Tag Archives: data analytics

Immediate Vault Immediate Access

RIMS TechRisk/RiskTech: Using Cyberrisk Analytics to Improve Your Cyber Insurance Program

Posted on by

As ransomware continues to spread and payment costs increase, cyber insurance rates have gone up exponentially. As a result, it is more important than ever for companies to understand their cyber vulnerabilities and exposures so they can ensure they are properly covered. One way to do this is through analytics.

online pharmacy mobic with best prices today in the USA

In a presentation at the RIMS TechRisk/RiskTech virtual event, Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, outlined some of the key data that can help companies get a full view of their risk.

According to Stransky, there are five categories of data that are most important to determining your risk profile. Much of this data is in publicly available datasets that insurers already consult, so it is important that you have a handle on this information as well so you know how underwriters and other outsiders are viewing you:

  1. Firmographics: company demographics like revenue, employee count, industry, location, and company hierarchy
  2. Historical incidents: past breaches and insurance claims
  3. Technographics: a company’s external cybersecurity posture including the presence of firewalls, open ports, frequency of system patching, as well as internal cybersecurity practices like password management and data encryption
  4. Scoring: combines firmographics, historical incidents and technographics into a single number that designates the level of vulnerability
  5. Loss modeling: brings all elements together to predict the likelihood and cost of an event

Armed with this data, companies can take steps to make it easier to access optimal cyber insurance coverage and better insurance pricing. These could include improving your security and claims posture by addressing potential cybersecurity gaps, updating incident response plans, and identifying vendor partners to help improve security posture or respond to incidents. Companies can also explore policy structure options in terms of different program components (limits, attachment, coverage, risk retention, etc.

online pharmacy isofair with best prices today in the USA

) and consider alternative terms and conditions.
online pharmacy robaxin with best prices today in the USA

Finally, it is important to provide robust underwriting data by using assessment tools to minimize the need for supplemental applications, preparing for additional questions from underwriters, and highlighting significant cybersecurity updates and improvements over the past year.

In particular, companies should focus on what Stansky called the top 12 cybersecurity controls for risk mitigation, resilience and insurability:

  1. Multifactor authentication (MFA)
  2. Endpoint detection and response
  3. Secured, encrypted and tested backups
  4. Privileged access management
  5. Email filtering and web security
  6. Patch and vulnerability management
  7. Cyber incident response planning and testing
  8. Cybersecurity awareness training
  9. Hardening techniques, including remote desktop protocol mitigation
  10. Logging and monitoring/network protection
  11. End-of-life system replacement
  12. Vendor/digital supply chain risk management

For those that missed RIMS TechRisk/RiskTech, you can register and access the virtual event here. Sessions will be available on-demand for the next 60 days.

Detecting and Confronting Procurement Fraud

Posted on by

Accountancy firm Crowe and credit rating company Experian have said that large enterprises and governments experienced 59% of procurement fraud in the United Kingdom, costing them $120 billion (£89 billion) collectively. It is estimated that over $2 trillion (£1.6 trillion) total is lost each year due to procurement fraud, or 4-8% percent of an organization’s procurement spending. This figure dwarfs other areas such as corporate tax avoidance, where HMRC estimates that $94 billion (£70 billion) was avoided between 2011 and 2015.

The main difference is that procurement fraud is so varied that it makes it virtually impossible to detect. More importantly, procurement fraud is difficult to detect because it is often embedded in a genuine expense. For example, when a construction contractor submits an invoice for 100 hours of work in a week, eight of those hours may be fraudulent. This may seem negligible, but when you consider that every purchase in an organization can include an element of fraud, the scale of the problem becomes clear. It is not just about the financial loss; there are many reputational issues too.

Why Procurement Fraud? 

There are two main reasons: greed and opportunity. In terms of motive, we see both individuals and groups committing acts of fraud because they want something for themselves. They might be looking for personal gain, or trying to get away from someone else, or simply seeking revenge on a competitor.

Several studies have shown that around 50% of fraudsters are motivated by either monetary reward or benefits gained by committing a crime. For example, in 2018, a Massachusetts Bay Transportation Authority (MBTA) procurement official was indicted for receiving over $300,000 in illegal bribes and gratuities from a construction company that performed work for MBTA.

Individuals may also notice a weakness in a business process, as trivial as a broken approval process, that allows for invoices to be paid to existing suppliers without checking the outstanding purchase order amount. The problem is that weaknesses can surface at virtually every step of the procurement lifecycle, across the entire supply chain. Additionally, fraud often occurs when suppliers become close with an individual with authority inside an organization that can provide undetected access. Fraudsters see an opportunity to profit from weaknesses and begin exploiting them.

What Can Be Done?

Here are three ways to help your business become less vulnerable to fraudulent activity:

1. Use data analytics tools: Data analytics tools give you access to information about how well suppliers perform against agreed standards. You can use this information to identify potential risks early on, which could save your company millions in wasted spending.

2. Choose suppliers carefully: The larger and more complex your supply chain, the greater the risk for procurement fraud. If you buy goods and services from many suppliers, you should try to choose suppliers based on quality rather than price. Quality is not always reflected in the cost, but this means you need to be wary of the cheapest option. Using data to draw definitive conclusions about a supplier’s performance is a good way to remain objective when selecting.

3. Create a robust process: It is important that have a robust supply chain management process in place. You should be able to trace back how a supplier was added to your supply chain, the selection criteria for any awarded contracts, their ongoing financial standing, and the people involved in managing the relationship.

RIMS ERM Conference 2021: Integrating Net Zero Commitments into ERM Plans

Posted on by

In a session titled “Integrating Net Zero Commitments into ERM Plans” at the RIMS ERM Conference 2021, Michelle Tuveson, executive director of the Cambridge Centre for Risk Studies, led an interactive session focused on how risk managers were handling their companies’ emission reduction pledges and efforts. Tuveson told the audience that while one-third of companies in G20 countries had signed onto “net zero” commitments—promises to eventually eliminate their companies’ carbon emissions completely—it is unclear how much analysis went into these pledges. As countries around the world start to require emission reporting, this lack of analysis (plus a lack of data to assess progress) is a major concern for these companies’ risk managers.

buy azithromycin online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/azithromycin.html no prescription pharmacy

The audience seemed to back up this assertion.

buy augmentin online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/augmentin.html no prescription pharmacy

Tuveson conducted a live poll, which revealed that most attendees felt that their industries were on the less prepared side for net zero developments and that their ERM and net zero plans were not very integrated. When asked which group was most driving their companies’ climate action, most answered that it was investors/rating agencies (31%), followed by the board and executive management (20%), consumers (17%), and peer companies (11%).

Tuveson was joined by Joerg Osterloh, director of enterprise risk management at Coca-Cola Europacific Partners, who outlined the company’s net zero activities.

buy albenza online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/albenza.html no prescription pharmacy

With a commitment to be net zero by 2040, it had already reduced emissions across the company by 30% by 2019. The company was prioritizing this effort partially because it saw climate change risks “front and center,” impacting all aspects of its supply chain.

Osterloh credited a strategy that included analyzing how much emissions each sector of the company’s business produced, then strategically addressing each. For Coca-Cola Europacific Partners, the most emissions came from drink packaging, which was not as easy to reduce as other categories like operations and supply cooling. Overall, Osterloh noted the importance of being fully transparent in the company’s net zero activities and its advocacy to influence public policy on transitioning to a low carbon future. He also stressed investing now in new technologies, rather than waiting for those technologies to mature.

At least some risk managers and their companies may already be following this advice. In a final poll, most audience members said that the focus of their companies’ net zero strategy was substituting renewable power (26%), followed by greening supply chains (19%), adopting new technologies (18%), altering products and services (15%), and purchasing carbon offsets (9%).

If you missed this session, it and many of the other sessions at RIMS ERM Conference 2021 can be viewed on-demand online.

New AMRAE Survey Explores RMIS’ Global Market Trends

Posted on by

Recently, the Association for the Management of Risk And Insurance of Enterprise (AMRAE) and EY jointly released the 11th edition of the RMIS Panorama, offering an in-depth look at the organizations and professionals who are using risk management information systems (RMIS), how well they have adapted, and guidance for those seeking their first or newest framework.

After surveying 570 risk managers and 36 vendors from more than 30 countries, Panorama’s authors note the top reported benefits from RMIS were the ability to spend more time analyzing (and not collecting) data, harmonizing practices and reducing silos. Of those who have adopted these systems, 47% are in the industry and services sector, followed by 31% in banking and insurance and 12% in the public sector.

Some other key takeaways from the report include:

  • 54% of risk managers already use an RMIS and report a 71% satisfaction rate.
  • Though a majority of risk managers said they wish to keep RMIS costs at less than €300,000, last year marked the first increase for RMIS budgets totaling more than €1 million (approximately $1.12 million). This trend was largely driven by activity in North America, and a 2% increase is projected for 2019.
  • Ease-of-use is still the main criteria for selecting an RMIS tool. The market is seeing an increasing demand for “ergonomic and advanced reporting” within the solution.    

According to the report (which can be found here in both English and French), there has been a 60% year-over-year increase in RFP solicitations for RMIS from the international risk management community since 2013. Francois Beaume, AMRAE vice president and VP of risks and insurance at Sonepar, said he expects the trend to continue and noted that the report can serve as impartial guidance to help risk professionals find the right RMIS vendor and system for their organization.

online pharmacy isofair with best prices today in the USA

The report also offers insight on best practices around the RMIS lifecycle from the original requirement design phase to the change management program following implementation.

“Our approach is based on two critical pillars – objectivity and neutrality,” Beaume explained. “As an increasing number of risk professionals seek their first or new RMIS models, they may need help selecting or even adapting them to their own methodologies.”

Panorama also explores the most requested RMIS modules, which range from risk mapping and incidents management to audit. Internal control and audit garnered high satisfaction rates among professionals, both exceeded 80% in cumulatively “meeting” or “exceeding” expectations.

Additionally, the report includes testimonials from six global risk managers on their experiences with RMIS.

online pharmacy avodart with best prices today in the USA

 For example, according to Susan Hiteshew, a RIMS board member and senior director of insurance for the Americas at Marriott International, RMIS systems provide a “one-stop shop for data aggregation, reporting and analysis” that “builds a single source of truth when making decisions.”

To fellow risk managers starting the process, Hiteshew advised, “Rather than reproducing work within the system, companies undergoing an implementation must begin with the end in mind and work backward to build and validate processes to realize the full RMIS value. This helps minimize the execution risk that can materialize and offset the system’s advertised value proposition.

online pharmacy lariam with best prices today in the USA

Francois Beaume was recently a featured guest on RIMScast to discuss the Panorama‘s findings and international market trends. Download the free podcast episode here