

ERM Benchmarks

Since the financial crisis nearly 10 years ago, the financial industry has led the way in adoption and advancement of enterprise risk management programs, according to the RIMS 2017 Enterprise Risk Management Benchmark Survey. In 2013, more than half of respondents in the financial sector said they had a fully or partially integrated ERM program, (more...)

What Organizations Need to Know about Risk Culture Audits

Today’s risks require more proactive oversight by boards of directors on the issue of risk management. Transitioning to this approach is easier said than done, however. The trouble is that many organizations are weighed down by antiquated risk management frameworks that prevent them from being proactive. Even today, how financial services and (more...)

Drivers Transforming Government: Risk

Mitigating risk, managing cybersecurity, and building resiliency to meet the mission of government Note: The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers of change in government. It is based on our research and numerous insights (more...)

Is Environmental Regulation Dead?

With the dramatic change in the governing philosophy of the nation’s commander-in-chief, coupled with Republican domination of Congress and state governments, some are wondering: Is environmental regulation dead? The answer to this question has critical relevance to risk managers who focus on identifying, evaluating and anticipating enterpris (more...)

Open Offices and Holidays: A Parade of Risks

‘Tis the season for many businesses to stay open through the holidays and for some to take part in the tradition of partying or watching a parade warmly from behind office windows. That’s why businesses located near public events should inform employees of how their offices will be impacted during the holiday season. Parades pose variou (more...)

Keeping Parades and Events Safe for Businesses and Employees

Holiday parades will be marching down many U.S. city streets during the next six weeks, with millions of revelers expected to attend. And while these are historically joyous occasions, safety is a top concern for businesses located near the festivities—especially considering the high-profile violence that has recently dominated headlines. Re (more...)

Insurance Industry Responds to House Approving NFIP Renewal

Insurance industry trade groups lauded the U.S. House of Representatives’ vote on Nov. 14, reauthorizing the National Flood Insurance Program (NFIP). The 21st Century Flood Reform Act (H.R. 2874) would reauthorize the program for five years and enact operational changes. Advocates from RIMS, the risk management society, the Property Casu (more...)

Financial Audit: Securities and Exchange Commission's Fiscal Years 2017 and 2016 Financial Statements, Nov 15, 2017

What GAO Found GAO found (1) the United States Securities and Exchange Commission’s (SEC) and its Investor Protection Fund’s (IPF) financial statements as of and for the fiscal years ended September 30, 2017, and 2016, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; (2) (more...)

Financial Audit: Securities and Exchange Commission's Fiscal Years 2017 and 2016 Financial Statements, Nov 15, 2017

What GAO Found GAO found (1) the United States Securities and Exchange Commission’s (SEC) and its Investor Protection Fund’s (IPF) financial statements as of and for the fiscal years ended September 30, 2017, and 2016, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; ( (more...)

Drivers Transforming Government: Agility

Adopting new ways for government to operate, using agile principles and putting user experiences and program results at the forefront. Note:  The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers of change in government. It is ba (more...)

The Strengths and Weaknesses of Country Risk Maps

Country risk maps are a type of infographic developed by consultancies and insurance firms that shows how exposed countries around the world are to particular threats such as political instability, terrorism or crime, among others. In some cases, the maps assess an aggregate risk like security or travel risk, both of which have many component eleme (more...)

The Eightfold Path for Enterprise Risk Management

Enterprise Risk Management (ERM) practitioners often struggle with thematic challenges cutting across both industry and geography. These difficulties include capturing all categories of risk with metrics that reflect an organization’s decision style and performance measurement methods, avoiding the trap of being perceived as bureaucracy or re (more...)

Disaster Assistance: Opportunities to Enhance Implementation of the Redesigned Public Assistance Grant Program, Nov 08, 2017

What GAO Found The Federal Emergency Management Agency (FEMA) redesigned the Public Assistance (PA) grant program delivery model to address past challenges in workforce management, but has not fully assessed future workforce staffing needs. GAO and others have previously identified challenges related to shortages in experienced and trained FEMA (more...)

High Performance Risk Management

LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” Chris Mandel, senior vice president of strategic s (more...)

Drivers Transforming Government: Insight

Policy makers, agency leaders, and frontline staff regularly find themselves having to make sense out of data and information, drawing out insights to inform decisions. Note:  The IBM Center recently released Seven Drivers Transforming Government, a series of essays exploring key drivers (more...)

Coverage, Breaches Highlighted at Advisen Cyber Conference

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 20 panels and sessions on Oct. 26. The keynote was delivered by former New York City Mayor Rudolph W. Giuliani, currently the chair of Greenberg Traurig LLP’s Cybersecurity, Privacy and Crisis Manage (more...)

The ERM Imperative

In recent years, many corporations, including BP, Target and Volkswagen, have been prosecuted for various scandals and suffered financial and reputational damage for inflicting harm on their respective employees, customers, shareholders and communities. While these companies come from a wide range of industries that each face unique challenges, th (more...)

Cyber Scorekeepers

Few enterprise risks are more complex, unwieldy and overwhelming than cyberrisks. A well-orchestrated cyberattack can derail business for weeks at a time and cause severe reputation damage. In preparing for such possibilities, risk managers and their colleagues in IT and security must not only focus inward on fast-changing corporate vulnerabilitie (more...)

Downstream Disaster

Many companies have suffered tarnished reputations when their products have become associated with the unpopular actions of other parties. For example, heavy-equipment manufacturer Caterpillar has long been lambasted for selling equipment to the Israeli Defense Force and having its bulldozers and other trucks used to quell civil disturbances in th (more...)

Construction Industry Addresses Risks

The commercial building industry is expected to continue surging through the end of the year, with many independent forecasters predicting growth into 2018. ConstructConnect forecasted a 6.3% increase in total construction growth over 2016 and a 7.2% rise in construction spending this year, for example. The leading recipients of this investment ar (more...)

How Risk Management Can Enable Growth

Traditionally, finance and strategy teams have been tasked with working together to promote corporate growth. Now, new research suggests they need to enlist a third partner—risk management—to achieve sustainable long-term growth. A study conducted by CEB (now Gartner) of the Fortune 1000 and S&P Euro 350, found that just 60 compani (more...)

Developing a Data Backup Strategy

Whether it has been natural disasters or  hacking incidents, recent crises have served as a dramatic reminder that it takes a lot to get back in business following a disruption. Complete disaster recovery means setting up a fully functioning physical or virtual infrastructure, establishing all necessary network connectivity and capability, an (more...)

Managing Pain in the Workforce

Pain is the top cause of adult disability in the United States, costing the workforce as much as $334 billion each year in lost productivity costs, according to a 2012 study in the Journal of Pain. While the musculoskeletal “pain points,” such as back pain and carpal tunnel, are well known and their direct costs well-documented, there (more...)

Cyberrisk, Talent Pose Top Risks for Financial Services

Risk management is gaining prominence in the financial services industry, with 44% of boards of directors devoting more time to oversight of risk management, according to Deloitte’s latest Global Risk Management Survey. The most common risk management responsibilities cited by boards were reviewing and approving the overall risk management p (more...)

Zombie Risk Management 101

An emerging risk over the past 10 years has been the rise of undead walkers, or “zombies” and their influence on supply chains, natural resources and mortality rates. These once-alive individuals thrive on human flesh and spread deadly diseases; their exploits have been well documented in California and Georgia for years on basic cable (more...)

Critical Infrastructure Protection: DHS Risk Assessments Inform Owner and Operator Protection Efforts and Departmental Strategic Planning, Oct 30, 2017

What GAO Found The Department of Homeland Security (DHS) primarily conducts assessments for each of the three elements of risk—threat, vulnerability, and consequence—for critical infrastructures from the three sectors GAO reviewed—Critical Manufacturing; Nuclear Reactors, Materials, and Waste; and Transportation Systems. In li (more...)

Military Readiness: Actions Are Needed to Enhance Readiness of Global Response Force to Support Contingency Operations, Oct 27, 2017

What GAO Found The Department of Defense's (DOD) Global Response Force (GRF) has two distinct uses: one is to enhance DOD's ability to rapidly deploy forces in response to a range of worldwide contingencies with a tailorable joint force; and the other is to provide a set, or “menu,” of units that combatant commands can request to au (more...)

Federal Facility Security: Selected Agencies Should Improve Methods for Assessing and Monitoring Risk, Oct 26, 2017

What GAO Found None of the four agencies GAO reviewed—U.S. Customs and Border Protection (CBP), the Federal Aviation Administration (FAA), the Agricultural Research Service (ARS), and the Forest Service—used security assessment methodologies that fully aligned with the Interagency Security Committee's Risk Management Process for Fe (more...)

Protecting Your Company from Rogue Employees

While employee malfeasance rarely takes down entire companies, it can result in serious fines, sanctions, court judgments, settlements and reputational damage. Big data analytics is one way leading companies are able to mitigate risk, by proactively detecting threatening or illegal behavior. Traditional ERM Approaches Won’t Do Compliance offi (more...)

Recovery Plans Critical Following Active Shooter Incidents

October has been mired by mass shootings in the United States. Incidents in which four or more people were shot—the criteria for a mass shooting—have occurred 15 times in the last 18 days. The Oct. 18 occurrence at a business park in Maryland, involving an employee who killed three co-workers on-site and injured two more, has increased (more...)

A Legacy of Risk: Technology Transformation in Practice

This white paper examines the challenges faced by risk management executives when attempting to replace their risk technology architectures. It highlights lessons learned during this process and pitfalls to avoid, including those related to technical, operational, and cultural factors. (more...)

RIMS Legislative Summit 2017: Focus on Flood

WASHINGTON—The RIMS Legislative Summit kicked off on Wednesday in Washington, D.C. with a panel lead by Congressional office staff. Panelists included Lisa Peto, chief counsel for the Financial Services Committee; Democratic Staff in the U.S. House of Representatives: Jason Tuber, Senior Advisor to Senator Menendez (D-NJ); Ed Skala, Deputy St (more...)

TSA Modernization: Use of Sound Program Management and Oversight Practices Is Needed to Avoid Repeating Past Problems, Oct 17, 2017

What GAO Found The Transportation Security Administration's (TSA) new strategy for the Technology Infrastructure Modernization (TIM) program includes using Agile software development, but the program only fully implemented two of six leading practices necessary to ensure successful Agile adoption. Specifically, the Department of Homeland Securi (more...)

The Global Economy’s New Frontiers

The global economy is in transition, not so much as the result of fluctuating superpower politics, but more so as the quiet byproduct of shifting investment in emerging economies. We are at the end of supersized returns previously found in Brazil, Russia, India, China, and South Africa (BRICS), foreign direct investment constants since 2001 that ha (more...)

Insider Threats Part I: Background and Organizations Working to Counter Insider Threats

Insider Threats are not new. They have plagued the country throughout its history. Since Benedict Arnold in 1789, Insider Threats have endured as a challenge for government. Yet, the seriousness of Insider Threats motivates the ongoing efforts to implement systems and processes to inhibit t (more...)

N. Calif. Wildfires Continue Widespread Destruction

The National Interagency Fire Center (NIFC) increased the National Preparedness Level to 3 today due to wildfire activity in eight Northern California counties, including Napa, Sonoma and Mendocino, where evacuations, road, trail and area closures are in effect. Since their start on the night of Oct. 8, the wildfires in California’s wine cou (more...)

Biodefense: Federal Efforts to Develop Biological Threat Awareness, Oct 11, 2017

What GAO Found Key biodefense agencies—the Departments of Homeland Security (DHS), Defense (DOD), Agriculture (USDA), and Health and Human Services (HHS), and the Environmental Protection Agency—conduct a wide range of activities to develop biological threat awareness for intentional and naturally occurring threats, and reported usi (more...)

Physical Security: NIST and Commerce Need to Complete Efforts to Address Persistent Challenges, Oct 11, 2017

What GAO Found GAO found that efforts to transform the physical security program at the National Institute of Standards and Technology (NIST) have incorporated some key practices, particularly with regard to leadership commitment to organizational change. For example, GAO estimates that, as of May 2017, 75 percent of staff GAO surveyed believe (more...)

Bridging the Security Gap in the Internet of Things

To build an effective security strategy for the internet of things (IoT), we first need to understand the value of the data that is generated. The ability to use data, collected from a variety of locations and sources, to drive decision making is a key asset of the IoT. This valuable data will help organizations to innovate, solve customer problems (more...)

Lawsuits Question Arkema Emergency Preparedness Plan

Last week officials in Harris County, Texas were granted permission to file a lawsuit against international chemical company, Arkema, Inc., in attempt to recover the costs of responding to the crisis at the company’s plant in Crosby during Hurricane Harvey in August into September. The County has asked a court to review the plant’s envi (more...)

8 Legal Developments You Need to Know About

In a new RIMS Professional Report, attorneys Mark Plumer and Xandra Bernardo (of Pillsbury Winthrop Shaw Pittman LLP) and Patrick Walker, a risk professional at mining company Rio Tinto Group, shed light on the top risk management legal developments of 2017. According to the authors, risk managers “must be familiar with the legal princip (more...)

Grid: Locked — Managing the Risks of Hacking the Electric Grid

On Dec. 17, 2016, hackers successfully targeted an electric transmission substation outside of Kiev, Ukraine, leaving part of the city without power for about an hour. Widely thought to be attributable to the Russian government, the incident was the second attack to cause a power outage in Ukraine in as many years. The incident was far from catast (more...)

The Risks of Voice Technology

These days, voice technology is everywhere. Voice-enabled digital devices and virtual assistants from Amazon, Apple, Google, Microsoft and others can answer a question, provide a weather report, turn up the thermostat or even order a pizza. Businesses are using voice technology to improve call center performance, verify customer account informatio (more...)

Enhancing Security with Big Data Analytics

Security information and event management systems have long been the foundation for many organizations’ information security programs. While they remain an essential part of ensuring and maintaining strong cybersecurity, they need improvement to meet the demands of today’s rapidly evolving threat landscape. Security information and eve (more...)

Managing the New Dynamics of Terrorism

Terrorist attacks in mainland Europe and the U.K. over the past few years have impacted the way individuals and businesses view travel to these destinations previously considered “low risk.” Images of gunmen in central Paris, knife-wielding extremists in London, and high-casualty bombings in Belgium are just a few of the events that ha (more...)

Alternative Energy Strategies

Businesses in the United States are getting serious about using less energy, acquiring their energy from renewable resources and installing onsite generators to address potential risks, according to the Deloitte study Energy Management: Sustainability and Progress. While the primary motivation for businesses to launch an energy resource management (more...)

Community, Diversity Spotlighted at RIMS Canada

TORONTO—The 2017 RIMS Canada Conference quickly found its groove on Monday morning, kicking off the annual conference with performances by a choir of local schoolchildren and an opening session centered on the theme of community. Focusing first on the RIMS community, the RIMS Canada Council announced its top honors for accomplishment in (more...)

The Strategic Value of Risk Taking

With profound economic, geopolitical, demographic, and technological changes taking place around the world, the business environment is rife with risk and uncertainty, but also opportunity. In such an environment, the need for risk-informed decision making has never been greater. A recent Deloitte survey asked several hundred board members and C-le (more...)

Immersive Technology for Government: Part 1 - Virtual Reality

In many ways, virtual reality (VR) is old hat to the government. Airmen, astronauts, and soldiers have long been putting in time in simulators training for the real thing. While training is a valuable application for this technology, it is not the only one. There are a number of other opport (more...)

Weekly Roundup: September 11 - 15, 2017

Back from a summer hiatus, the IBM Center's Weekly Roundup highlights articles and insights that we found interesting over the last couple of weeks.   Michael J. Keegan Military IT chiefs want combat-ready infrastructure. A streamlined IT infrastructure isn't just efficient, it's essen (more...)

Paying it Forward: Industry Leaders Celebrate at Spencer Gala

Every year in September, leaders in the insurance world celebrate the profession and show their support for the next generation of risk management and insurance professionals. This year, close to 700 executives made their way to the Spencer Educational Foundation’s 9th Annual Gala on Thursday night at the New York Hilton Midtown. Nearly (more...)

RIMS Membership Has a Say in COSO’s New ERM Framework

When Risk & Insurance Management Society (RIMS) members use the new ERM framework published Sept. 6 by the Committee of Sponsoring Organizations of theTreadway Commission (COSO), they may recognize their own ideas prominently displayed. Carol Fox, RIMS vice president of strategic initiatives announced the call for public comment on Risk Managem (more...)

Understanding Cognitive Counter-Fraud, Waste and Abuse

Over the past decade, federal government agencies have made notable progress with respect to combatting fraud and improper payments as part of agency-specific program integrity efforts. Greg Greben, Vice President and Client Group Leader, Federal Civilian & Healthcare Agencies, IBM Global Business Services, authored this article In (more...)

Actionable Cybersecurity Practices for the 21st Century: Perspectives from Experts

A recent meeting of public and private sector experts identified real challenges and practical opportunities for change. The IBM Center recently partnered with the National Institute for Standards and Technology (NIST) and George Washington University Center for Cyber and Homeland Security to convene a set of interactive discussions among (more...)

Post-Harvey Lessons For Chemical Plant Managers

One of the many hazards exposed by Hurricane Harvey occurred in Crosby, Texas, when the Arkema chemical plant suffered fires and small explosions on Aug. 31 and Sept. 1. Floodwaters caused the fires by penetrating the facility and shutting down the cooling systems designed to stabilize 500,000 pounds of highly flammable materials inside. This ultim (more...)

Timing is Everything In Crime Insurance Claims

In current discussion of fraud and crime coverage, emerging cyberrisks and appalling financial schemes grab the headlines, and the direct loss conundrum captivates coverage counsel. While policyholders and their risk managers should of course monitor those issues, they also should remember the basic timing requirements that could undermine otherwis (more...)

Ensuring Your Company’s Disaster Relief Donations Are Well Received

With Hurricane Harvey’s effects being felt in Texas and Louisiana for some time to come, businesses may want to help victims by making corporate donations. Corporate decision-makers should carefully consider ways to contribute, since some recent post-disaster efforts have not helped as intended. Depending on your industry and your company’s size (more...)

The Hunt for Risk Management’s Panda

You may never have heard of Chi Chi the giant panda, but you would almost certainly recognize her image. In 1961, Sir Peter Scott used sketches of Chi Chi to design the original logo for the World Wildlife Fund (now the World Wide Fund for Nature) and, in so doing, created one of the most recognizable and enduring symbols of international conse (more...)

The Psychology of Risk

Over the past several years, psychologists, behavioral scientists and academics have helped to advance our understanding of human psychology and, specifically, how humans respond to high-risk and crisis situations. This research has highlighted how a lack of pre-crisis training and preparation may exacerbate risk and cause unnecessary errors du (more...)

Four Key Cyberrisk Management Questions for Directors and Officers

Courts have historically made it difficult to hold directors and officers personally liable for breaches of fiduciary duties. But as cyberrisk management liability standards evolve, directors and officers increasingly face the risk of personal exposure. In September 2015, following Home Depot’s high-profile data breach that exposed more than 5 (more...)

College Captive Offers Hands-On Experience

According to the U.S. Bureau of Labor, as workers retire or change jobs, in the next five years alone, the insurance industry will need to replace 104,000 insurance agents, 71,900 claims adjusters, 67,400 claims/policy processing clerks, 28,900 underwriters, 8,500 software developers/programmers, 7,500 computer/information analysts, and 6,900 a (more...)

5 Best Practices for IoT Privacy Compliance

According to a January 2017 forecast from Gartner, 8.4 billion internet of things items will be in use worldwide this year—a 31% increase from 2016—to the tune of almost $2 trillion in annual spending on devices and services. As companies create these interactive items, most of which can track consumers, the Federal Trade Commission (FTC)—the g (more...)

Managing Public Sector Auto Risks

Fleets are a serious and growing risk management challenge for public entities. The public sector collectively has the largest vehicle fleet in the United States. With 1.3 million cars and trucks, that sector is even larger than the commercial fleet segment, according to Government Fleet magazine, so the challenges of commercial auto insurance (more...)

Global Risk Concerns

Headline news correlated directly with the top-10 concerns of risk managers globally in 2016, according to Aon’s Global Risk Management Survey. An increase in product recalls and scandals flamed by social media, for example, has raised organizations’ reputational risk exposure in the past few years. “Damage to reputation/brand” is at the top (more...)

Air Traffic Control Modernization: Progress and Challenges in Implementing NextGen, Aug 31, 2017

What GAO Found The Federal Aviation Administration (FAA) is implementing the Next Generation Air Transportation System (NextGen) incrementally and has taken actions to address challenges to implementation. NextGen has enhanced surface traffic operations at 39 of the 40 busiest airports in the United States by providing electronic communications (more...)

Empowering your risk management strategy

This eBook explores five key areas of risk management that can help transform the way in which organisations understand and manage risk. It further provides real-world examples to show how IBM solutions can help you deliver demonstrable business value and achieve your full potential. (more...)

A New Approach to Managing a ‘Classic’ Reputation

A new Coca-Cola-sponsored contest seems to publicly acknowledge its reputational risk, but at a minimal cost that could manage or even reduce it. In early August, the beverage giant announced its Sweetener Challenge, seeking non-employees (preferably scientists or agriculture or nutrition professionals) who can bring the company a “natural, (more...)

Can You Have Too Many Coffee Shops?

The collective mood among Starbucks (SBUX) shareholders may have been dark and intense on Wednesday, following a 1% downgrade of the coffee company’s share price by BMO Capital Markets due to “store overlap.” BMO analyst Andrew Strelzik wrote: “There are now 3.6 Starbucks locations within a one-mile radius of the typical Starbucks in the U.S. relat (more...)

Risk Management Isn’t Just for the Finance Staff

Operational leaders have an opportunity to align resources against their greatest vulnerabilities. (more...)

The ERM Value Connection

Research has shown that enterprise risk management (ERM) adds value. One research paper showed that ERM adds to the value metric called Tobin’s Q. Other award-winning research has shown that ERM enables better decision making. The authors of that research state: “Specifically, as companies implement an ERM process, the new knowledge it provides th (more...)

The Risk of Being Too Delicious

Shockwaves were felt around the wing-eating world last week, when Buffalo Wild Wings announced it will be discontinuing its Tuesday night half-priced wing promotion. According to reports, the franchise’s decision was a difficult one as the promotion was “a major driver of traffic” and “boosted same-store sales” for some locations. Ultimately, th (more...)

Ransomware Ready: How to Prepare for the Day You Get Locked Out

In May, a strain of ransomware known as WannaCry infected more than 230,000 computers in 150 countries, demanding about $300 in the cryptocurrency bitcoin to restore access. Primarily striking Europe and Asia, the attack crippled operations for a wide swath of enterprises, from the U.K.’s National Health Service to German state railways to thou (more...)

A New Method for Measuring Captive Performance

In order to drive operational effectiveness and capital deployment efficiency, leaders of captive insurance companies are increasingly in need of improved methods for performance evaluation and tools that go beyond simple financial ratio analysis or industry benchmarking comparisons. This need includes validation of the risk management program (more...)

Practical Lessons for Managing Cyberrisks

Of all the dangers that consume risk managers’ thoughts, cybersecurity is arguably the most intangible. It is difficult to truly “see” the many factors that can cause breaches or attacks, which often leaves cyberrisk confined to the realm of hypothetical and worst-case scenarios. However, we continue to hear about successful attacks that penetr (more...)

Improving Vendor Risk Management

Evolving and increasing regulatory requirements. Growing vendor inventories. Heightened internal pressures to perform risk management functions. Shifting responsibility and accountability for the actions of vendors. These are only a handful of the challenges and considerations companies face when managing third-party risks. In light of the heig (more...)

Exploring Liability for Exploding E-Cigarettes

Electronic nicotine and non-nicotine delivery systems, more commonly known as e-cigarettes, represent a global market worth almost $10 billion. In the United States alone, e-cigarette sales reached about $4.1 billion in 2016. But as the market continues to grow, reports of exploding e-cigarettes have raised concerns about product safety and lia (more...)

Defense Cybersecurity: DOD's Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened, Aug 01, 2017

What GAO Found Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM) (see table). Also, DOD and congressional committees have identified actions that could mitigate risks associate (more...)

Refugees: State and Its Partners Have Implemented Several Antifraud Measures but Could Further Reduce Staff Fraud Risks, Jul 31, 2017

What GAO Found The Department of State (State) and the United Nations High Commissioner for Refugees (UNHCR) have worked together on several measures designed to ensure integrity in the resettlement referral process. State and UNHCR have established a Framework for Cooperation to guide their partnership, emphasizing measures such as effective ov (more...)

Companies Must Evolve to Keep Up With Hackers

If you ask a CFO if their company’s current cybersecurity strategy is working, it’s very likely that they do not know. While at first they may think it is, because the company’s bank accounts are untouched, an adversary could be lurking in their network and collecting critical data to later hold for ransom—threatening to destroy it if the money isn (more...)

Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, Jul 27, 2017

What GAO Found The Internet of Things (IoT) is the set of Internet-capable devices, such as wearable fitness devices and smartphones, that interact with the physical environment and typically contain elements for sensing, communicating, processing, and actuating. Even as the IoT creates many benefits, it is important to acknowledge its emerging (more...)

Weekly Roundup: July 17 - 21, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending July 21, 2017. Michael J. Keegan White House pushes TBM for IT savings and smarter spending.  Chris Liddell, the president's director of strategic initiatives, thinks the federal government may be spending as much as $200 billi (more...)

Corporate Culture and Risk Management

According to an April New York Times article, “Uber’s core company values included making bold bets, being “obsessed” with the customer, and to “always be hustling.” The company emphasized meritocracy, setting employees up as rivals and overlooking transgressions of its high performers. At its worst, Uber maintained an “unrestrained culture” that h (more...)

Reimagining Enterprise Risk - How Today’s Finance Leaders Can Use Data and Clear Vision to Navigate Risk

This infographic explores the key emerging risk management hazards as well as the four forces disrupting the CFO role. It further explores an opportunity for data-inspired leadership and growth. (more...)

Wildfires Blaze through Western U.S. and Canada

Following a wet spring, at least six western states are now fighting wildfires, which have been intensified by extremely high temperatures, wind gusts and lightening. In northern California, about 4,000 people evacuated and more than 7,000 were told to prepare to leave as fires burned in the Sierra Nevada foothills, about 60 miles north of Sacramen (more...)

Marsh Tracks Top Captive Trends

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and (more...)

How to Know Which NIST Framework to Use

Some agencies are confusing NIST's Cybersecurity Framework with the Risk Management Framework. (more...)

Management Report: Opportunities for Improvement in FHFA's Evaluation of Internal Control over Financial Reporting, Jun 14, 2017

What GAO Found During its audit of the Federal Housing Finance Agency's (FHFA) fiscal years 2016 and 2015 financial statements, GAO identified deficiencies in FHFA's evaluation of internal control over financial reporting. This includes the FHFA Office of the Inspector General's (FHFA-OIG) evaluation of its own internal control over financial r (more...)

5 Strategies to Maximize Your Risk Assessments

While risk assessments enable organizations to understand their business issues and identify uncertainties, the best assessments go further. They prioritize top risks, assign risk ownership, and most critically, integrate risk management and accountability into front line business decision-making. Simply put, “checking the boxes” just i (more...)

Lloyd’s Plans for Post-Brexit Subsidiary

Just one day after the U.K. set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced it was establishing a subsidiary in Brussels, intending to be able to write EU business for the Jan. 1, 2019, renewal season. The new company will write risks from all 27 European Union c (more...)

A complete perspective - Managing and monitoring a single view of concentration risk

This white paper explores managing and monitoring a single view of concentrated risk. It examines the need for tools that can streamline credit risk management systems and create a single enterprise-wide view of risk as an early warning system against future crises. (more...)

Preparing for Brexit

One year ago, few business leaders would have put their money on the United Kingdom voting to leave the European Union. Indeed, the June 2016 referendum has been a wake-up call for corporations, showing that voters still have significant power to a country’s economic future, and that massive, rapid geopolitical changes can happen anywhere. C (more...)

Insuring Against Terrorism

Concerns about political unrest and terrorism continue to be high on the agenda for risk managers of multinational businesses. According to the 2017 Allianz Risk Barometer, these fears ranked eighth among the top corporate perils cited by risk consultants, underwriters, senior managers and claims experts. The most commonly cited concerns were acts (more...)

Cyber and the C-Suite: New Cyberrisk Responsibilities for Chief Risk Officers

How to Use the World Economic Forum’s Cybersecurity Principles A 2017 WEF report outlines best practices for boards and the C-suite to help strengthen an organization’s cyber practices by providing guidance for managing cyberrisks much in the same way that organizations manage enterprise risk. Read more about these 10 steps and how to (more...)

Preparing for an Immigration Crackdown

President Trump has vowed to protect U.S. workers and jobs and it is clear that one way he plans to achieve this goal is by policing immigration compliance. Under the Trump Administration, U.S. Immigration and Customs Enforcement (ICE) will increase worksite enforcement actions against employers, which could involve issuing I-9 Notices of Inspecti (more...)

Contingency Planning for Environmental Spills

Fuel spills and discharges of hazardous materials, pollutants and other regulated materials, even in small quantities, can turn into expensive incidents for spill generators and their insurers. Therefore, the time to prepare for an environmental release is before it happens. Spill preparedness starts with a risk assessment. Companies at risk for e (more...)

Investing in the Insurtech Toolbox

Just a few years ago, the nascent insurtech sector received scant attention from the insurance industry. But with the number of companies in the space growing exponentially, more insurers, intermediaries and risk managers are being forced to take notice. Insurtech refers to the subset of technology startups focused on process enhancements in under (more...)

Put Your Money Where Your Risk Is

Compared to property, plant and equipment (PP&E) assets, the impact of business disruption to cyber assets is 72% greater, organizations value cyber assets at 14% more, and quantify probable maximum loss from cyber assets is 27% higher, according to the 2017 Cyber Risk Transfer Comparison Global Report from Aon and the Ponemon Institute. What& (more...)

Running with Risk

When I was 12 or 13 years old, I ran in my first competitive race, a neighborhood 5K that had been organized around the 40th anniversary of my hometown. I don’t remember my time, but I do know that I came in second in my age group, which, even though there were only three runners in my bracket, seemed pretty cool. I also remember throwing up (more...)

Weekly Roundup May 19, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting. Michael J. Keegan   $500M IT modernization bill passes House. The Modernizing Government Technology Act passed the House of Representatives on a voice vote, but the Senate outlook is less certain. (more...)

Homeland Security: Progress Made to Implement IT Reform, but Additional Chief Information Officer Involvement Needed, May 18, 2017

What GAO Found The Department of Homeland Security (DHS) has fully implemented 28 of the 31 selected Federal Information Technology (IT) Acquisition Reform Act (FITARA) action plans; however, as of December 2016, DHS did not fulfill all aspects of 3 action plans. For example, one action plan is to use an updated process for reviewing troubled p (more...)

North Korea Now Suspected in Ransomware Attack

The massive cyberattack targeting computer systems of businesses, government agencies and citizens in more than 150 countries is now being linked to the North Korean government. Called WannaCry, the ransomware encrypts the victim’s hard drive and demands a ransom to be paid in the virtual currency bitcoin equivalency of about $300. According (more...)

Pentagon Financial Office Not Complying with Improper Payments Law, Watchdog Finds

Five out of six requirements in estimating and risk assessments were missed. (more...)

Navigating Risk Management Around the Globe

Over the past few years, I’ve had the wonderful opportunity to travel the world and visit factories, distribution centers, ports, warehouses, and several offices for the company where I work. Apart from being a great way to see the world, it has also been an opportunity to learn from the ways different cultures see and manage risk. Coming fro (more...)

In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders. Today, risk management is not just recommended, it is considered (more...)

10 Insurance Tips to Help Manage Construction Risk

Construction involves risks that can and should be managed, often by transferring that risk to insurance. The following 10 tips can help in that effort: Remember that the construction contract is the cornerstone of risk management. The contract documents should set forth the risk allocation plan, including additional insured pro (more...)

Ransomware Attacks Increase, With U.S. the Primary Target

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec. “Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangero (more...)

Total Cost of Risk Drops for Third Straight Year, RIMS Finds

Despite the challenges of a slowed economy in an election year, a shifting risk landscape as a result of technological advances, and a slow to negative growth rate in some sectors, 2016 saw the total cost of risk (TCOR) decline for the third consecutive year, according to the 2017 RIMS Benchmark Survey. Even in the face of such uncer (more...)

Risk Uprising: Navigating Today’s Political Turmoil

In March 2016, the Economist Intelligence Unit rated the possibility of a Donald Trump presidency as one of the top 10 risks facing the world—riskier even than the U.K. leaving the European Union, and just as unlikely. Judging impact and probability on a scale of one to 25, with 25 considered the most dangerous, the analysis rated the possib (more...)

The Importance of Financial Disaster Preparedness

Containment of financial loss, regardless of its cause, is a key goal of virtually every organization’s risk strategy, providing a compass for many of the actions taken to avoid, mitigate, transfer and retain risks enterprise-wide. Yet catastrophic events too often result in losses that exceed the expectations of management. Such losses high (more...)

Risk-Based Approaches to Cybersecurity

There has been tremendous progress in the cybersecurity discipline in terms of defining strategy by outcomes rather than the methods used. This is especially apparent in the financial services industry, where frameworks such as CBEST and FFIEC encourage practitioners to not only think about risk-based approaches, but also to understand levels of m (more...)

Using Contracts to Curb Cyberrisks

Organizations frequently share information—some of it sensitive or confidential—with vendors in their supply chain. But many data breaches, such as Target’s 2013 breach that exposed the financial data of 40 million customers, have resulted from poor cybersecurity on the part of a vendor. While no organization or vendor can ever b (more...)

Notepad: Risk in Review – May

North Carolina Repeals Bathroom Bill After a year of protest, economic fallout, and the ousting of the governor who signed it, North Carolina legislators repealed the controversial House Bill 2 (HB2), also known as the “Bathroom Bill.” The measure restricted enactment of anti-discrimination policies protecting LGBT citizens and require (more...)

Border Security: Additional Actions Could Strengthen DHS Efforts to Address Subterranean, Aerial, and Maritime Smuggling, May 01, 2017

What GAO Found GAO's analysis of Department of Homeland Security (DHS) data showed that there were 67 discovered cross-border tunnels, 534 detected ultralight aircraft incursions, and 309 detected drug smuggling incidents involving panga boats (a fishing vessel) and recreational vessels along U.S. mainland borders from fiscal years 2011 through (more...)

Unlocking the Power of NIST’s Cybersecurity Framework

In the not-so-distant past, it was hard to get people to think cyber risk management. (more...)

Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference (more...)

And the 2017 RIMS Awards Go to…

PHILADELPHIA—At today’s RIMS 2017 Awards Luncheon, the society issued its top honors for achievement in the risk management and insurance industry. Scott B. Clark, area senior vice president and enterprise risk management consultant at Arthur J. Gallagher & Co., received the society’s most prestigious honor, the Harry and Doro (more...)

It’s a Great Time to Be a Risk Manager

2017 has so far been a wild ride of change. Companies are navigating through a new U.S. administration, Brexit and cyber risks that are more daunting each day. We are bombarded with uncertainty and unchartered waters. Nevertheless, it’s a great time to be a risk manager. This kind of disruption is the reason many of us got into the risk and i (more...)

SSA Disability Benefits: Comprehensive Strategic Approach Needed to Enhance Antifraud Activities, Apr 17, 2017

What GAO Found The Social Security Administration (SSA) has taken steps to establish an organizational culture and structure conducive to fraud risk management in its disability programs, but its new antifraud office is still evolving. In recent years, SSA instituted mandatory antifraud training, established a centralized antifraud office to co (more...)

Protecting Employees in the Face of International Risks

Increasing globalization and the growing world market presents employees with opportunities to travel and experience new countries and cultures. With travel comes risk, however. In the event of an unforeseen incident, it is an organization’s top priority to ensure its employees are safe and out of harm’s way. By following proactive trav (more...)

Elevating Data Risk Management to the Board Level

For years, the security industry has worked to promote cybersecurity as a critical topic for the most senior corporate decision-makers: the c-suite and board of directors. Work remains, but most organizations now realize that data risk management and data-centric security must have board-level priority. That said, for many, data risk management an (more...)

Mitigate Model Risk and Reduce Model-Related Costs

This white paper explores approaches to model risk management and its challenges. The paper provides a solution to help organisations better manage model risk by establishing risk mitigation and cost reduction strategies.. (more...)

Nuclear Security: DOE Could Improve Aspects of Nuclear Security Reporting, Apr 11, 2017

What GAO Found The Department of Energy's (DOE) and the National Nuclear Security Administration's (NNSA) annual reports for 2014 and 2015 on the security of nuclear facilities holding special nuclear material did not fully meet the definition of quality information under the federal internal control standards. These standards define quality in (more...)

Homeland Security Acquisitions: Earlier Requirements Definition and Clear Documentation of Key Decisions Could Facilitate Ongoing Progress, Apr 06, 2017

What GAO Found For the first time since GAO began its annual assessments of the Department of Homeland Security's (DHS) major acquisitions, all 26 programs that were reviewed had a department-approved baseline. During 2016, over half of the programs reviewed (17 of the 26) were on track to meet their initial or revised schedule and cost goals. (more...)

Marine Corps Asia Pacific Realignment: DOD Should Resolve Capability Deficiencies and Infrastructure Risks and Revise Cost Estimates, Apr 05, 2017

What GAO Found The Department of Defense (DOD) has coordinated the relocation of Marines from Okinawa to other locations in the Asia-Pacific region through developing a synchronization plan and organizing working groups. However, DOD has not resolved selected identified capability deficiencies related to the relocation of Marine units; training (more...)

Why Do M&As Fail?

Snapping up rivals or merging with powerful competitors to create mega-companies that dominate markets has long been a strategy for business growth, and nothing excites financial markets more than news of large deals. But there is a catch: Most mergers fail. In fact, McKinsey estimates that around 70% of mergers do not achieve their expected (more...)

Flaws in the Data

Given the avalanche of information that has become available to ­businesses over the past several years, data-driven decision-making (DDDM), the practice of basing business decisions on data analysis rather than intuition, has become a critical tool to help organizations reduce risk, avoid costly mistakes and take advantage of opportunities. D (more...)

New Rules for Absence Management

A variety of regulations regarding the rights of employees with disabilities have spurred employers to reassess workers compensation and return-to-work programs. In addition to actions by the Equal Employment Opportunity Commission (EEOC) that have resulted in high-profile, multi-million dollar settlements, employment law changes have underscored (more...)

Oroville Dam Highlights Infrastructure Risks

The near-collapse of the Oroville Dam in northern California in February could have been catastrophic. Communities as far as 100 miles downstream from the dam were at risk of flooding that could have resulted in $21.8 billion in structural damages, according to Risk Management Solutions. What’s more, a bad situation would have been made wors (more...)

The Real Risks of Fake News

Fake news is nothing new—we have long been exposed to propaganda, tabloid news, and satirical reporting. But now, with the dependence on the internet, promotion of trending stories on social media, and new methods of monetizing content, we have found different ways to relay information without using traditional media outlets. A single story (more...)

W-2 Phishing Scam Targets Tax Season

In February, the FBI issued an official warning to businesses about a new form of tax season scam in which fraudsters use social engineering attacks known as business email compromise (BEC) or CEO fraud to target W-2 forms. In the cases submitted to the Internet Crime Complaint Center, attackers spoofed or hacked the email account of a company&rsq (more...)

Q&A: Bridging the Gaps at PayPal

For Laura Langone, senior director of global risk management and insurance at PayPal, risk management is all about bridges. As PayPal has made a practice of bridging the banking, retail and technology sectors, Langone’s approach to insurance coverage focuses on manuscripting to bridge traditional industry verticals. Underwriting innovation d (more...)

Lloyd’s to Establish EU Base in Brussels

One day after the UK set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced that it has chosen Brussels as the location for its European Union subsidiary. A market of syndicates in London, Lloyd’s said its intention is to be ready to write business for the Jan. 1, 2019, renewal seaso (more...)

Identity Theft Services: Services Offer Some Benefits but Are Limited in Preventing Fraud, Mar 30, 2017

What GAO Found Identity theft services offer some benefits but have limitations. Credit monitoring helps detect new-account fraud (that is, the opening of new unauthorized accounts) by alerting users, but it does not prevent such fraud or address existing-account fraud, such as misuse of a stolen credit card number. Consumers have alternati (more...)

DOD Major Automated Information Systems: Improvements Can Be Made in Applying Leading Practices for Managing Risk and Testing, Mar 30, 2017

What GAO Found Most of the 18 selected Department of Defense (DOD) major automated information system (MAIS) programs that GAO reviewed had experienced changes in their planned cost and schedule estimates and half of the programs had met their technical performance targets. Specifically, 16 programs experienced changes in their cost estimates r (more...)

Defense Acquisitions: Assessments of Selected Weapon Programs, Mar 30, 2017

What GAO Found Since GAO's 2016 assessment, the number of programs in the Department of Defense's (DOD) portfolio of major defense acquisitions decreased from 79 to 78, while DOD's planned investment over the life of these programs increased by $9.4 billion to $1.46 trillion. GAO observed mixed performance in the portfolio this year. For exampl (more...)

Private Deposit Insurance: Credit Unions Largely Complied with Disclosure Rules, but Rules Should Be Clarified, Mar 29, 2017

What GAO Found About 2 percent of credit unions (125) have private deposit insurance, which is provided by one company—American Share Insurance (ASI). Regulatory and other assessments have suggested that ASI's reserves have been adequate and that the company has had a strong ability to cover present and future losses for the credit unions (more...)

Information Technology: Implementation of IT Reform Law and Related Initiatives Can Help Improve Acquisitions, Mar 28, 2017

What GAO Found The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 to improve federal information technology (IT) acquisitions and can help federal agencies reduce duplication and achieve cost savings. Successful implementation of FITARA will require the Office of Management and Budget (OMB) and feder (more...)

Defense Acquisition Workforce: DOD Has Opportunities to Further Enhance Use and Management of Development Fund, Mar 28, 2017

What GAO Found The Department of Defense (DOD), enabled by congressional action, has improved the timeliness of the funding process for the Defense Acquisition Workforce Development Fund (DAWDF). For fiscal year 2015, DOD was authorized to transfer expired funds, which allowed it to fund DAWDF in 2 months. In contrast, for fiscal year 2014, DOD (more...)

Grants Management: Corporation for National and Community Service's Grant Monitoring Process Could Be Improved, Mar 28, 2017

What GAO Found The Corporation for National and Community Service (CNCS) process for monitoring grants is not fully aligned with federal internal controls (see fig.). Risks may go unidentified because CNCS’s assessment process does not include all grants in the year they are first awarded; its scoring model does not assign the riskiest gr (more...)

Accounts Receivables Coverage Helps Fill Supply Chain Gaps

It is standard for companies to insure and protect cash, inventory, property, plants and equipment, and more recently, data. Companies are insuring every step in the supply chain and sales process from concept to delivery. What is often not insured, however, is the last but most important part of a sales transaction—getting paid. You can safe (more...)

Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview (more...)

Aviation Certification: FAA Has Made Continued Progress in Improving Its Processes for U.S. Aviation Products, Mar 23, 2017

What GAO Found The Federal Aviation Administration (FAA) has made progress in addressing two rulemaking committees' recommendations regarding its certification process and the consistency of its regulatory interpretations. FAA has completed 13 of 14 initiatives for addressing the 6 certification process recommendations. For example, 5 of th (more...)

Immigration Status Verification for Benefits: Actions Needed to Improve Effectiveness and Oversight, Mar 23, 2017

What GAO Found The Department of Homeland Security's (DHS) United States Citizenship and Immigration Services (USCIS) has taken steps to assess the accuracy of the information reported by its Systematic Alien Verification for Entitlements (SAVE) system. For example, since 2014 USCIS has conducted monthly checks to ensure SAVE is accurately repo (more...)

Veterans Health Administration: Actions Needed to Better Recruit and Retain Clinical and Administrative Staff, Mar 22, 2017

What GAO Found Challenges in recruiting and retaining both clinical and human resources (HR) employees along with weak HR-related internal control practices are undermining the Department of Veterans Affairs' (VA) Veterans Health Administration's (VHA) ability to meet the health care needs of veterans. In July 2016, GAO found that VHA losses (more...)

The financial paradigm shift – The risk management and performance challenge

This white paper examines how well firms are managing portfolios given the data, tools and techniques they are currently using, as well as their level of preparedness for sudden shifts in the investment landscape. (more...)

Grants Management: Monitoring Efforts by Corporation for National and Community Service Could Be Improved, Mar 21, 2017

What GAO Found The Corporation for National and Community Service (CNCS) assesses its grants before the beginning of each fiscal year and prioritizes its grant monitoring based on the scoring of certain indicators, such as potential performance or financial problems and the length of time since the last compliance visit. For fiscal year 2015, C (more...)

RIMS Conference Veterans Offer Advice to First Time Attendees

Last week a member of the RIMS Opis online community asked an important question: “What advice can RIMS Annual Conference & Exhibition veterans give to someone attending the show for the first time?” Luckily, the risk management community rushed in with some sage advice. First and foremost, several people pointed out how helpful the (more...)

Third-Party Risk Management - How to successfully mitigate your organisation's third-party risk

This white paper addresses organisational approaches to third party risk management and due diligence. The paper is full of insight, advice and examples to help organizations recognize and address their third-party risk. (more...)

Weekly Roundup for March 6-10, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending March 10, 2017. John Kamensky Kickstarting Data-Driven Government.  Stephen Goldsmith and Katherine Hillenbrand write in Governing that cities are increasingly making data-drive (more...)

Food Defense Initiatives Can Safeguard Your Company

When most people think of product contamination and recalls, the first thing that comes to mind is food poisoning cases from bacteria such as e-coli and listeria. Food and drug companies, however, are experiencing malicious and intentional product tampering that can be equally deadly and dangerous. Many of us can’t forget the 1982 cyanide Tyl (more...)

International Women’s Day: Risk Management Issues to Watch

A 2013 piece on the role of women in risk management remains the most controversial article we’ve ever run in Risk Management magazine and the one that received the most comments and letters to the editor, hands down. Many of those reader comments were…let’s just say less than kind or receptive. Today, International Women’s (more...)

Applying Risk Management Strategies to Reduce Improper Payments

This report continues our long interest in risk management with a specific focus on employing risk management strategies to reduce improper payments at the U.S. Department of Labor’s (DOL) Unemployment Insurance (UI) program. Federal agencies make more than $2 trillion in payments to in (more...)

Operational risk in financial services – Navigating risk management challenges in an uncertain world

This research analyses the findings from a recent survey that polled senior risk, compliance and legal professionals about current trends in risk management and governance. The paper addresses the emerging regulatory, risk and technological threats affecting many of today’s organisations. (more...)

Weekly Roundup: February 6 - 10, 2017

Articles from across the Web that we at the IBM Center for The Business of Government found interesting for the week of February 6 – 10. Ethical Hacking.  Federal News Radio reports: “The federal market for “white hat” hackers continues to grow. Not only are ethi (more...)

Moving Forward on Cybersecurity

The President promises to beef up cybersecurity efforts. Press reports on a draft Executive Order from the Administration parallel campaign commitments to launch an immediate review of all US cyber defenses by a Cyber Review Team comprised of individuals from the military, law enforcement, and private sector. (more...)

Liquidity Risk Innovations for Competitive Advantage - Battling the Build vs. Buy Dilemma

This white paper explores how organisations can enhance liquidity risk management through innovation and examines the build vs buy dilemma. (more...)

Weekly Roundup: January 9-13, 2017

The IBM Center's Weekly Roundup highlights articles and insights that we found interesting for the week ending January 13, 2017. Michael J. Keegan Obama appointee to lead VA under Trump. Dr. David Shulkin, the Department of Veterans Affairs current undersecretary for health, was tapped by Pr (more...)

Weekly Roundup: December 12-16, 2016

Articles from across the Web that we at the IBM Center for The Business of Government found interesting, week of December 12-16, 2016. John Kamensky New Volcker Alliance Report: What Americans Want from Government.  The Volcker Alliance report, by Dr. Paul Light, says: “Americans (more...)

Enterprise Risk Management: Selected Agencies' Experiences Illustrate Good Practices in Managing Risk, Dec 01, 2016

What GAO Found Enterprise Risk Management (ERM) is a forward-looking management approach that allows agencies to assess threats and opportunities that could affect the achievement of its goals. While there are a number of different frameworks for ERM, the figure below lists essential elements for an agency to carry out ERM effectively. GAO review (more...)

Third Party Risk Management: Put data & insights into your work today

This report analyses various organisational approaches to third party risk management and due diligence. The report further discusses the top challenges to third party risk management programs. (more...)

September 30, 2016, letter commenting on COSO's June 2016 Exposure Draft, "Enterprise Risk Management: Aligning Risk with Strategy and Performance", Sep 30, 2016

This letter provides the U.S. Government Accountability Office's (GAO) responses to the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management: Aligning Risk with Strategy and Performance exposure draft. GAO promulgates generally accepted government auditing standards and Standards for Internal Control (more...)

Special Report - FY 2016 Purchase Card Risk Assessment

Special Report - FY 2016 Purchase Card Risk Assessmentl (more...)

Enterprise Risk Management - Whitepaper

Enterprise Risk Management - Whitepaper, September 10, 2015 (more...)

Anticipating and Managing Risk in a Dynamic Environment, Sep 16, 2012

This is a Comptroller General presentation delivered to the Federal Enterprise Risk Management Summit in Arlington, Virginia on September 17, 2012. Major topics of this presentation include mission goals for strategic planning framework, threats confronting U.S. national security interests, cybersecurity, fiscal sustainability and debt challenges, (more...)

Presidential and Congressional Transition > Management Agenda > Improve Federal Performance to Better Achieve Results >Implement Enterprise Risk Management, Dec 31, 1969

Federal leaders manage complex missions such as protecting Americans from public health and security threats, building and managing safe transportation systems, and maintaining a safe workplace. Risk is any uncertainty with the potential for a negative outcome or challenge or a positive outcome or opportunity. (more...)