Author Archives: Carol Fox

About Carol Fox

Carol Fox is vice president of strategic initiatives at RIMS.
Immediate Vault

RIMS and ISACA Release Joint Report “Bridging the Digital Risk Gap”

Posted on by

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by the RIMS, the risk management society®, and ISACA®, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.

Digital enterprise strategy and execution are emerging as essential horizontal competencies to support business objectives. No longer the sole purview of technical experts, cybersecurity risks and opportunities are now a core component of a business risk portfolio.

buy lasix online www.arborvita.com/wp-content/uploads/2023/10/jpg/lasix.html no prescription pharmacy

Strong collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise.

ISACA’s Risk IT Framework acknowledges and integrates the interaction between the two professional groups by embedding IT practices within enterprise risk management, enabling an organization to secure optimal risk-adjusted return. In viewing digital risk through an enterprise lens, organizations can better realize a broader operational impact and spur improvements in decision-making, collabora­tion and accountability. In order to achieve optimal value, however, risk management should be a part of technology implementation from a project’s outset and throughout its life cycle. By understanding the technology life cycle, IT and risk management professionals can identify the best opportuni­ties for collaboration among themselves and with other important functional roles.

IT and risk management professionals both employ various tools and strategies to help manage risk. Although the methodologies used by the two groups differ, they are generally designed to achieve similar results. Generally, practitioners from both professions start with a baseline of business objectives and the establishment of context to enable the application of risk-based decision making. By integrating frameworks (such as the NIST Cybersecurity framework and the ANSI RA.1 risk assessment standard), roles and assessment methods, IT and risk management professionals can better coordinate their efforts to address threats and create value.

For example, better coordination of risk assessments allows orga­nizations to improve performance by iden­tifying a broader range of risks and potential mitigations, and ensures that operations are proceeding within acceptable risk tolerances.

buy arimidex online www.arborvita.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

It also provides a clearer, more informed picture of an enterprise’s risks, which can help an organization’s board as they make IT funding decisions, along with other business investments. Leveraging the respective assessment techniques also leads to more informed underwriting—and thus improves pricing of insurance programs, terms of coverage, products and services.

Overall, developing clear, common language and mutual understanding can serve as a strong bridge to unite the cultures, bring these two areas together and create significant value along the way.

buy sinequan online www.arborvita.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

The report is currently available to RIMS and ISACA members through their respective websites. The report can be downloaded through the RIMS Risk Knowledge library by clicking here or from ISACA at www.isaca.org/digital-risk-gap. For more information about RIMS and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org. To learn more about ISACA and its resources, visit www.isaca.org.

How to Influence Risk Management Standards, Frameworks and Guidelines

Posted on by

What do you want risk management standards, frameworks and guidelines to do for your success? Many people depend on these documents to provide needed guidance.

online pharmacy advair with best prices today in the USA

Yet, you have heard the reasons people give for not wanting to deal with risk management standards and frameworks. Perhaps you have even voiced these yourself, at one time or another:

  • Our organization is so unique, no one standard or framework could possibly apply.
  • Standards are the same as regulations—we don’t need more regulations.
  • We know what we are doing—we don’t need any guidance. Those things don’t apply to us anyway.

Whether we like it or not, standards are a part of life and our daily language. We refer to a gold standard as a measure of excellence. There are standard breeds of dogs, horses and even chickens. We have internet standards. And what would we do without standards of care, and food safety standards?

Standards have been around a long time, and actually have benefited society. When time was standardized along the prime meridian, commerce flourished. When the United States decided to build the transcontinental railroad using a standard gauge, deliveries of passengers and goods were made more efficiently. Anyone who has traveled internationally can attest to at least one outcome when there is a lack of standards: the proliferation of power adapters that are needed when representatives from different nations gather.

Standards and guidelines—which typically are voluntary—are not regulations. Standards are created through consensus, public comment and acceptance. Regulations, on the other hand, are mandated through legislation. A primary standard (or “recognized” standard) is an established norm or collection of “best practices” that evolve over time under the jurisdiction of an international, regional or national standards development body. Standards are published as a formal document that can establish criteria, methods, processes and practices. In contrast, a guidance document, company product, corporate standard, etc., that may be developed outside of a recognized standards setting body—but which becomes generally accepted—is often called a de facto standard.

Ultimately, standards provide value when they foster common understanding reflecting collective wisdom, while creating efficiencies and better results for the organizations using them. In benefiting organizations, risk management standards generally recommend, but do not require, risk management criteria, methods, processes and practices. Therefore, they boost risk management’s value—one of the reasons you should care about risk management standards, frameworks and guidelines. And shouldn’t you be involved in developing guidance about your daily work? Another reason to care.

The problem is not a shortage of risk management standards and frameworks, but the proliferation of standards and frameworks that, at times, seem to contradict each other. The result is confusion, even about how terms and concepts are used. Sorting through these contradictions is challenging, particularly when others in the organization may be advocating a different risk management approach. These differences lead respective proponents to argue about which one is “right” or “better,” rather than focusing on the value that risk management can deliver. Creating a new risk management standard does not necessarily help the situation, as it usually just becomes one more competing standard.

There is an unmistakable need for understanding how to apply various risk management standards.

online pharmacy azithromycin with best prices today in the USA

Another reason for you to care: how complementary—or contradictory—risk management standards and frameworks may be can either help or hurt your efforts.

ACT NOW

We all have a unique opportunity right now to influence two of the major risk management guidance documents: ISO 31000:2009 developed by the International Organization for Standardization and the COSO ERM Framework 2004 under the auspices of the Committee of Sponsoring Organizations. Both are undergoing revision reviews at this time.

To influence the ISO 31000 revision: Seek to join the national mirror committee of your country. In the United States, the Technical Advisory Group for the American National Standards Institute (ANSI) is administered by the Association of Safety Engineers (ASSE) and chaired by Carol Fox, RIMS vice president of strategic initiatives. If you are interested in joining the US TAG, contact Ovidiu Munteanu for information and an application (omunteanu@asse.org).

To influence the COSO revision: The revision is open for public comment June 15 through September 30, 2016. COSO has expanded its website, www.COSO.org, with a section on the Framework update that includes the proposed Framework, survey and comment tools, and FAQs about the project, details of the most significant updates and how to respond to the survey. Written comments on the exposure draft will become part of the public record and will be available on the COSO website through Dec.

online pharmacy fluoxetine with best prices today in the USA

31, 2016.