Check AML crypto online: USDT AML check BTC, ETH and 65+ coins. Receiving funds of illegal origin could lead the risk of having your funds frozen. The USDT is being tested for scams, mixers, darknet market, ransom, gambling and other crimes.

How Risk Oversight Fails

Posted on by

failure

For the past few years, Congress, the SEC, rating agencies and even the venerable Risk Management magazine have all been harping on the need for organizations to improve their risk oversight. But as any risk professional worth his or her salt should know, all risk oversight is not good risk oversight.

It’s a very simple, logical fact — but one that is all too often overlooked.

No organization would think that just having management means it has good management. Few would think having an IT department means they inherently have optimal technology. For some reason, however, that is the way many think about risk oversight. We have it — it must be working.

Wrong.

Luckily, Boardmember.com has put together a good list of “Ten Ways Risk Oversight Can Fail” to help illustrate the difference.

Not understanding strategic risk management — the next “wave of the future” and something I wrote about in September — is one key way companies fail.

(2) Lack of understanding of, or a failure to monitor, the significant assumptions underlying the strategy – Boards should understand the critical factors that make or break the successful execution of the strategy and ensure a process is in place to monitor business or regulatory changes that could impact those factors.

Charting emerging risks, not surprisingly, were another obvious inclusion.

(4) Failure to identify and manage emerging risks – The board must satisfy itself that management brings to bear the appropriate expertise, processes and information to identify new and complex risks to the execution of the enterprise’s strategy and business model and to manage those risks effectively.

The list also featured a nice summation of what too many organizations consider an actual enterprise risk management program.

(6) The company practices “enterprise list management” – Generating lists of risks over time with no follow-up to understand and close gaps in risk management capabilities is not good practice. Risk management should impact the core management activities that matter – strategy-setting, business planning and performance management.

And, of course, the board — often a laggard on understanding the true risks of the company — can provide a critical point of risk oversight failure.

(10) The board isn’t organized effectively for risk oversight – The board may not be allocating sufficient time and resources to risk oversight. Or the board isn’t availing itself of the appropriate company officers to focus on identifying areas in which management needs to improve the organization’s capabilities and information for managing risk. Or there is insufficient coverage by the board of the enterprise’s risks.

Click through to the full article for the other six ways risks oversight can fail.

Proposal Would Increase Earthquake Coverage in CA

Posted on by

Surprisingly, only about 12% of insured households in California currently have earthquake insurance. For such an quake-prone area, 12% is just not enough and, luckily, a new initiative may provide a sharp increase in the number of households with coverage against such catastrophes.

According to a RAND Corporation study, a proposal for the federal government to support state-run catastrophe insurance programs would increase the number of people buying earthquake coverage in California. The plan would also lower both uninsured losses and government assistance following a major quake. The four main tenents of the Catastrophe Obligation Guarantee Act (COGA) are:

  • lower insurance costs
  • more households with earthquake insurance coverage
  • decrease in uninsured losses
  • decrease in demand for federal disaster assistance

The RAND Corporation’s study estimates that lower premiums will produce a 13.2% increase in the purchase of earthquake insurance from the California Earthquake Authority, the privately-funded organization that provides earthquake insurance to the state’s residents.

“While catastrophe obligation guarantees could substantially reduce earthquake insurance costs in California, they would ultimately have a modest effect on decreasing uninsured losses and reducing the amount of disaster assistance spending.” said Tom LaTourrette, lead author of the study and a senior physical scientist with RAND, a nonprofit research organization.

So, though the study predicts an increase in the purchase of earthquake insurance, a substantial portion of earthquake losses are expected to fall below policy deductibles. Thus, an increase in coverage would translate to “less than a 1% increase” in the amount of losses that would be reimbursed. So while COGA is expected to decrease the amount of uninsured losses after a California quake, it is not a total solution. The study suggests that officials consider other avenues for increasing earthquake insurance coverage, such as public education and marketing and new, more attractive earthquake insurance products.

Ernst & Young’s Global Information Security Survey

Posted on by

Last week, I attended the Ernst & Young media roundtable to hear the results of its 2010 Global Information Security Survey (GISS). The survey includes responses from participants in 1,598 organizations in 56 countries across all major industries.

With the increase in the use of external service providers and the adoption of new technologies such as cloud computing, social networking and Web 2.0, companies are increasingly exposed to data breach threats. In fact, 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. And according to the survey, companies are taking a proactive stance as 46% indicated that their annual investment in information security is increasing. Though IT professionals are trying, not all are succeeding in keeping up with new tech threats.

“I’ve never seen this kind of shift in IT before,” said Jose Granado, the America’s practice leader for information security services within Ernst & Young. “Security professionals are trying to keep up with the pace, but aren’t really doing a great job. The have limited resources and a limited budget.”

A concern for IT professionals is mobile computing. Demands of the mobile workforce are driving changes to the way organizations support and protect the flow of information. In fact, 53% of respondents indicated that increased workforce mobility is a significant or considerable challenge to effectively delivering their information security initiatives. Aside from investing more on data loss prevention technologies, 39% of respondents are making policy adjustments to address the potential new or increased risks.

“You have to implement realistic policies,” said Chip Tsantes, principal within the financial services division of Ernst & Young. “They need to be liveable and workable, or else people will go around them. You can’t simply ban things.”

Another major concern for IT pros is the gaining popularity of cloud computing. Both Granado and Tsantes were shocked to learn that 45% of respondents (primarily those on the non-financial services side) are currently using, evaluating or are planning to use cloud computing services within the next 12 months.

“From the standpoint of a traditional IT security professional, endorsing or supporting a cloud environment is counter-intuitive,” said Granado. “How do I know where my data is and how do I know it is protected?”

So how do companies increase their confidence in cloud computing? According to the survey, 85% say that external certification would increase their trust.

So I asked Granado and Tsantes if they could tell me when they believed there would be a universal set of standards for cloud computing providers. Granado feels there is a two-to-three year timeline in regards to having something solidified. He says businesses are going to drive it; If businesses continue to push, “cloud providers would have to follow.” With more and more sensitive data calling the cloud home, let’s hope Granada is being conservative with his estimate.

cloud computing2

November Issue of Risk Management Now Online

Posted on by

It’s that time again — a new issue of Risk Management magazine is now online. The cover story in our November issue celebrates the 100th anniversary of the modern U.S. workers compensation system and highlights the fact that even though workers comp is only 100 years old, its principles date back a millennium.

Additional features in the newest issue are a first-hand account by Michael Cawley of 25 lessons learned during his 25 years as a risk manager, the pros and cons of cloud computing and seven steps to building a successful workers comp program.

Our columns explore topics such as the rise in workplace suicides, the largest data breach in history, regulatory uncertainty within the insurance industry, the Red Flags Rule, and human clinical trial insurance in South Korea. Also included are monthly staples such as our articles highlighting recent industry reports (Findings) and our book reviews (Shelf Life).

If you enjoy what you seen online, you can subscribe to the print edition to enjoy even more content.

Please let us know what you think in the comments below. And stay tuned to the blog for even more coverage in the future. Lastly, you can follow the magazine on Twitter“like” us on Facebook and join our LinkedIn group.