Category Archives: Emerging Risk

Immediate Vault Immediate Access

RIMS TechRisk/RiskTech: Opportunities and Risks of AI

Posted on by

On the first day of the RIMS virtual event TechRisk/RiskTech, author and UCLA professor Dr. Ramesh Srinivasan gave a keynote titled “The Opportunities and Downside Risks of Using AI,” touching on the key flashpoints of current technological advancement, and what they mean for risk management. He noted that as data storage has become far cheaper, and computation quicker, this has allowed risk assessment technology to improve. But with these improvements come serious risks.

Srinivasan provided an overview of where artificial intelligence and machine learning stand, and how companies use these technologies. AI is “already here,” he said, and numerous companies are using the technology, including corporate giants Uber and Airbnb, whose business models depend on AI. He also stressed that AI is not the threat portrayed in movies, and that these portrayals have led to a kind of “generalized AI anxiety,” a fear of robotic takeover or the end of humanity—not a realistic scenario.

However, the algorithms that support them and govern many users’ online activities could end up being something akin to the “pre-cogs” from Minority Report that predict future crimes because the algorithms are collecting so much personal information. Companies are using these algorithms to make decisions about users, sometimes based on data sets that are skewed to reflect the biases of the people who collected that data in the first place.

Often, technology companies will sell products with little transparency into the algorithms and data sets that the product is built around. In terms of avoiding products that use AI and machine learning that are built with implicit bias guiding those technologies, Srinivasan suggested A/B testing new products, using them on a trial or short-term basis, and using them on a small subset of users or data to see what effect they have.

When deciding which AI/machine learning technology their companies should use, Srinivasan recommended that risk professionals should specifically consider mapping out what technology their company is using and weigh the benefits against the potential risks, and also examining those risks thoroughly and what short- and long-term threats they pose to the organization.

Specific risks of AI (as companies currently use it) that risk professionals should consider include:

  • Economic risk in the form of the gig economy, which, while making business more efficient, also leaves workers with unsustainable income
  • Increased automation in the form of the internet of things, driverless vehicles, wearable tech, and other ways of replacing workers with machines, risk making labor obsolete.
  • Users do not get benefits from people and companies using and profiting off of their data.
  • New technologies also have immense environmental impact, including the amount of power that cryptocurrencies require and the health risks of electronic waste.
  • Issues like cyberwarfare, intellectual property theft and disinformation are all exacerbated as these technologies advance.
  • The bias inherent in AI/machine learning have real world impacts. For example, court sentencing often relies on biased predictive algorithms, as do policing, health care facilities (AI giving cancer treatment recommendations, for example) and business functions like hiring.

Despite these potential pitfalls, Srinivasan was optimistic, noting that risk professionals “can guide this digital world as much as it guides you,” and that “AI can serve us all.”

RIMS TechRisk/RiskTech continues today, with sessions including:

  • Emerging Risk: AI Bias
  • Connected & Protected
  • Tips for Navigating the Cyber Market
  • Taking on Rising Temps: Tools and Techniques to Manage Extreme Weather Risks for Workers
  • Using Telematics to Give a Total Risk Picture

You can register and access the virtual event here, and sessions will be available on-demand for the next 60 days.

What Employers Need to Know About Federal COVID-19 Vaccine Mandates

Posted on by

In an effort to combat the COVID-19 virus and its subsequent variants, the Biden administration has instituted three important mandates that employers should be aware of as they may impact their business. First, the Emergency Temporary Standard (ETS), issued by the Occupational Health and Safety Administration (OSHA), requires that all employers with 100+ employees mandate vaccination or weekly testing. The second mandate involves federal workers and contractors and requires them to obtain a vaccination without any option for weekly testing. The final mandate was issued by the Centers for Medicare and Medicaid Services (CMS), and requires vaccination of all healthcare workers at CMS-covered facilities.

OSHA’s Emergency Temporary Standard

The mandate that has the most wide-ranging impact is Occupational Health and Safety Administration’s (OSHA) Emergency Temporary Standard (ETS) that calls for employers with 100 or more employees to either require employees to obtain a COVID-19 vaccination or to prove compliance with a weekly-testing program. This ETS is expected to affect over 80 million employees. 

On December 17, the Sixth Circuit Court of Appeals lifted the stay placed on OSHA’s ETS issued by the Fifth Circuit in November. The court held that OSHA does have statutory authority to mandate national vaccines and/or testing for employers with more than 100 employees. Specifically, it outlined that because COVID-19 is a virus that causes bodily harm, OSHA was well within its administrative authority to regulate the health and safety of employees. 

Since the Sixth Circuit’s decision to dissolve the stay, OSHA announced that it will not be issuing citations for noncompliance with the ETS requirements until January 10 and the testing requirements will not be enforced until February 9 with the caveat that the employer must make good faith efforts to come into compliance as soon as possible.

After this ruling by the Sixth Circuit, eight groups challenged the OSHA vaccine mandate and filed emergency applications with the U.S. Supreme Court asking it to stay the mandate again until the case can be heard in the highest court. On December 20, the Supreme Court requested a response from the federal government by December 30. And, on December 22, in an almost unprecedented move, the Supreme Court ordered oral argument on these emergency applications, which will take place on January 7.

Despite the fact that the validity of the ETS is now squarely before the Supreme Court, employers should still operate as if the ETS will go into immediate effect. OSHA has implemented new deadlines to reflect the current status of the ETS.

By January 10, employers should:

  • Track employee vaccination status
  • Create a database detailing vaccination information for each employee
  • Require unvaccinated employees to wear a mask
  • Provide paid time off for employees to get vaccinated and recover

As of February 9, 2022, employers must also require unvaccinated employees must start testing for COVID weekly. Self-administered or self-read tests would not comply. Employers must observe or use a proctor and have employees tested on site, or at a recognized testing facility.

The Mandate for Federal Employees and Contractors

The second mandate stems from President Biden’s executive order that requires most federal employees or contractors to get vaccinated. This mandate does not have a testing option.

On December 7, the U.S. District Court for the Southern Section of Georgia granted a preliminary injunction to temporarily halt the enforcement of the Biden’s administration’s vaccine mandate for federal contractors.The court found that the administration had overstepped the bounds of it authority under the Federal Property and Administrative Services Act 40 U.S.C. 101 et. seq. The injunction effectively prohibits enforcement of the federal contractor vaccine mandate in all 50 states and any territory of the United States. However, on December 17, the Eleventh Circuit, denied the government’s motion to stay. This effectively upheld the injunction. The court found that the government had failed to show that it “would be irreparably harmed absent a stay.”

The CMS Mandate

The third mandate is an interim file rule of the Centers for Medicare and Medicaid Services (CMS), which requires vaccination of all healthcare workers at CMS-covered facilities throughout the United States. The CMS mandate is currently enjoined by court order in 25 states and continues in full effect in 25 other states. After the ruling by the Fifth Circuit in November, however, CMS suspended implementation and enforcement of the mandate pending resolution of the challenges before the Supreme Court.

RIMS Risk Forum India 2021: Building Resilience As COVID, Cyberrisk Top Business Risks

Posted on by

An increasingly key theme year over year, resilience is at the root of the latest Excellence in Risk Management India report from Marsh and RIMS—and the RIMS Risk Forum India 2021 virtual event, where the report was officially released today. In the second year of the COVID-19 pandemic, risk professionals in India reported acute short- and long-term concerns about the interconnected risks of COVID-19 cases, global economic recession, and surging cyberrisks amid shifts in work arrangements.

In addition to the death of more than 5 million people in India, the pandemic has taken a considerable economic toll on the region. “According to the Organization for Economic Co-operation and Development (OECD), India’s economy contracted by close to 8% in 2020, while the world’s economy contracted by 3.5%,” the report noted. “Despite the OECD’s projections for economic expansion—both in India and globally—in 2021 and 2022, the potential for a prolonged global recession remains a concern for organizations in India.

buy fildena online orthomich.com/img/blog/jpg/fildena.html no prescription pharmacy

Previously one of the top risks for India-based risk professionals before COVID-19, cyberrisk has also increased significantly with the pandemic and the shift to remote work. “The shift to a remote workforce necessitated by sweeping lockdowns to stem the spread of the pandemic is widely seen as having increased cyberrisk,” Marsh and RIMS noted. “The Indian Computer Emergency Response Team (CERT-In) data indicated that cyberattacks in India rose by 300% in 2020, according to news reports. And cyber risk remained elevated in 2021, with more than 600,000 cybersecurity incidents reported in the first six months of the year alone, according to CERT.”

The continuing pandemic, resulting fallout, and ever-growing cyberrisk have presented the biggest risks for organizations in India in 2021, and the survey indicates that local risk professionals expect these to dominate the agenda for businesses in the year to come.

Despite the considerable concern, few respondents said their company is fully prepared for the continued fallout from COVID-19 or future pandemics. Asked to rate their organization’s preparedness from 1 to 5 (not prepared to fully prepared, respectively), the majority of India-based risk professionals ranked their organization a 3, and only 10% said they are fully prepared. While cyberrisk has been a top threat for longer, preparation is not much better for the threat—only a quarter of Indian companies said they are fully prepared for a cyberattack. This is particularly concerning as “some extent of remote work is expected to remain, leading to concerns of increased cyberattacks due to unsecured home networks,” Marsh said in a press release.

According to the report, this underscores the imperative to develop robust risk management strategies for both current and emerging risks and to focus on building resilience. Marsh identified four “common behaviors among companies that are on the path to becoming more resilient”: anticipating risk, connecting risk management to business strategy, avoiding gaps in the perception of preparedness, and measuring relevant data. Marsh and RIMS explained these further, defining key pillars that have set successful businesses apart, and potentially also offering considerations for other organizations to develop more mature risk management programs:

  • Anticipation: Resilient companies expect the unexpected. They have crisis management plans in place, but they also dig deeper, look farther ahead. Consider that during the pandemic even organizations with thorough business continuity plans struggled. Why? Many of them didn’t fully anticipate the widespread, long-lasting damage a pandemic could create.
  • Integration: Another key behavior among resilient organizations is to fully integrate risk management with operations and strategy. Doing so increases the ability to develop effective responses. Most organizations do not connect resilience planning with their long-term investment strategy. Those that do make the connection are on the path to better mitigating financial exposure, reputational damage, business interruption, and other losses.
    buy solosec online orthomich.com/img/blog/jpg/solosec.html no prescription pharmacy


  • Preparedness: On the journey to resilience, it’s important to develop an accurate perception of an organization’s preparedness. A false sense of security can halt an organization in its tracks. Companies often overestimate how quickly and effectively they will be able to respond to and recover from a given risk.
    buy antabuse online orthomich.com/img/blog/jpg/antabuse.html no prescription pharmacy

  • Measurement: There is no shortage of data and analytics in today’s business environment. But consistently applying metrics can be a stumbling block. Many companies fail to conduct a high rate of modeling and forecasting even on risks they see as important. And among the companies that do so, most only model in select areas.

Marsh and RIMS recommended that organizations in India focus on resilience heading into 2022 and beyond. “Resilience means being able to absorb the impact from a range of emerging risks and depends in large part on having robust risk management strategies in place,” the report explained. “This includes anticipating risk, connecting risk management to business strategy, ensuring your organization’s perception of preparedness doesn’t lead to a false sense of security, and measuring relevant data.”

Respondents largely indicated that their organization planned to increase investment in risk management, with 55% saying they expect increased resources, 27% expecting investment to stay the same, and only 4% expecting a decrease. This could be a critical differentiator in navigating COVID-19 recovery and other emerging risks in 2022. Indeed, 42% cited budget at the most critical barrier to understanding the impact of emerging risks on risk management.

Among the takeaways from the report, Marsh and RIMS urged organizations to invest in preparedness. “Look beyond pandemic as you develop a risk management strategy that is prepared to respond to any number of emerging risks,” the report said. “For example, shifting work patterns have intensified an already escalating cyber risk landscape that calls for a range of responses, from scenario planning to financial quantification.”

In addition to a panel on the Excellence in Risk Management India report, the RIMS Risk Forum India 2021 virtual event includes a number of sessions that address resilience challenges and opportunities for risk professionals in India. The program includes keynote addresses by Ajay Srinivasan, chief executive officer at Aditya Birla Capital Limited (ABCL), and Dr. Soumya Kanti Ghosh, group chief economic advisor at the State Bank of India, as well as education sessions like “Cyber Risk Management: A Priority for a Resilient Economy,” “Climate Risk and Your Path to Resilience,” “What COVID-19 Has Taught Us About ESG Risks and Why Risk Management Needs to Change,” and “Breaking the Chain: How Understanding Business Interruption Exposures Can Mean Supply Chain Resilience.”

The RIMS Risk Forum India 2021 virtual event continues tomorrow, December 4, and sessions will also be available for on-demand viewing for the next 60 days. Registration can be found here: https://www.rims.org/events/rf/india-forum-2021

RIMS ERM Conference 2021: IRS Receives Global Enterprise Risk Management Award of Distinction

Posted on by

On Friday, RIMS President Ellen Dunkin presented the Internal Revenue Service (IRS) with the 2021 Global Enterprise Risk Management Award of Distinction at the Society’s ERM Conference in New York City. The honor recognized the IRS’s outstanding achievements that allow it to anticipate emerging risks and establish the appropriate culture, processes and structures to strengthen strategic decision-making. 

Navigating the impacts of an extended government shutdown, sweeping tax reforms, operational disruption due to the COVID-19 pandemic and providing essential financial relief to thousands of businesses and individuals across the United States, the IRS ERM program helped the agency to remain resilient and effectively manage a multitude of dynamic challenges.

“Through the ERM program’s focus on embedding risk management capabilities into the existing structures and operations, the agency has become more risk aware,” said Jeffrey Tribiano, the IRS’s deputy commissioner for operations support. “There is also greater collaboration across the enterprise to address significant risks that require efforts from multiple business units. By effectively highlighting the enterprise-wide effects of risks, and by capturing risks on the enterprise risk profile, ERM has helped garner agency-wide attention and support for measures to help address the risks. Since IRS established its ERM program in 2014, it has played a critical role in helping the agency to better understand and respond to risk, thus making the organization more resilient and better able to serve the American people.” 

This year, RIMS honored three other organizations for their exceptional accomplishments developing, implementing and maturing ERM within their organizations. Honorees included:

  • 2021 RIMS Global ERM Award of Distinction Honorable Mention: Dallas Fort Worth International Airport
  • 2021 RIMS ERM Award of Distinction–U.S. Honoree: Eversource Energy
  • 2021 RIMS ERM Award of Distinction–International Honoree: EuroChem

“Enterprise risk management continues to deliver exceptional value to organizations, allowing them to successfully address emerging risks while also identifying and leveraging opportunities that might not have otherwise been apparent,” Dunkin said. “Risk professionals get better—and deliver better results—by learning from each other. We are so grateful to the IRS and all of honorees for sharing their ERM journeys with the RIMS community and doing their part to advance this rewarding profession.” 

Judging criteria for the Global ERM Award of Distinction include measurable, tangible and sustainable results; unique program strengths; ERM innovation that links risk with strategy or performance; and the program’s ability to build sustaining risk management capabilities. The panel comprises members of RIMS Strategic and Enterprise Risk Management Council.

RIMS ERM Conference 2021 was held November 11-12 in New York City and virtually. The program themed “ERM in an ESG World” focused on the growing risks stemming from environmental, social and governance challenges.