Articles in category: Governance & Risk
Digitalisation in insurance has become one of the biggest buzzwords in the insurance industry during the last 9 months. We have just completed our Symposium in Barcelona and we hosted a group of more than 50 CIOs and IT executives from insurance during a digitalization workshop. We discussed different expectations and experiences with them and it became obvious that the definition of digitalisation varies considerably in the industry.(Read Full Article)
2030 is not that far off – just 18 more year -ends and budgeting cycles away – and we can already see some of these predictions coming to bear so what PWC suggests is more a continuation of current trends rather than a qualitative difference to what we have today.(Read Full Article)
Results of the 2013 CFO Survey by Deloitte reveal what is currently top of mind for CFOs – not only in South Africa but also in Botswana, Malawi, Namibia and Zambia. The survey exposes insights into common trends in the behaviour and strategic decisions of CFOs. The results of the survey provide valuable answers to questions like: What are CFOs really worried about? Do CFOs focus more on strategy or performance optimisation?(Read Full Article)
Employees using technology such as a digital tablets I use the word “technology”, but McKinsey prefers “digital” No matter, the consulting firm’s global survey indicates that not only can new technology enable increased revenue, customer satisfaction, and improved processes, but CEOs are stepping up to lead such efforts.(Read Full Article)
When you look at many of the organisational disasters of recent years (such as the Deepwater Horizon explosion, fire, and oil spill that embroiled BP, Halliburton, and Transocean in billions of dollars in cost, even before reputational damage and business disruption), people ask where top management and the board were.
Is it reasonable to believe that the CEO of BP should have known about the risks and potential compliance problems on a single oil rig?(Read Full Article)
It’s a worrying thought, but the biggest threat to your business may not come from external forces such as low-wage competitors in emerging markets, political and economic instability, man-made disasters, industry scandals or even disruptive cyber-threats such as hacktivists. The danger often lurks within.(Read Full Article)
When you look at software to help you with an enterprise risk management program, I find everybody is interested in how well it supports activities like risk assessment, reporting, and remediation.(Read Full Article)
How do you respond to fraud in your organization? Can you spot it ahead of time or as it’s happening? Or do you discover it after the fact, when it’s too late to do anything about it? According to the ACFE’s Report to the Nations on Occupational Fraud & Abuse, the typical organisation loses 5% of its revenues to fraud each year. Applied to the estimated 2011 Gross World Product, this figure translates to a potential projected global fraud loss of more than $3.5 trillion.(Read Full Article)
I have been writing about the need for CIOs and technology executives to step up and demonstrate through their ideas and leadership how technology can be used to transform their organization.(Read Full Article)
GRC is the most worthless term in the vendor lexicon. Vendors use it to describe whatever they are selling and Gartner clients use it to describe whatever problem they have. For seven years I have battled this monolithic term and I fear I’m losing the battle. The alternative is to try to bring some clarity to its usage by defining some boundaries. Here is our published GRC definition, which I like: GRC is neither a project nor a technology, but a corporate objective for improving governance through more-effective compliance and a better understanding of the impact of risk on business performance.(Read Full Article)
Using learning programmes to bridge the gap between knowing and doing. Most organisations have an understanding of what risk management is and why it is important. Some have expended considerable effort in developing and fine-tuning their risk management and governance infrastructure and programmes. However, many organisations are still struggling to realise the tangible benefits...(Read Full Article)
Risk in all its forms is inherent in business, – the preventable risks such as unplanned production downtime or internal fraud, strategic risk such as betting the company on an unproven technology or external risks that are largely beyond our control, but which we should always recognize and take into account in our long range … Continue reading →(Read Full Article)
The latest has the title of Shaping the Risk Oversight Agenda and includes a list of 10 questions board should ask as they consider their oversight of risk management in 2013.(Read Full Article)
In a recent interview I was asked, “what is mobile GRC, and how does it help?” Afterwards, I realized that I had underestimated the potential impact of mobility on governance, risk, and compliance. Years ago, Marshall McLuhan, an early prophet of the electronic age, coined the phrase “the medium is the message.” Many scholars have attempted to interpret this rather enigmatic phrase. My view is that the interpretation is simple and the implications profound.(Read Full Article)
Gene Kim, together with Kim Behr and George Spafford, have published a fun read: “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win“ I strongly recommend signing up for their whitepapers and can tell you that I enjoyed reading the book..(Read Full Article)
A new book called “The Phoenix Project. A Novel About IT, DevOps, and Helping Your Business Win” is a short novel about a fictional company that is much more dependent on IT than the executives understand. When IT starts to go south, so does their business. It’s the story of the different players across IT and the C suite as they work to right the ship and create resilience across the enterprise. The real triumph in this book is that it can be read and understood by both IT and non-IT executives.(Read Full Article)
PwC have published an excellent guide for boards that merits reading not only by board members but also by all those responsible for management of IT, risk management, and internal audit.
Directors and IT: What Works Best suggests a six-step process, what they refer to as an IT Oversight Framework, that I believe should be effective for the majority of organisations(Read Full Article)
SAP announced the SAP Incident Management rapid-deployment ERP solution, which helps customers avoid dangerous and costly workplace accidents. For companies today, reducing incidents that can have a devastating impact on people, profits and the environment is a priority.(Read Full Article)
Control effectiveness opinions are what we expect from auditors. But what does a control effectiveness opinion really tell us? None of us would conclude a glass is half full without knowing how big the glass actually is. The amount of liquid currently in a glass doesn’t tell you anything unless you know how much liquid the glass will hold. Similarly, control effectiveness opinions are often based on knowing only half the facts.(Read Full Article)
The survey showed that 88 percent of financial institutions believe they would lose their competitive edge, 79 percent believe their profits would decrease, and 54 percent believe risk would be increased, if they were operating poor models – for example, flawed or outdated models.(Read Full Article)
Years ago, I worked in a bank. I‘m sure the concept of a “register” came from a banker initially. Banks had registers for everything. One of my jobs was to keep the collateral register postings up to date.
When a customer opened a line of credit, they were required to pledge something, usually marketable securities, as collateral. I posted the collateral in the register and someone else placed the securities in the vault, where they’d stay and gather dust.(Read Full Article)
A new study from PricewaterhouseCoopers stresses the importance of understanding the risks associated with upgrading software systems.
The survey focused on how risk management and controls are integrated into the project effort and what are the lessons from the impact of those integrations. PwC said that the professional services firm strictly produced this survey to see what is happening within the marketplace and to see how organizations and C-suite executives view SAP systems.(Read Full Article)
In this data-driven culture of ours, cyber-crime is all too common and ERP systems are not immune. ERP systems can be attacked from outside the organization as well as inside, and these inside jobs are the easiest ones to overlook. Operating as an authorized user, an employee can obtain access to a storehouse of valuable information.(Read Full Article)