What is the Second Line of Defense?
Essential to effective risk management, the lines-of-defense model is implicit in COSO’s internal control framework through the control environment, control, activities, monitoring and other components of an internal control system. It provides assurance to the board of directors, as the elected representatives of the shareholders to oversee the organization’s operations on their behalf, that risks are reduced to a manageable level as dictated by the organization’s appetite for risk. Much more than “segregating incompatible duties” and “ensuring checks and balances,” the lines-of defense model emphasizes a fundamental concept of risk management: From the boardroom to the customer-facing processes, managing risk is everyone’s responsibility.
Read More
Topics:
Enterprise Risk Management,
Corporate Governance,
Internal Audit,
COSO,
Audit Committee & Board,
Strategic Risk
Copyright pirates, brand impersonators, patent flouters and trade secret thieves are a major threat to businesses, given their increased aggressiveness towards intellectual property (IP) theft. These, and any other original creative works that have economic value and are protected by law, can be categorized as IP.
Read More
Topics:
Enterprise Risk Management,
Risk Assessment,
Strategic Risk,
Data Security,
Performance Management/Measurement,
Intellectual Property
What is Money?
People may say that “money is the root of all evil,” but is it? It may be best to point out that the original quote is better expressed as, “for the love of money is the root of all evil,” which more properly conveys the idea that money is just a thing and not evil itself, but greed and excessive desire for money can be judged morally.
Enough philosophy – let’s get down to brass tacks. Money is useful.
Read More
Topics:
Enterprise Risk Management,
Risk Assessment,
Investments & Foreign Exchange,
Accounting/Finance,
Cash & Treasury,
Performance Management/Measurement
What is Organizational Alignment Risk?
Organizational alignment is defined as a conscious and systematic coordination and alignment of three powerful and interrelated driving forces: organizational strategy, organizational culture and organizational infrastructure. Organizational alignment is to be mutually supportive and contribute as efficiently and effectively as possible to meet organizational goals and objectives.
Read More
Topics:
Enterprise Risk Management,
Risk Assessment,
Audit Committee & Board,
Strategic Risk,
Performance Management/Measurement
Risk assessment helps identify and document critical business processes and the internal controls within each process. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analysis.
Read More
Topics:
Enterprise Risk Management,
Risk Assessment,
Governance, Risk & Compliance
Corporations today are thinking about how to protect assets. A few of the white collar crime problems include hacking/intrusions (cyber vulnerability), insider/outsider trading (convergence of cyber and financial crimes), the Foreign Corrupt Practices Act (FCPA), spear fishing (email compromise) and economic espionage. They must consider the possibility of internal corruption or external corruption, and environmental factors such as culture and competition contributing to these crimes. As protection, organizations can use cyber security, pen testing and data loss prevention tactics.
Read More
Topics:
Enterprise Risk Management,
Internal Audit,
Internal Controls,
Risk Assessment,
Cybersecurity,
IT Controls
When initiating the project to update its ERM framework, COSO saw opportunities to achieve clarity on several fronts. The updated framework recognizes the increasing importance of the interconnection of risk, strategy and enterprise performance – particularly in conjunction with making important decisions. It begins with an underlying premise that every entity exists to provide value to its stakeholders and faces uncertainty in the pursuit of that value. Therefore, the framework itself focuses on preserving and creating enterprise value, with an emphasis on managing risk within the entity’s risk appetite. The term “uncertainty” is defined as not knowing how or if potential events may manifest themselves in the context of achieving future strategies and business objectives. “Risk” is considered the effect of such uncertainty in the formulation and execution of the business strategy and the achievement of business objectives.
Read More
Topics:
Enterprise Risk Management
Risk oversight and risk management are high priorities on the agenda of most organizations. Here are popular KnowledgeLeader tools that focus on risk management:
Read More
Topics:
Enterprise Risk Management