What you need to know to stay current in risk management
Blast off! It’s Thursday July 12th and our first edition of the Feagin Company Weekly Risk Report: What you need to know to stay current in risk management.
Culture – What makes a Chief Risk Officer?
James Lam is often cited as the father of the CRO position, but what’s in the description? For a start, ability to manage the risk profile, set policy and guidance, work with the Board, make recommendations, be independent, chair the oversight committee, and play nice with internal audit. Over 200 CRO positions are up for grabs and experience in insurance isn’t a “must have.” Smart move by RiskLens appointing Lam to their board as an Independent Director. Nick Sanna once again proves he’s out to make a difference, not just a buck.
Compliance – In case you aren’t sick of hearing about GDPR yet
Psssst…..your printers might be hiding GDPR-regulated data. It’s easy to forget that printers collect so much information, but with GDPR now in place, it’s time to re-check those old devices for any PII that could land you a trip to the bank with your favorite regulator for a massive withdrawal. Check your other IoT nooks and crannies while you’re at it.
Cyber Risk – This year’s hot topic… again
It happened a few months ago, but April’s RSA conference was another reminder that the risk world’s focus is on cyber. The buzzwords for the year have been blockchain, machine learning, and GDPR, but cyber risk keeps getting bigger and more expensive. Regardless of organization size and industry, management has to make cyber risk a top priority in this day and age not just to stay relevant, but to stay in business.
Cyber risk has never been more impactful in the UK, according to the Bank of England’s latest biannual survey. Cyber ranked second (alongside geopolitical risk) among major concerns in the financial industry.
Cryptocurrency is the new wave in money laundering, with the first half of 2018 showing three times the amount of stolen cryptocurrency in all of 2017. Consider the attention of regulators piqued.
OneLogin and Cloudflare are collaborating to eliminate the need for VPNs by creating a zero-trust authentication process.
In case you haven’t heard, the SEC has released “interpretive guidance” to help publicly traded companies in preparing disclosures about cybersecurity risks and incidents. Standby, launch sequence initiated for formal regulation… I give it less than 2 years. Just in case you need to brush up on the 8-K, you can find the form here.
Governance – It’s 2018, yet ERM definition still eludes many
“I know what a unicorn is, but I’ve never seen one.” So an executive once said to me when he was opining his view of Enterprise Risk Management. Obviously, he had a bad experience like so many other executives. Google “Enterprise Risk Management” and you get 166,000,000 results in .60 seconds; scroll through the first 30 pages and you still haven’t passed all the results that include “what is enterprise risk management?” No wonder. ADVICE: Don’t overthink it (K.I.S.S.)… Build a solid foundation on the fundamentals of identification, assessment, and communication and then add capabilities as the organization matures. Anyone promoting “utopia” may also sell you a unicorn.
Speaking of unicorns, large consulting firms seem to be driving a narrative that risk appetite and risk culture are the most important priorities to address in risk management lately. Maybe a more important focus should be the ability to actually identify and handle risk. News reports suggest that companies are not identifying and managing the right risks effectively, both internal and external. Perhaps a mentor of mine put it best; “Don’t add a porch when the house is burning down.”
Industry – Movers and Shakers
Wahida Plummer rises above the Wells Fargo stench to be named CIT Group Inc.’s Chief Risk Officer, reporting directly to Chairwoman and CEO Ellen Alemany. Robert Rowe exits and Alemany scores “2” as the number of times she has reshuffled her executive team this year. Bold move on behalf of Alemany and exactly the kind of guts needed to execute a successful turnaround. Message: CIT is taking risk management, compliance, and ethics seriously. Plummer is smelling roses.
Project Management – Perhaps an Enterprise level risk?
Year after year, mid to large businesses lose millions of dollars due to inadequate processes in the area of project management. Perhaps no one feels that more than the Irish: new research shows that one in five recent projects undertaken by Irish companies have failed, costing an average of €580,000. It’s not just the Irish who are down on their luck; there seems to be enough failure to go around (233,000,000 Google results on project failure in .56 seconds). If this were a disease, the CDC would call it a “pandemic.”
Technology – Self-driving cars have hit the road… and pedestrians
You’ve probably heard about the self-driving Uber that hit and killed a pedestrian in Arizona; you may not have heard why it happened. Self-driving cars may be the future of transportation, but with major bugs like these, they remain in the future… for now.
Frameworks – In case you missed it
The Committee of Sponsoring Organizations of the Treadway Commission announced May 24th that it was launching its ERM certificate program. www.coso.org
Speaking of COSO, guess who just supplemented their industry-standard ERM framework? That’s right, COSO’s ERM framework now includes a compendium of real-world examples and advice on how to implement ERM and link it with organizational strategy and performance. The illustrations span numerous industries and sectors, aiming to provide insight for organizations of all types. Supposedly, this addition finally addresses the common “all theory, no practical advice” gripe with the framework.
The Department of Homeland Security is jumping on the risk management wagon, as it was just announced that the DHS is developing a top-down framework for managing risks for critical infrastructure, especially related to Supply Chain.
- Amazon seeking small businesses to deliver packages, providing support and training: bold move
- The World Cup final is this Sunday; don’t miss the biggest game in what is being referred to as the greatest World Cup of all time. No kidding.
- UPS experimenting with partially automated warehouse in France
- TAC security launches AI-based cyber risk platform
- Head of Lockheed Martin pension investments abruptly retires
- Tackling Risk Appetite
- Corporate Governance “golden child”
- NATO Summit aftermath
- Healthcare: CERNER or “bust”
- No unicorns