Category Archives: Risk Management

The Risks of Social Media: Internal Audit

Posted on by

Internal audit has never been easy, but modern business practices are challenging IA professionals even further. Social media, fraud risk and data analysis tools are areas in need of attention and, in some cases, improvement.

The 2013 Internal Audit Capabilities and Needs Survey, released by Protiviti, show that 43% of respondents have no social media policy within their organization. Among those with a policy, many fail to address even the most basic issues, such as information security and approved use of social media applications.

buy lasix online iddocs.net/images/photoalbum/gif/lasix.html no prescription pharmacy

What’s most alarming, however, is that more than half (51%) of organizations do not address social media risk as a part of their risk assessment process — 45% indicate they have no plans to do so in the coming year’s audit plans. Of those that do address the topic, 84% rated their organization’s social media risk-assessment capability as “not effective” or “moderately effective.”

“The survey findings are surprising in that they show how many businesses are either inadequately prepared or altogether inactive in putting effective processes and policies in place around social media,” said Brian Christensen, executive vice president, global internal audit, at Protiviti. “From a risk management perspective, this poses significant potential problems for businesses that can range from reputational risk to IT infrastructure risk as a result of unchecked exposures to customer, vendor and company information.

buy tretiva online iddocs.net/images/photoalbum/gif/tretiva.html no prescription pharmacy

Other findings related to internal audit include:

  • Continuous auditing was the top priority in terms of audit process knowledge in 2011 and 2012, but dropped down to #18 in the 2013 rankings.
  • For audit process knowledge, auditing IT – new technologies was the third-highest “needs-improvement” priority, and scored significantly lower than any other area evaluated with regard to existing competency.
  • Concerns among chief audit executives were generally aligned with the broader sampling of respondents.
    buy antabuse online iddocs.net/images/photoalbum/gif/antabuse.html no prescription pharmacy

    However, they did rank audit process knowledge around Computer-assisted Audit Techniques (CAATs) as a higher priority for improvement, compared to the overall ranking.

In 2013, we can no longer view social media as a “new” risk. Businesses must prepare for the worst, whether it’s an attack on a company’s reputation via Facebook or a rogue employee stealing an organization’s Twitter account password, social media risk can manifest itself in many ways. There is only one way for companies to deal with it, however.

Be prepared.

How Not to Fight Showrooming

Posted on by

As traditional brick-and-mortar retailers continue devise ways to combat “showrooming” (the practice where customers browse store shelves to check out items that they ultimately intend to buy online), it seems that one retailer has come up with a new plan — charge customers for “just looking.”

According to the above photo posted this week on Reddit, a specialty food store in Brisbane, Australia has decided to charge customers a $5 fee for browsing, which they will refund from the purchase price of whatever they buy. Somehow they think that charging what amounts to an admission fee to enter their store will be good for business, but treating prospective customers like the enemy sounds like the worst marketing strategy ever.

buy zithromax online imed.isid.org/wp-content/uploads/2023/10/jpg/zithromax.html no prescription pharmacy

It’s almost as if they’re encouraging people to go online.

buy zetia online imed.isid.org/wp-content/uploads/2023/10/jpg/zetia.html no prescription pharmacy

It seems to me that if their prices were truly “almost the same as other stores” as they claim, they wouldn’t have this problem. And if their products are unavailable anywhere else, how is showrooming even an option?

Logical issues aside, showrooming is certainly a problem for retailers. But wouldn’t a price matching policy, like the one Target chose to put in place, be a more effective way to fight it? Or how about making your store a more inviting place to shop by welcoming your customers with a personal touch they can’t get online? As I understand it, usually the goal for retailers is to get more people into your store, but what do I know?

buy renova online imed.isid.org/wp-content/uploads/2023/10/jpg/renova.html no prescription pharmacy

I guess policies like this are yet another reason why not every business can be a success.

5 Ways Businesses Can Avoid Credit Card Fraud

Posted on by

According to a March 2013 report from the Commerce Department, retail sales increased 1.1% in February to $421.4 billion, marking the biggest surge in the retail space since last September. Elevated sales numbers mean additional credit card transactions and, as a result, an increased risk for fraud.

A recent report from Javelin Strategy & Research found that credit card fraud has increased an alarming 87% since 2010 and accounted for a total loss of approximately $6 billion. Despite mounting evidence of this growing epidemic, loss as a result of credit card fraud has remained the proverbial elephant in the room for many businesses.

Organizations need to increase their awareness of this growing threat and the rather simple steps they can take to prepare themselves. The following are five tips for businesses leaders as they navigate through the economic climate in 2013 and beyond:

  1. Immediately deal with any breach. It’s critical to understand that even if all cautious, conservative steps are taken and the best payment processing security is installed, a breach can still occur. If it does, you must have detailed credit card sales records to refer back to as a means of retracing your steps. This will help in determining when and where the breach took place and therefore mitigate the potential for additional losses. A proper assessment of the initial attack may ultimately provide a trail back to the source of the breach.
  2. Maintain PCI Compliance. Not only is it against card brand regulations if you’re not Payment Card Industry (PCI)-compliant when accepting credit or debit cards, but it’s also an absolute must in today’s economic climate. Make certain your payment processing software security is current and is PA-DSS (Payment Application Data Security Standard)-certified, and that your business receives their PCI-DSS (Payment Card Industry Data Security Standard) certification. PCI certification provides a level of confidence and assurance that a processor has followed and passed a robust set of best practices for securing the information being processed when credit card payments are made. There’s no silver bullet here. You have a responsibility to protect your customer’s credit card information, just like you should be protecting all of your customer data.The depth of the audit required will depend on your business volume and systems but a full PCI audit will offer a scorecard across your business’ payments environment, including all connected back-office applications, allowing you to make critical changes before security holes are exposed by thieves.
  3. Use end-to-end encryption for all sensitive data. End-to-end encryption (E2EE) essentially boils down to scrambling the data sent from one device to another. It starts with your payment capture devices, and goes all the way to the transaction being authorized. E2EE technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI-certified. A company’s mobile payment devices, credit card terminals, software applications, and online payment portals need built-in encryption functionality when transmitting customer information. Your company should select a payments provider that is technically savvy. Look for a partner that supports E2EE technology. You’ll need to balance cost versus product and service here. Using the low-cost provider could come at the expense of limited product functionality, potential security holes, and lower levels of customer service.
  4. Prevent tampering. Make certain all employees tasked with the responsibility of accepting credit and debit cards from customers have a working understanding of the looks and functionality of the payment processing equipment they’re using. Scammers often try to tamper with a business’ payment processing equipment in an effort to steal credit card information. Altered equipment usually consists of a small piece of hardware physically attached to the terminal itself. An attentive employee who knows what to look for should be able to easily identify an extra attachment to the device or oddly functioning software.
  5. Refrain from storing credit card numbers. To avoid one of the biggest PCI compliance risks, you should do everything in your power to not store credit cards numbers. Look for a payments provider whose platform is designed so credit card information is never stored at your business site or on your business software. Your provider should be able to process the transaction and then store your customers’ card information in a secure “vault” in the cloud. They should provide you with an encrypted ID, so when you want to do another transaction for that same customer, your software can pass the payments provider the encrypted ID so your company never comes in contact with the stored credit card data.

It’s reasonable to have a healthy level of economic optimism, but critical to take the necessary precautions to protect your company’s assets and security. Apply these tips to help ensure credit card scammers aren’t given the opportunity to steal the fruits of your labor.

Ontario’s Risk Management Solutions Go Global

Posted on by

“We dodged a bullet that time, but no one is taking the future for granted,” said Janet Ecker, President and CEO of the Toronto Financial Services Alliance.

Ecker was referring to the fact that Canada’s financial services sector emerged from the 2008 global crises in better shape than many of its counterparts. The troubling questions was — what happens next time?

That question led Canadian regulators, industry leaders and academics to launch an unprecedented joint approach to deepen and broaden our understanding of what risk management really means, and what new tools are needed to head-off future market meltdowns.

“One of the reasons we avoided much of the crisis was because we have a strong working relationship between our regulators, policy makers and the industry,” said Ecker, speaking at the old Dominion Bank in the heart of Toronto’s downtown financial district. “Recent events have only served to strengthen this collaboration.”

Since the 2008 crises, Toronto has emerged as one of the world’s top ten financial centres and is currently ranked third in North America in the U.K.-based Global Financial Centres Index (GFCI). The GFCI rankings take into account such factors as global competitiveness, banking risk, capital access and global innovation.

The Toronto Financial Services Alliance (TFSA) is a public-private sector partnership focused on strengthening Toronto’s role as a global financial center. TFSA members include Canadian banks, pension funds, insurance companies and investment management firms and representatives of academia and business support services.

“The crisis also shone a spotlight on the expertise we have here in practical risk management,” Ecker continued.

buy azithromycin online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/azithromycin.html no prescription pharmacy

“People around the world started to ask how we avoided being swept up in the crisis.”

That surge in interest added impetus to the establishment under the auspices of the TFSA of a new public-private sector think-tank, the Global Risk Institute in Financial Services (GRI).

“Part of what we learned from the crisis was that risk is a multi-headed, often multi-jurisdictional beast that can’t be managed in silos,” saids GRI’s newly-appointed President and CEO Michel Maila. “We are based in Toronto, but we are called the Global Risk Institute in recognition of the fact that financial services is a globally integrated industry.”

Maila brings more than 30 years of international finance experience to the GRI, much of that with the Bank of Montreal. He also served as vice president, risk management at the International Finance Corporation (IFC), the Washington-based private-sector arm of the World Bank Group. He sits on the International Advisory Board of the Stuttgart-based European Virtual Institute for Integrated Risk Management, and has been a board member of the Geneva-based International Risk Governance Council.

One of the priorities of the GRI is commissioning applied research. The approach is interdisciplinary and the focus is on exploring the complex, interdependent connections within global financial services. The goal is to develop practical insights that will benefit the entire industry rather than specific sectors.

A second priority is to provide opportunities to increase collaboration between various industry participants.

“Different institutions in different industries have developed some very good risk management models that could be very useful in other sectors,” said Maila. “This is why we need to get out of the silos and push for a more cross-sectoral, multidisciplinary understanding of risk management that fits today’s financial environment.”

The growing complexities of the multi-market, multi-jurisdictional system were revealed during the fiscal crises. Several very large, very respected international firms dangerously under-estimated their direct and indirect risk exposure. New technologies were creating greater markets volatility through high-frequency trading and other practices. On top of it all, firms competing for international market share pressed national regulatory bodies for regulatory symmetry with their global peers.

One of those front-line regulators is the Investment Industry Regulatory Organization of Canada (IIROC), a self-regulatory organization that overseas all investment dealers and trading activity in Canada. It establishes regulations, sets industry standards, monitors markets and enforces compliance to protect investors.

During the 2011-2012 fiscal year, that involved monitoring nearly 400 million trades involving 231 billion shares and a total value of $2.3 trillion on Canada’s three exchanges and nine alternative trading systems. And not just trades are monitored, but all messages including quotes, orders and cancellations. On an average trading day, that means a staggering 180-200 million messages.

In 2010, IIROC launched a unique, made-in-Canada technology platform to manage that flood of data. All market order and trade messages flow through the Surveillance Technology Enhancement Program (STEP).
buy udenafil online https://royalcitydrugs.com/udenafil.html no prescription

They can be monitored in real-time to ensure regulatory compliance and guard against market anomalies. It allows the regulator to act quickly if an issue arises.

“As a real-time market regulator, one of our roles is to mitigate the volatility of systemic triggers or major trades that make no sense,” said IIROC President and CEO Susan Wolburgh Jenah. “Regulators don’t like to intervene. We would rather have effective checks and balances in place.

“STEP also provides us with a rich depository of trade data that can help us identify trading patterns and trends,” she continued. “It also enables us to take an empirically driven approach to developing regulations, which is a huge benefit.”

The accelerated speeds of markets worldwide and the increased complexities of financial products mean that the Canadian financial services system cannot rest on its risk management laurels.

“There is a lot we can learn from other jurisdictions and there has been a significant increase in cross-border coordination in the past few years,” said Wolburgh Jenah, who also sits on the GRI Board of Directors. “We all want to make sure we continue to build the best possible risk management talent, policies and expertise.

buy finasteride online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/finasteride.html no prescription pharmacy