Tag Archives: board of directors

Immediate Vault Immediate Access

Automating Risk Functions for Greater Value Creation

Posted on by

Despite recent volatility, more than 60% of risk executives surveyed in a recent PwC US Pulse Survey were optimistic about the global economy, as well as the state of the pandemic recovery. This optimism could stem from a greater alignment between risk functions and the business. Fifty percent of risk management executives reported interacting more with the C-suite, and 42% said they interact more with the board level. Nearly half of respondents said that risk functions and capabilities are now embedded in the business operations that are driving transformations.

Risk functions were once considered tactical and reactive, and often seen as a roadblock to business decisions. Infusing risk management into corporate planning allows an organization to think about compliance responsibilities in a proactive and strategic manner—moving risk and regulatory functions from a back-office cost to a competitive advantage. Staying ahead of uncertainties while also bolstering planning with data helps make companies stronger and more resilient.

Many companies spent the last decade overspending on risk management as they attempted to keep up with compliance and regulatory shifts, frequently lagging behind changes in policy. They often invested heavily in new technologies and data collection, but failed to create efficiencies by integrating those systems across largely siloed business functions. The swift onset of the pandemic made many organizations come to terms with the reality that an entire organization didn’t need to be reimagined in order to implement technological transformations, and that there was still a disconnect between many of the piecemeal systems that had been previously put in place.

Now, executives are increasingly seeing the value of risk management as a strategic advantage. It allows companies to grow in areas with less mature risk management functions, like taking on higher risk clients or entering new geographies. More intelligent monitoring also allows for increased efficiencies and reduced compliance costs.

Integrating AI and automation into the investments that have already been made can help streamline the risk management and compliance processes. Many companies still have room for improvement; only 25% of risk professionals said they were implementing new risk management technologies in 2021 and only 19% said it was a priority to integrate risk management tools onto a single platform.

By automating and enhancing risk management functions, organizations can:

  • Strategize for entering new markets. Make more informed decisions about entering a new market by taking into consideration a shifting regulatory environment and increasingly complex supply chains. Taking on high risk customers relies on analytics and transaction monitoring systems in order to identify potential suspicious activity.
  • Increase speed to respond. Automation and technology-led monitoring of policy and negative news helps position companies to respond more quickly to regulatory bodies and head off negative events before they go viral.
  • Allocate costs efficiently. No longer duplicate costs by operating the departments of your business in a siloed fashion. Leverage case management and workflow systems to aggregate control failures or suspicious activity by customer or focal entity, allowing you to evaluate the root cause and apply analysis across multiple control failures.
  • Enter new business partnerships more confidently. Know the risks of a potential business partnership and get deeper insights into the impact a business partner or vendor’s supply chain could have on your business. Vendor risk management and contract analytics technologies can monitor whether business partners are adhering to their terms and conditions.
  • Reduce the impact of new requirements.  Identify the blind spots and shed light on the potential risks within your enterprise system so you can quickly take action early in the process, allowing your organization to avoid fines when implementing new regulatory requirements.

Regulators and other stakeholders are increasingly calling for the organization of risk management functions under one cohesive point of view. By fixing the disconnects and setting a collaborative tone, you give senior executives more cohesive insights and allow them to adopt more extensive views on the organization’s risk profile.

From Westeros to Government and Business, Women Have Less Voice

Posted on by

In the final, contentious season of HBO’s fantasy epic “Game of Thrones,” two powerful queens face off in a battle for control over the entire known world. Meanwhile, other formidable female characters outmaneuver their rivals to command entire kingdoms and (spoiler alert) strike the blow that saves humanity from eternal darkness. But looking solely at on-screen speaking time, you’d never know that women were main characters and, arguably, the show’s driving force. According to Statista, women on the show got just 22% of the speaking time in the last season, and only cracked 30% in one of the show’s eight seasons.

Of course, this kind of imbalance is hardly confined to the fictional world. Recently, Montreal city official Sue Montgomery made headlines for vividly illustrating the issue in the city’s monthly executive committee meetings. Montgomery tracked the difference in the amount of time that men and women spoke by knitting in red when men were speaking and in green when women did. The resulting product is overwhelmingly red with occasional smatterings of green. In response to questions on Twitter about the committee’s gender makeup, Montgomery noted that the committee is far more balanced, comprising 31 women and 34 men.

The concepts of “mansplaining” (when men condescendingly explain something to women) and acknowledging that men often talk over women in both professional and personal settings are now increasingly familiar and more widely discussed cultural issues. In fact, Merriam-Webster officially added “mansplaining” to the dictionary in March 2018. There is even a website called arementalkingtoomuch.com, which helps users track these disparities during meetings or social situations by clicking a button when “a dude” is talking and another when “not a dude” is talking.

A 2017 study by research company Prattle did just that, examining 155,000 business conference calls from the past 19 years, finding that men dominated the meetings by speaking 92% of the time. The study also found that women’s remarks in these meetings largely focused on investor relations staff introductions and not as much substantive contributions. While studies have shown that men far outnumber women in corporate leadership positions, as with the Montreal city meetings, Prattle CEO Evan Schnidman noted that the statistics on talking time do not necessarily correlate to the rate at which men outnumber women in the room. Indeed, Schnidman said, “Male executives provide significantly more verbose answers to analyst questions than their female counterparts.”

Gender diversity in corporate settings is hardly just about optics or legal requirements, it also offers broader benefits for employees and their employers that can pose critical advantages. For example, as discussed in “Pale, Stale and Male: Does Board Diversity Really Matter?” in Risk Management, McKinsey & Company found that companies with higher gender diversity in their board rooms are 21% more likely to have “above-average profitability” than those with lower rates. Efforts focusing on equitable representation particularly continue to lag with regard to women of color, who are the least represented group in every corporate setting except entry-level positions.

However, the cases above indicate that a balance of men and women in the room may not be enough, leading more people to discuss how their companies can promote both diversity and inclusion in their workplaces. In addition to focusing on diversity of those in the room, employers should be taking steps to ensure that they are facilitating a diversity of voices as well. Creating environments that encourage more women to voice their opinions can foster different perspectives and more innovation, and promote employee loyalty, engagement and well-being.

5 Strategies to Maximize Your Risk Assessments

Posted on by

While risk assessments enable organizations to understand their business issues and identify uncertainties, the best assessments go further. They prioritize top risks, assign risk ownership, and most critically, integrate risk management and accountability into front line business decision-making. Simply put, “checking the boxes” just isn’t enough to achieve an organization’s real objectives.

Effective risk assessments can also give organizations a true advantage. Our sixth annual Risk in Review study–comprising viewpoints from more than 1,500 corporate officers in 80 countries—finds that companies shifting risk management leadership and collaboration to the first line of defense are measurably better equipped to succeed. We call these companies “front liners.” While a majority of companies agree that front line decision-making is ideal, somewhat surprisingly, front liners represent only 13% of survey respondents.

Front liners use effective risk assessment strategies to enable revenue and profit growth, while also creating agility to bounce back from adverse events more quickly than their peers. They also outpace the pack when it comes to using risk management tools and techniques (such as a risk rating system or scenario planning).

Based on the study results, here are five strategies you can adopt to gain a front liner advantage:

  1. Put your risk assessments to use in real-time

For true impact, organizations incorporate risk assessment findings into their business decisions. Assessments should be efficient, and actions should be implemented quickly to address immediate challenges. Annual assessments are a best practice, but our study shows front liners have a robust risk culture, conducting regular assessments. Ongoing collaboration across all three lines of defense, reinforced by continuous monitoring, enables the organization to more effectively align business strategies with risk appetite.

  1. Develop actionable guidance and insights for leadership

Effective risk assessments are relevant and actionable. Be sure to interpret risk information and recommend next steps to help management incorporate the findings into their strategic decisions. Make it easy for boards and senior management to understand the key findings by providing thorough insights. Data will mean a lot more if you identify the recommendations, target outcomes and next steps. Gaining the front liner advantage is best achieved by integrating risk guidance holistically into the organization, including planning, growth strategy and investments to M&A, staffing, disaster recovery and crisis management.

  1. Speak in lay terms

Leaders outside the risk management function may perceive risk assessments as an onerous process loaded with abstract language and a heavy focus on negative outcomes. To help leaders see value in these assessments, define the risks, drivers and consequences in familiar terms using meaningful scenarios that are specific to the organization.

  1. Balance automation with the human touch

While automation enables mass data collection, organizations benefit most when risk assessment surveys are combined with facilitated discussions. Gathering important qualitative information, facilitators can bring together multiple viewpoints and encourage productive debate. Pre-reads may also be a helpful tool to level-set on the organization’s strategic objectives and overall risk landscape.

  1. Adopt a realistic view of risk management

It can sometimes be difficult for management to accept the findings of a risk assessment, especially if they believe there is a low probability such events will occur. To support strategic, risk-based decision-making, risk scenario analyses can spur productive discussions about the organization’s overall risk landscape, while dynamic, engaging tools like a risk scenario dashboard can help to draw in even the most reluctant participants.

Following these strategies can help your risk assessments to not only be relevant, but also essential to your organization’s business strategy and growth objectives.

Eliminating Language Barriers Between Information Security and the C-Suite

Posted on by

Whether or not security operations pose a core focus to a company or are an afterthought, the largest obstacle now affecting business and security outcomes is the language barrier that exists between security teams and the C-Suite.

In general, security groups’ budgets have increased over the years, with organizations adding more vendors to the mix, “layering” security with the latest new tool to address the latest threat. One of the newest such tools is “threat intelligence” which organizations are using to form an “intelligence-led security” program, a security operations center, or incident response capabilities. While threat intelligence and other solutions hold the answers to many of the important questions executives ask about cyberattacks, this terminology means nothing to C-level executives, nor does the output from these systems and programs. What does it mean that you have stopped one billion attacks this past month? What impact have the 30 incident responses you’ve run over that same period of time had on the business? What’s the significance to reducing response time from one month to one day?

Executives running and overseeing a company have two primary concerns: increasing revenue and shareholder value. There is a big disconnect between security and the C-suite because they speak two different languages. One is a very technical language that needs a translation layer to explain it to the executives. The other is a very strategic language that needs to be conveyed in a way that makes security part of the team and company, and ensures alignment and participation with the business units and executive suite.

What’s the fix? Communication. Each group has to understand the other at least enough to relay the core concepts as they apply to the other and in a language the other understands. As a first step, some companies are adding a technical expert—a “designated geek,” if you will—to their board of directors so they can work on improving communication and understanding. While that can help, it takes a lot more to make sure priorities, efforts and results don’t get lost in translation.

buy cytotec online thecifhw.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

A Two-Way Street

Executives need to include the chief information security officer or chief technical officer as part of their strategic discussions and make sure that security leadership has the ability to push that communication down to their teams in a way everyone understands. To that end, CISOs and executives need to train their security operations personnel to ensure they understand the business. This starts by asking some critical questions:

  • Does every member of the security team understand what is it that you sell/produce/provide?
  • What are the things your security teams need to watch out for to protect revenue?
  • Many organizations operate large industrial control systems. If your organization has such a system, is your security team aware of this?
  • If your company is moving into the cloud or is about to launch a mobile app, does your security team know about this and have you enabled them to get the right monitoring in place to protect it?
  • Have you involved the security team as you were designing that new revenue stream, or evolving your business model in some other way, to be sure that security isn’t an afterthought?
    buy amoxil online thecifhw.com/wp-content/uploads/2023/10/jpg/amoxil.html no prescription pharmacy

These are just a few examples of how executives need to think about the enterprise to ensure that security is strategically aligned. It is incumbent on the business to train the security personnel on its priorities so that security teams can look for attacks that are important to the business and take action.

Likewise, security teams need to change how they communicate to the C-suite. Every security team should conduct a stakeholder analysis to identify who needs to be informed of what and when. It all comes down to content, format and frequency. Make sure you have regular communications with not only your peers in security and network operations, but with the business units, risk management, C-level executives, the board of directors, and anyone else in the company that is involved in the day-to-day objectives and operations of the company. The CISO should be the link to make this connection happen, working with executives to establish regular communication.

There is no “right way” to communicate.

buy doxycycline online thecifhw.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

Some executives and boards are more technical than others. Security teams need to take the time to learn what type of communication will be most effective or forever struggle to align security with the business. Sticking with the generated metrics of number of events, alerts and incidents per month has far less impact than an update that contains the “who, what, when, where and why” of a thwarted attack. For example: “We identified and stopped one attack this month from a cyber espionage group targeting our Western European manufacturing facility, which is responsible for $20 million per year in revenue to the company.”

For those in security who feel they can’t deliver such a statement because their security infrastructure doesn’t provide that kind of information about threat actors and campaigns, there is a path forward. Look into creating a program that uses adversary-focused, contextual cyber threat intelligence and make sure you understand enough about your business to know the impact of threats against the various business units. With the communication gap closed, and security and business goals aligned, organizations can become more secure, and profitable.