2015 Extreme Weather Events in Review

From hurricanes to hail to droughts to tornadoes, 2015 was a busy year for extreme weather events. Drought in California continued to worsen, increasing the risk of wildfires. While record rainfall in Texas and Oklahoma alleviated drought, it caused severe flash flooding in Texas. There have been 25 Category 4-5 northern hemisphere tropical cyclones—the most on record to date, breaking the old record of 18 set in 1997 and 2004.

The Insurance Information Institute reported that insured losses from natural disasters in the United States in just the first half of 2015 totaled $12.6 billion—well above the $11.2 billion average in the first halves of 2000 to 2014.

Interstate Restoration provides a look at 2015 weather events:


Boards Still Lagging on Gender Parity

Although women make up nearly half of the workforce in the United States, they represent only 16.9% of board members, according to Catalyst’s “Women on Boards.” Norway tops the list with 40.5%, followed by Sweden with 27% and Finland with 26.8%. Japan, Qatar and Saudi Arabia, meanwhile, are at the bottom of the list with 1.1%, 0.3% and 0.1%, respectively.

Mary Jo White, who chairs the U.S. Securities and Exchange Commission board addressed the issue of board parity global-banner-sealin her remarks to the Women’s Forum of New York on Nov. 19.

White said:

We all have indeed come a long way since 1974. Today, women receive more than half of all bachelors’, masters’ and doctorate degrees, and more than a third of MBAs. Women are approximately half of the total workforce and half of all managers. But there remain areas stubbornly resistant to the progress that objectively should have already occurred. One in the legal profession is the percentage of women who are equity partners at law firms—18%. That number has only increased 2% since 2006, and we had achieved 12.9% back in 1994. Another resistant area is the financial arena—we now account for 29% of senior officials in finance and insurance, and no woman has, for example, ever been CEO of one of the 22 largest U.S. investment banks or financial firms. A third critical area that has been a particular priority for the Women’s Forum of New York is the focus of today’s event: gender diversity in U.S. boardrooms.

Let us be clear at the outset, this is not a pipeline issue. We are here—in numbers, and we are qualified—in numbers. And yet, there are comparatively very few of us in corporate boardrooms—17.5% in Fortune 1000 companies and 19.2% for the S&P 500.

She noted, “As a growing body of research confirms, it is smart business to have your board diversified to reflect the marketplace and benefit from broader perspectives. It is also the right thing to do.” White added that only 3% of Fortune 1000 companies have boards where women make up at least 40%. She recommended that companies keep “a laser-like focus” on gender parity and “reject any notion that there is a shortage of highly qualified candidates.”

According to Catalyst:

Board seats 1Board seats 1-a

Vendor Risk Management: The Full Definition

cyber partners

Vendor risk management (VRM) is the practice of evaluating business partners, associates, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is an important concept and practice to put in place during the evaluation of your vendors and the procurement process.

A key feature of VRM is understanding your vendor’s cybersecurity program. This allows you to understand how well they’re going to be able to secure your data, both from a physical and cyber perspective. VRM helps ensure that your vendors have a contractual obligation for specific requirements and standards, therefore mitigating your organization’s risk.

There are a number of risks vendors can bring to your enterprise, including:


There are many legal risks associated with sharing sensitive information with third parties. For instance, if your vendor is breached and you lose your customers’ personally identifiable information (PII) like social security numbers or health care records, the law clearly states that you are responsible—not your vendor. Or, if you fail to spell out security expectations in your vendor contract, you may have no legal recourse whatsoever if your vendor compromises your data.


So much of vendor risk management is based on reputation. You are able to ask a lot of questions at the beginning of the vendor procurement process that may help you weed out the businesses you’d rather not work with, but you should also be monitoring news feeds during the procurement process. You, of course, would want to know if a business associate has been hit with a lawsuit during the time you were engaged with them and how that could affect the performance of their contract with you. And don’t forget about the reputational harm that could affect your company if your customers’ sensitive information is stolen due to an unsecure vendor.


If a vendor has a poor financial record or past performance, you’ll want to know that information before engaging in a business relationship. That’s why a lot of companies do credit monitoring for their vendors. You’ll also likely want to ask other organizations who have previously done business with the third party in question for references. This way, you’ll be able to clearly evaluate the vendor’s project plan and all the different things they’re planning to do before entering into a contractual relationship.


Of the various risks a vendor poses, there are some things you need periodic updates on, which are relevant only at certain points of a business relationship. If you’ve established a vendor’s credit worthiness at the beginning of the process, for example, you’ll likely feel quite comfortable about their financial standing during the rest of the process. This is a good example of how some elements of vendor risk do not require continuous monitoring. Cyberrisk, however, is not quite as simple.

Cyberrisk is unique in that things can happen on a moment’s notice which could catastrophically damage your organization. You simply cannot rely on periodic or infrequent snapshots and assessments of your vendor’s health to understand cyberrisk. The thing that makes cybersecurity “special” is that it can pose financial, reputational, and legal risks.

It’s important to understand that cyberrisk management doesn’t end when your vendor signs a contract. Managing vendor cyberrisk requires persistent awareness of how the vendor is doing with your security expectations. You have to know at all times whether they are accessing your network in an unauthorized manner, or if your most important data could be jeopardized by their actions. Any slip-up or incident may have a catastrophic impact on your business (and lead to some pretty embarrassing headlines).


Some losses from “traditional risks” can be recuperated easily and quickly. If a food and beverage vendor doesn’t show up one day to cater a meeting, you’re only dealing with a limited amount of loss. Or, if a vendor doesn’t complete a project to your expectations, there are reasonable steps you can take to remedy the situation without dramatically impacting the bottom line.

But if someone hacks into your corporate network through a vendor and steals your most precious data, the outcome could be catastrophic. Your reputation can be damaged irrevocably, financial losses can be huge, and legal liability may be hard to transfer to your vendor. This is why vendor risk management—and especially IT risk management—is not something to be taken lightly. All angles must be examined with every vendor, both large and small.

Avoid Corruption in Holiday Gift-Giving

With Thanksgiving and the holiday season upon us, gift-giving and compliance can be an issue for global companies, especially since more than 20% polled by Deloitte said their companies don’t assess the corruption risk of employee gift-giving.

While 20.4% of respondents don’t assess employee gift-giving corruption risk, more than 43.4% expect anti-corruption enforcement to rise in 2016, moneyaccording to a recent Deloitte poll of more than 1,600 professionals.

“As generous as the holidays make many feel, giving gifts that could be seen as bribes to non-U.S. government officials can result in fines, regulatory action and brand damage for multinational organizations,” said Bill Pollard, Deloitte Advisory partner at Deloitte Financial Advisory Services LLP. “Now is the time to conduct gift-giving compliance training and increase efforts to help ensure anti-corruption compliance through the holiday season. As global enforcement continues to increase, take a note from regulators and make sure your corporate records around travel, gifts and entertainment are transparent and show no ‘corrupt intent’—particularly when out-of-country government officials are recipients.”

The poll results found that anti-corruption policies for giving gifts to non-U.S. government officials run the gamut: 18.2% maintain a no-gift policy and provide no gifts to customers, 16.4% give only small company logo items, 15.7% restrict gift value and 6.1% use separate policies for non-U.S. government officials compared to other customers and third parties.

Holiday gift giving-1

The poll also found that 43.6% of companies plan to make improvements, while 12.7% do not and 43.7% do not know.

To uncover irregularities that point to corrupt intent and bribes disguised as gift-giving, some compliance, legal and internal audit teams use visualization and analytics tools. However, just 8.4% of respondents said their organizations effectively use visualization and data analytics technologies to support anti-corruption efforts. A full third of them (33.1%) didn’t use the tools at all.

Holiday gift giving-2

Leading practices to prevent and detect corruption in gift-giving include:

  • Set ground rules clearly — Describe the nature and type of acceptable gifts, payments, travel and entertainment. Escalate all gifts for government officials to compliance for review. Create an approval process with aggregate dollar limits. Define the disciplinary process for non-compliance.
  • Act globally — Ensure that rules are consistent not only with U.S. laws but local laws and customs. Translate that guidance into all appropriate languages in which your organization operates.
  • Keep gifts corporate — Give gifts that feature company logos, reflect the organization’s products and ensure they are intended for official — not personal — use (such as a business card holder).
  • Make gifting inclusive — Give gifts publicly and transparently, and involve teams as opposed to individuals (such as specialty baked goods for a team to share)
  • Prohibit cash or its equivalents, such as gift cards.

“Anti-corruption visualization and analytics tools can help address varied global anti-corruption laws and gift-giving customs, making multi-national anti-corruption management easier than before,” Pollard noted. “Nothing replaces the fundamental value strong anti-corruption professionals, policies and procedures do.”