Hernan Huwyler - 10 risk concepts to throw on the bonfire

•

1 like•354 views

This document discusses 10 risk concepts that are problematic and provides alternatives that should be used instead. These concepts include heat maps, risk reports, risk tolerance statements, self-assessments, risk registers, enterprise risk management frameworks, inherent risks, risk scoring and ratings, red/yellow/green prioritizations, and key risk indicators. The document recommends using tools based on probabilistic analysis, decision trees, improved planning, embedded policies and controls, decision-maker focused assessments, integrated planning processes, proven probabilistic methods, auditing of controls, scenario analysis, and measurement of plan performance as better approaches.

Business

10 risk concepts to
throw on a bonfire
and how they can be replaced
Prof. Hernan Huwyler, MBA CPA

Heat maps
Use scientific probabilistic analysis
such as Monte Carlo Simulations
and decision trees
instead
1Proven mathematical flaws make
them useless and misleading

Risk reports
Improve the planning tools
developed by the business and
add follow-ups on performance
instead
2 Unnecessary reporting layers
disconnected from decision-making

Risk tolerance
Implement standard controls
embedded in policies and
contracts for future activities
instead
3 Wishful thinking about risk
expressed in generic statements

Self-assessments
Focus the assessment and the
support on decision-makers with
specific tools for each plan
instead
4 Generic questions to ask a
generic audience about their
general risk perceptions

Risk registers
Add reserves, insurance and
control costs into the planning
processes
instead
5 Siloed document not leading to
the management of risks

EMR
Use simple probabilistic tools
developed from the 40s
instead
6Jargon-based nonsenses used to
sell services by 1-day trained
consultants and auditors

Inherent risks
Assess the efficiency of current
controls by auditing
instead
7 Unrealistic scenarios which are
impossible to assess

Scoring and rating
Use tools to assess multiple
scenarios triggered by the volatility
of planning assumptions
instead
8 Arbitrary links between biased
adjectives and risks

Red, Yellow, Green
Use analytic techniques to assess
the full spectrum of risk scenarios
instead
9Colorblind-unsafe prioritization of
already made opinion-based
decisions

KRIs
Measure the performance of
plans, budgets and projects
instead
10Ratios expected to monitor how
risk factors evolve, depending on who you ask

Hernan Huwyler - 10 risk concepts to throw on the bonfire

What's hot

Information Risk Management - Cyber Risk Management - IT Risks

Hernan Huwyler, MBA CPA

I am honored and humbled to have been given the opportunity to discuss practices to address cyber risks at the 2021 STRONGER conference hosted by CyberSaint Security (Sep 28, online). I will discuss the building blocks to quantify and communicate risks to protect IT assets, processes, and services. Thanks to Ethan Bresnahan for the flawless preparation of the event. You are welcome to register here https://lnkd.in/eitKYDsX #cybersecurity #security #datasecurity #infosec #riskmanagement #ciso #stronger2021

Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler

Hernan Huwyler, MBA CPA

"Our risk models cannot be better than the data. We, risk managers, love building models, however, we find validating data boring...as boring as wiping our , but as necessary as wiping our " I enjoyed discussing practicalities for ensuring data quality with 50 risk managers in an event hosted by Josef Oehmen, DTU - Technical University of Denmark RiskLab and Universiteit Twente. Smart questions from the participants on the rollout of data-driven techniques and the ethical considerations in using machine learning for decision-making. #data #datamanagement #quality #riskmanagement

IDA DTU RiskLab How to validate your risk data

Hernan Huwyler, MBA CPA

Learn how to: Centralize risk-based controls SAP GRC to simplify compliance Streamline access certifications Monitor with red flags analytics Manage segregation of duties rulesets Balancing SAP Security: Access, Protection, Authorization Aprender como: Centralice los controles basados en riesgos SAP GRC para simplificar el cumplimiento Optimice las certificaciones de acceso Monitorear con análisis de banderas rojas Gestionar conjuntos de reglas de segregación de funciones Equilibrio de la seguridad de SAP: acceso, protección, autorización

Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA

Hernan Huwyler, MBA CPA

The Global Risk Management Day Join the 2021 Global Risk Management Day to get guidance, knowledge and avoid malpractices: Tools and templates to quantify operational and cyber risks with a business perspective, Practical tips for recovering from a crisis. Roadmaps to identify, write, assess, and manage risks, Examples to use risk tools for forecasting and planning, Recommendations to sell risk management to clients and Models to use, e.g., Monte Carlo simulations with a simple approach. Lisa Young, Cyber Executive | Board Member | Risk Quantification | Thought Leader David Vose, global authority in risk quantification and developer of widely used models and tools Doug Hubbard, author, expert on data-driven risks for forecasting, measurement, and decisions Graeme Keith, expert on mathematical models for strategic decisions and to manage uncertainty Fernando Hernandez, global trainer on quantitative risk, financial applications, decision-models Elvis Hernandez, leader in risk analytics, models to quantify business risks, OSL Risk Management Colin Coulson Thomas, board executive/professor on strategic planning and crisis management Josef Oehmen, professor on advanced risk management techniques, RiskLab DTU Denmark Jesper Lyng Jensen, author, consultant, and trainer on educational risk tools Anders Søborg, a leader in developing risk management practices as services Hernan Huwyler, professor data protection/risk management, IE Business School, Danske Bank

Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute

Hernan Huwyler, MBA CPA

Compliance leaders are always on the lookout for innovative ways to keep up with the dynamic risk and regulatory landscape. The efforts revolve around a common theme — integrating technological breakthroughs to achieve intelligent automation and ensure future-readiness of their compliance program. However, they usually come across several challenges while attempting to streamline their efforts and future-proof their compliance program. Putting together a detailed compliance automation strategy is central to overcoming these impediments. Regulatory compliance automation can help enhance the agility and efficiency of companies, which in turn could help them gain a significant competitive edge in the market. Join this webinar where experts will discuss key considerations for a future-ready compliance program including how to: Facilitate integration of compliance activities Adopt a risk-based approach Implement a federated operating model Engage employees with the latest policies and procedures Empower the frontline

Metric stream elevating your compliance program with technology

Hernan Huwyler, MBA CPA

It was a pleasure to moderate a workshop to assess cyber security risks hosted by Strategy Insights. We discussed options and practices to quantify confidentiality, integrity, and availability risks with delegates of the big players in the pharma, banking, retailing, and service sectors in the Nordics. Thanks to Anna Rose Poyntz, Finlay Wilson, and Edgar Baier for the event coordination. Round tables https://lnkd.in/e_m5eTW5 #cybersecurity #compliance #strategy #banking #ciso #riskmanagement

Strategy Insights - How to Quantify IT Risks

Hernan Huwyler, MBA CPA

Enterprise Information Technology Risk Assessment Form

Goutama Bachtiar

You already know that mitigating risk is a crucial part of maintaining your organization’s health. But what’s your next step in ensuring the risks you’ve identified are actually being managed? In this presentation, we’ll cover the following aspects of an integrated approach to Risk Assessments and Risk Management: delegating responsive action and track action plan progress with automated reminders, easy re-assessment with or without a group workshop, and trending, alerts and analytics over time through web-based dashboards. Presentation by: Jamie Gahunia, Application Manager, Resolver Inc. Mark Jenkins, Account Executive, Resolver Inc.

App Showcase: Enterprise Risk Management

Resolver Inc.

With the global financial crises finally settling, everyone – from government sectors, industries, consumers - has noticeably shifted their focus on how to prevent such a crisis from occurring again. As a result, a deluge of well-intentioned regulations that contribute to improving corporate transparency and risk management have been formulated. However, business needs to be reassessed in view of complexity, overlapping controls, and an increased level of scrutiny estimated to arise with this deluge of new regulations being implemented. Frameworks and methodologies for IT’s best practices that comprise of ISO 27001 and ISO 27002 offer a roadmap and strategy that organizations require, however, they need to be implemented and executed appropriately in accordance with the standard regulations. Furthermore, an Information Risk Management methodology helps in prioritizing security investments. It concentrates on the critical information and key business advantages that highlight security investments based on the risk associated with data and other corresponding activities, in relation to the potential business reward, and also ensure repeatability. At this point, organizations often turn to frameworks like ISO 27002 and the PCI Data Security Standard.

IT Security and Risk Management - Visionet Systems

Visionet Systems, Inc.

Generic_Sample_INFOSECPolicy_and_Procedures

Samuel Loomis

I am humbled to discuss post-pandemic trends in the 2021 International Compliance Congress hosted by the IFCA- International Federation of Compliance Associations. New regulations will shape the agenda of compliance officers to increase business continuity, third-party, tax, money laundering, and anti-fraud controls. Myfanwy Wallwork, Professor Eduard Ivanov, and I will provide practical tips to prepare compliance programs to address new post-COVID19 trends including anti-corruption and impact assessments tools for ISO 37301 and human rights compliance. Thanks to Sylvia Enseñat and ASCOM- Asociación Española de Compliance for the support of the compliance event of the year. Join the event on Oct 8th https://lnkd.in/eT4vy9HS #IFCACONGRESS2021 #ISO37301 #compliance #complianceofficer #ifca_icc #COVID19

IFCA Congress How the post-pandemic will shape the compliance agenda

Hernan Huwyler, MBA CPA

The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation, learn how a software tool can help reduce their compliance exposure by tracking regulatory changes, managing internal and external risks, and identifying process gaps. Presentation by: Amanda Cohen, Application Manager, Resolver Inc.

App Showcase: Compliance

Resolver Inc.

Risk management

Bebura Matanda

Building-world-class-ethics-and-compliance-programs.pdf

L. S.

Regulatory Risk

nikatmalik

Know the best place to spend your department’s next $2,000, $50,000, or $100,000, and back it up with more than incident data. Many security professionals are overwhelmed with the amount of data they deal with, and adding more data seems daunting. Learn how to measure and safeguard investment by showing pre/post risk mitigation, and back it up with better data. Whether you’re a young professional or seasoned security professionals, this presentation will explore practical ways to get in the ESRM game.

Bring Better Data to the Office Opinion Party

Resolver Inc.

The challenges for the internal auditor

Rodoljub Kajganić

Indicators are everywhere. Use them to drive your audit plan. Consider your objectives that are not on track. Consider your risks that have been assessed as high. Consider escalated incidents that are a result of control failures. Consider your IT systems with an elevated risk profile. This application will show you how to use your organization’s indicators to guide audit areas, in addition to how to execute on that plan. In this presentation, you will see how to create simple audit requests, fieldwork programs, test procedures, audit review and issue management. Presentation by: Jamie Gahunia, Application Manager, Resolver Inc.

App Showcase: Internal Audit

Resolver Inc.

Risk Assessment vs. Risk Management in Manufacturing

ContentAssets

What's hot (20)

Information Risk Management - Cyber Risk Management - IT Risks

Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler

IDA DTU RiskLab How to validate your risk data

Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA

Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute

Metric stream elevating your compliance program with technology

Strategy Insights - How to Quantify IT Risks

Enterprise Information Technology Risk Assessment Form

App Showcase: Enterprise Risk Management

IT Security and Risk Management - Visionet Systems

Generic_Sample_INFOSECPolicy_and_Procedures

IFCA Congress How the post-pandemic will shape the compliance agenda

App Showcase: Compliance

Risk management

Building-world-class-ethics-and-compliance-programs.pdf

Regulatory Risk

Bring Better Data to the Office Opinion Party

The challenges for the internal auditor

App Showcase: Internal Audit

Risk Assessment vs. Risk Management in Manufacturing

Similar to Hernan Huwyler - 10 risk concepts to throw on the bonfire

Hernan Huwyler Corporate Compliance Contractual Risks

Hernan Huwyler, MBA CPA

1999 McKinsey Capturing Value from Optionality in R&D

Aleksandar Ruzicic

Principles of managment

Muhammad Waqas

HAZARD ANALYSES

orakeshji

Discussion- 1 1. How does efficient frontier analysis (EFA) differ from other forms of complex risk assessment techniques? The issue of the selection of the risk management methods to support investment decision-making is one of the key issues discussed in the management of portfolios. The factor contributing to the development and dissemination of the risk management methods is the fact that the development of this theory, the risk of portfolios of financial institutions began to measure widely using the Markowitz portfolio selection model. Currently, this problem has been solved, since his designation used linear programming. It cannot be missed with these two facts. The indication of such a relationship, as well as its characteristics are the main purpose of the publication, in which there was not only used the study literature. The efficient frontier can be defined as the image of a set of portfolios that provide the maximum return for each level of risk or minimal risk for any level of return. In addition, this measure brings important details in the development area of portfolios’ management of financial instruments, on the grounds that it considers the possibility of the investor’s bankruptcy and may be regarded as a dynamic measurement of the risk (Bali T.G). 2. What limitations might an analyst encounter with EFA? The financial equivalent of racing cars if They're one of the most touted, yet most misunderstood and misused, tools in the field of financial planning. Understanding the nature of an efficient frontier model and the assumptions on which it relies. As with a sophisticated racing car, a powerful tool in the wrong hands can be a very dangerous thing. For example, it's logical to believe that stocks will outperform bonds in the future. Efficient frontier models rely on historical data and relationships to generate the "perfect" portfolio. In my experience, many investors who use efficient frontier models are unaware of their pitfalls. These models are being marketed as solutions to the problem of portfolio construction, but they come without instructions. 3. How can efficient frontier analysis results be communicated and utilized with nonmathematical decision maker? Communication is not a crank to be turned mindlessly, but a decision problem of its own. As we will see, there are many alternatives to consider. The analyst’s choices constitute the design of a communication plan. In ideal cases, the client is infinitely patient, unshakably invested in the problem, fully committed to finding the highest quality solutions, flexible about the process, and unwavering in confidence in the analyst’s work. In such cases, tight outlines or rambling jumbles may lead to the same outcome. Good quantitative analysis alone does not usually produce good decisions, because rarely does the analyst control all the resources required to decide and act. Decision makers and other players who influence the decision must assimilate the results of th ...

Discussion- 11. How does efficient frontier analysis (EFA) dif.docx

madlynplamondon

An Introduction To Risk Management Professional Societies

mkaufer

Enabling Risk Management: From Safety Signal to Risk/Benefit Management

Until ROI

To meet customers’ needs and deliver profitable growth, insurers must embrace the potential of digital underwriting. Ninety percent are investing in the function, but are they making the right investments? This report proposes a practical plan to set underwriters on the path to digital transformation. It includes the attributes they need, how they can make better use of analytics, and new technologies worth considering.

Insurance strategy: Evolving into a digital underwriter

Accenture Insurance

Planning Tools

BrandonGeschwentner

Ehr implementation methodology

Linda Gebaroff

Ehr implementation methodology

Linda Gebaroff

Developing Integrated Multichannel Patient Relationship Management Programmes

Len Starnes

"The Risks and Rewards when Implementing Electronic Medical Records Syst...

mcarruthers

QA_Chapter_01_Dr_B_Dayal_Overview.pptx

Teshome62

Keeping in Step With Strategic Business Objectives in Insurance through Analy...

Vijai John

Chapter 3-4.pdf

ChiragJoshi59934

Discusses the creation of an in-house tool for consistently assessing vendors’ financial health. Covers such topics as: • Advantages of an in-house system versus a third-party service • What are the recommended inputs for an in-house tool? • Methods for consistently translating the data into actionable recommendations • How do you visually communicate financial data for laypeople to understand? • Tying financial health assessments to decision-making and clinical development activities

Traffic Lights & Threat Levels

Matt Eckman

Risk_Courseware.ppt

AyidAlmgati

Risk Courseware Complete courses for Financier

AmritTiwari12

Assessment Of Risk Mitigation

Eneni Oduwole

Similar to Hernan Huwyler - 10 risk concepts to throw on the bonfire (20)

Hernan Huwyler Corporate Compliance Contractual Risks

1999 McKinsey Capturing Value from Optionality in R&D

Principles of managment

HAZARD ANALYSES

Discussion- 11. How does efficient frontier analysis (EFA) dif.docx

An Introduction To Risk Management Professional Societies

Enabling Risk Management: From Safety Signal to Risk/Benefit Management

Insurance strategy: Evolving into a digital underwriter

Planning Tools

Ehr implementation methodology

Developing Integrated Multichannel Patient Relationship Management Programmes

"The Risks and Rewards when Implementing Electronic Medical Records Syst...

QA_Chapter_01_Dr_B_Dayal_Overview.pptx

Keeping in Step With Strategic Business Objectives in Insurance through Analy...

Chapter 3-4.pdf

Traffic Lights & Threat Levels

Risk_Courseware.ppt

Risk Courseware Complete courses for Financier

Assessment Of Risk Mitigation

More from Hernan Huwyler, MBA CPA

Overview of the potential risks and challenges associated with the development and deployment of AI systems, as well as the recommended controls and best practices to mitigate them. The presentation covers the following topics: Design risks: These are the risks related to the design and specification of the AI system, such as lack of clarity, alignment, or validation of the objectives, assumptions, or constraints of the system. Some of the factors that contribute to these risks are: Inadequate or ambiguous problem definition Unrealistic or conflicting expectations or requirements Insufficient or inappropriate testing or evaluation methods Lack of transparency or explainability of the system’s logic or behavior Some of the recommended controls for these risks are: Define the problem and the scope of the system clearly and explicitly Involve relevant stakeholders and experts in the design process Use appropriate methods and metrics to test and evaluate the system’s performance and robustness Document and communicate the system’s objectives, assumptions, limitations, and uncertainties Provide mechanisms to explain or justify the system’s outputs or decisions Data risks: These are the risks related to the data used to train, test, or operate the AI system, such as data quality, availability, security, or privacy issues. Some of the factors that contribute to these risks are: Incomplete, inaccurate, or outdated data Biased, unrepresentative, or irrelevant data Unauthorized access, modification, or disclosure of data Violation of data protection laws or ethical principles Some of the recommended controls for these risks are: Collect, store, and manage data in a secure and compliant manner Ensure data quality, validity, and reliability through data cleaning, verification, and auditing Ensure data diversity, representativeness, and relevance through data sampling, augmentation, and analysis Protect data privacy and confidentiality through data anonymization, encryption, or aggregation Respect data rights and consent of data subjects and providers Operation risks: These are the risks related to the operation and maintenance of the AI system, such as system failure, malfunction, or misuse. Some of the factors that contribute to these risks are: Hardware or software errors or defects Environmental or contextual changes or uncertainties Adversarial or malicious attacks or manipulations Unintended or harmful consequences or impacts Some of the recommended controls for these risks are: Monitor and update the system regularly and proactively Adapt and calibrate the system to changing or uncertain conditions or scenarios Detect and prevent potential threats or vulnerabilities

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf

Hernan Huwyler, MBA CPA

Prof. Hernan Huwyler's slideshare discusses in detail five key actions that organizations can take to reduce compliance costs. These actions are designed to help organizations increase their compliance efficiency, reduce compliance risks, and lower compliance costs. The first action proposed by Prof. Hernan Huwyler is to designate local managers as compliance representatives in business units. This helps to amplify control while reducing the compliance function's structure. By designating local managers as compliance representatives, organizations can have a more effective compliance structure with fewer resources. Local managers can act as compliance ambassadors and help ensure that the organization's compliance policies and procedures are followed in their business units. The second action proposed is to quantify compliance risks and price potential claims, compensations, fraud, and revenue losses due to noncompliance. By quantifying compliance risks, organizations can better understand the potential costs of non-compliance and allocate resources accordingly. This can also help organizations prioritize their compliance efforts and ensure that they are focusing on the most significant compliance risks. The third action is to assign the testing of compliance controls to process owners and outsourcing service providers. This helps to distribute the responsibility for compliance testing and can reduce the workload of the compliance function. By assigning compliance testing to process owners, organizations can ensure that compliance controls are tested regularly, and issues are identified and addressed promptly. The fourth action proposed is to embed efficient controls in clearly articulated procedures. By embedding controls in procedures, organizations can ensure that compliance requirements are met consistently and effectively. Efficient controls can help organizations streamline compliance processes and reduce compliance costs. Finally, the fifth action is to add requirements for compliance skills when recruiting legal and financial managers in business units. This helps to ensure that compliance is a consideration when recruiting new managers. By ensuring that managers have the necessary compliance skills, organizations can better integrate compliance into their business operations and reduce the risk of non-compliance. In addition to these five actions, the slideshare also suggests other recommendations, such as delegating compliance consultations, audits, and due diligence, benchmarking the scope of risk assessments, and implementing policies to simplify wording and articulation of procedures. Additionally, the slideshare recommends coordinating actions with business units to assess, implement, measure, and reward cost reduction initiatives. By following these recommendations, organizations can reduce their compliance costs while maintaining effective compliance programs.

Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...

Hernan Huwyler, MBA CPA

This Slideshare presentation by Professor Hernan Huwyler discusses a model to quantify compliance, legal, and contractual risks. It highlights the importance of understanding the impact of uncertainty on objectives and identifies mandatory and voluntary compliance objectives. The presentation discusses different techniques to quantify risks, such as heatmaps, risk matrices, common malpractice, scores, and escalation matrices, and the problems with these techniques, such as biases, incomplete data, and aggregation issues. The presentation proposes a compliance risk modeling approach, which involves understanding the distribution of events, consequences, impact, causes, and frequency of risks. It suggests using different probability distributions, such as log-normal, Pareto, normal, Poisson, Bernoulli, and triangular, to model risks. The presentation also discusses the chain of events that can lead to different types of losses, including penalties, compensations, fines, sanctions, legal and remediation costs, loss of customers, marketing depreciation, loss of licenses, and stock price. It explains different techniques to model losses, such as graphs, decision trees, Monte Carlo simulations, and calibrated estimates. Finally, the presentation highlights the importance of using different sources of risk data, including internal and external data, paid compensations, fines, and credits, fraud losses, legal fees, and complaints, and industry studies, enforcement trackers, and case analysis. It also provides examples of business cases related to compliance objectives and contractual clauses that set penalties for non-compliance. The presentation concludes with a demo of the proposed model to quantify compliance, legal, and contractual risks.

Model to Quantify Compliance Risks.pdf

Hernan Huwyler, MBA CPA

The summary is about an upcoming Safety Roundtable event on the topic of "Ditch your heat maps" presented by Professor Hernan Huwyler, MBA CPA. The event aims to help attendees transform their approach to safety risk management by moving away from subjective measures such as colours, adjectives, and heat maps, and instead focusing on a data-driven model to quantify and manage operational risks. The event emphasizes the importance of using data and financial information to inform decision making in order to minimize biases and justify investments. Attendees will gain insights on a quantitative model that will help them measure, visualize, and manage operational risks, as well as tips to reduce risk, enhance insurance and protection, and control investment. The event is relevant to anyone interested in risk management, insurance, and safety, and aligns with ISO 31000, the international standard for risk management. The event includes a Q&A session at the end, providing attendees with the opportunity to ask questions and share their perspectives. Overall, the Safety Roundtable event promises to be a valuable opportunity to learn from Professor Hernan Huwyler's insights, network with other professionals interested in risk management, and gain practical knowledge on how to improve safety risk management practices using a data-driven approach.

Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps

Hernan Huwyler, MBA CPA

Obtaining resources, planning actions, and budgeting are essential for any organization's successful compliance management. Compliance management is the practice of ensuring that a company adheres to regulatory requirements and internal policies. This summary will explore key considerations for planning compliance initiatives, evaluating regulatory requirements, stakeholder needs, and developing a timeline of activities. It will also cover how to detect corruption and fraud schemes, control representation expenses, and prevent over-invoicing. Finally, we will discuss fraud impact and controls and how to demonstrate the return on investment in compliance. To begin with, it is crucial to obtain resources to initiate compliance management. The compliance team should have adequate resources to ensure that the organization is compliant with regulatory requirements. The resources should include trained personnel, financial resources, software, and hardware, among others. After obtaining resources, the next step is planning actions and budgeting. Planning should involve various stakeholders and departmental heads to ensure that all areas of the organization are covered. Planning actions and budgeting should include developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies. While planning compliance initiatives, it is essential to evaluate the regulatory horizon, stakeholder needs, open items, and new strategies. The regulatory horizon involves understanding the regulatory landscape, identifying new regulations, and monitoring the existing ones. Stakeholder needs involve understanding the needs of all stakeholders, including shareholders, customers, and employees. Open items are compliance issues that are unresolved, and new strategies are measures that an organization intends to take to comply with regulations. Developing a timeline of activities to address certifications and audit needs is critical. A timeline helps to ensure that an organization is compliant with regulations within the stipulated timeline. The timeline should involve developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies. It should also include training employees on compliance, conducting regular internal audits, and reviewing the compliance plan to ensure that it is up to date. Demonstrating the return on investment in compliance is essential. A return on investment (ROI) helps to justify the resources that an organization invests in compliance. Demonstrating ROI involves identifying the costs of compliance management, such as personnel, software, and hardware costs. It also involves identifying the benefits of compliance management, such as reducing the risk of regulatory fines and reputation damage.

Profesor Hernan Huwyler MBA CPA - Operacional Compliance

Hernan Huwyler, MBA CPA

Compliance risk is the risk of failing to comply with laws, regulations, standards, and guidelines that organizations are subject to. Noncompliance risks can lead to legal, financial, and reputational consequences. Compliance officers play a critical role in identifying, assessing, and managing compliance risks. Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage. ISO 37301 is a standard that provides guidance on compliance management systems. The standard defines compliance risk as the risk of noncompliance with laws, regulations, and other requirements that an organization is obligated to comply with. Compliance risks can arise from internal and external factors, such as changes in laws and regulations, new business operations, third-party relationships, and cultural differences. ISO 37301 emphasizes the importance of managing compliance risks through a systematic and proactive approach that includes risk assessment, risk treatment, monitoring, and review. Compliance officers serve as trusted advisors to senior management and provide guidance and support in compliance planning and decision-making. Compliance officers need to have a deep understanding of the organization's operations, risks, and culture to identify and manage compliance risks effectively. Compliance officers should also have strong communication and interpersonal skills to build relationships with stakeholders, including senior management, employees, regulators, and other external parties. The level of compliance risk varies depending on the nature, complexity, and scale of an organization's operations. Compliance risks can be classified into three levels: low, medium, and high. Low-risk compliance activities are routine and have little impact on the organization's operations or reputation. Medium-risk compliance activities are more complex and involve higher stakes, such as regulatory compliance, data privacy, and anti-corruption. High-risk compliance activities involve significant legal, financial, and reputational consequences, such as anti-money laundering, anti-bribery, and sanctions compliance. Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage. For example, a company that implements strong data privacy practices can enhance customer trust and loyalty. A company that complies with anti-corruption laws can reduce legal and reputational risks and attract socially responsible investors. Compliance officers should work with senior management to identify and leverage compliance risks as opportunities to create value for the organization. Compliance risk, noncompliance, ISO 37301, compliance officer, trusted advisor, risk level, opportunities, regulatory risks, obligations, ethical risks, inherent risks, residual risks, risk-taking, tolerance, control level, sustainability

Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023

Hernan Huwyler, MBA CPA

The Behavioral Science of Compliance CUMPLEN.pdf

Hernan Huwyler, MBA CPA

R is for Risk 2 Risk Management using R

Hernan Huwyler, MBA CPA

Support Ukraine from compliance 🇺🇦 Join our free special webinar to get practical tips on how to - adjust due diligence to address new global sanctions, export controls, and trade restrictions - identify third parties, beneficial owners, shell companies, and assets related to Russia and Belarus - activate exit plans and force major clauses - address changes in the expectations of stakeholders to cancel operations, payments, financing, investing, and partnerships - apply measures to support affected employees and the Ukrainian people - prepare for possible Russian cyber and commercial attacks 👉 Enroll the webinar for free https://lnkd.in/gJR27Dci #compliance #export #russianthreat #ukraine #complianceofficer #riskmanagement #sanctions #UkrainiansWillResist #business #investment #corporateresponsibility #businessethics #HR #people #investing #payments #payments #cyber #webinar

Compliance and the russian invasion - Prof Hernan Huwyler

Hernan Huwyler, MBA CPA

DPO Day Conference - Minimizing Privacy Risks

Hernan Huwyler, MBA CPA

Course on sustainability risk management  for the Master in Sustainability and Corporate Social Responsibility Leadership at the Universidad Complutense de Madrid. I will provide the students with tips, tools, and models to assess and manage operational, compliance, integrity, governance, solvency, profitability environmental, climate change, and supply chain risks as part of a sustainability and social responsibility program.

Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler

Hernan Huwyler, MBA CPA

Respond to new ALM obligations Identify the key compliance changes for scope, subjects and operations Facilitate the design and execution of compliance checks on payment methods and the use of virtual currencies Evaluate gaps in processes to update controls and procedures Consider the impact on corporate criminal liability using the new ISOs 37301 and 37002 Register virtual asset service providers Assess new compliance and operational risks Identify scenarios of risks and vulnerabilities on new crime typologies Prevent risks of anonymous transfers and the use of prepaid cards Manage risks on high value operations and art trade Integrate risks to know your customer and money laundering Detect and report suspected operations Compare control practices regarding new requirements Update the decision matrices on alerts Adjust customer due diligence process Implement the use of the lists of politically exposed persons Report discrepancies with the public register of effective owners Implementation of new technologies Evaluate the prerequisites regarding quality of data and capabilities for compliance solutions Evaluate solutions to automate and digitize processes related to robotics Use machine learning applications for reporting suspicious transactions Recommend practices for implementing analytics solutions on text and data

Cyber Laundering and the AML Directives

Hernan Huwyler, MBA CPA

I am invited to speak at the Iberoamerican Compliance Conference hosted by the Universidad Complutense de Madrid (Argentina + web, Jun 29/Jun 1, Spanish). I will deliver a master class on quantitative vs. qualitative assessments of compliance risks. It will be exciting to meet great compliance colleagues and friends as Zulma Escalante, Eduardo Navarro Villaverde, Javier Puyol Montero, Silvina Bacigalupo, Daiana C., Carlos J. Díaz Navarrete, Félix Pablo Crous, Lic. Graciela Garay, Macarena Retamosa, Miguel Soler Ruiz-Boada, Nieves Cifuentes Valero, Sebastian Daniel Barletta, virginia olivieri and other fellows.  https://lnkd.in/e_qfztj Register https://lnkd.in/e-iAMgM #compliance #riskmanagement #ECI2021 #ECIArgentina2021 #UCM

Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...

Hernan Huwyler, MBA CPA

I am excited to discuss how organizations need to be prepared before implementing machine learning with Jason Maude at the Machine Learning in Financial Services event hosted by Arena International Events Group (June 30, online). We will provide recommendations to develop the conditions to successfully implement artificial intelligence projects. Thanks to Rebecca Mayoh for the event coordination. Join here https://lnkd.in/ec6qP4A #machinelearning #compliance

ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?

Hernan Huwyler, MBA CPA

10 Mistakes in Implementing the ISO 37301

Hernan Huwyler, MBA CPA

I enjoyed presenting on effective controls for software development with Matthew Crabbe and QA Financial. I am pushing the concept of "cyber compliance" to define internal and external requirements for IT assets such as software, data, hardware, services, contracts, and licenses. Cyber compliance is rapidly expanding from licenses, privacy and contracts with IT vendors to outsourcing, software development and business continuity of essential services providers, cloud in particular. #riskmanagement #compliance #itcontrol #CISO #cybersecurity

Qa Financials - 10 Smart Controls for Software Development

Hernan Huwyler, MBA CPA

Learn how to design, implement. operate and certify a compliance program under the new ISO 37301. Join the IE Law School professors, Alvaro Arjona l Ph.D, Jesica Hita Ruiz, Fabio G. Pérez-Bryan and me, to get a toolbox with facilitators, guidance, reference policies, checklist and other practical references. 8 modules - 12 hours - Sept 27th and 28th - Online - Requirements, terms scope, elements and certification and consultancy market - Practical impact. main changes, benchmark, and introduced components - Adequacy for criminal law compliance in Spain (UNE 19601) and in LatAm - Processes from risk analysis to reporting and evaluation - Implementation of requirements - Recommendations and facilitators for implementation. - Roadmap with evidence to certify - Documentation review program for implementation assurance - Methodology for testing compliance controls and documentation reviews Thanks to Sibel Abdulovska, Paula Abascal Gutierrez-Colomer and Maria Serrano for the flawless coordination of the course. Lean more: https://lnkd.in/gezyzmgn #ISO37301 #CCO #compliance #audit #certification #ISO37002

IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento

Hernan Huwyler, MBA CPA

More than 121 governance specialists joined Copenhagen Compliance, GRC and GDPR Solutions to discuss how boards are addressing innovation and transformation challenges. I provided tips for board members to effectively deal with digital transformation. Thanks to Kersi Porbunderwala and Olga Maitland for the coordination of the event. Join the next event on corporate culture https://lnkd.in/eMg4anP3 #digitaltransformation #innovation #transformation #leadership #CorpGov #corporategovernance

Hernan Huwyler - Boards in a Digitalized World

Hernan Huwyler, MBA CPA

I will be providing practical tips to comply with the new German audit standard on risk management with MetricStream. Mike Hyler, Samir Thakkar, and I will address the new IDW PS 340 n.F requirements for an early risk detection system. Join us here on Sep 29th https://lnkd.in/eEJEQhUW I will be providing practical tips to comply with the new German audit standard on risk management with MetricStream. Mike Hyler, Samir Thakkar, and I will address the new IDW PS 340 n.F requirements for an early risk detection system. #RiskManagement #IDWPS340 #PS340 #auditing #risk #audit #germany #compliance

Hernan Huwyler MetricStream German Law idw ps 340

Hernan Huwyler, MBA CPA

While everyone is quick to jump onto the Machine Learning trend, is it really safe to implement within the financial services sector with so many issues surrounding the regulatory and ethical side of utilizing machines to make human decisions? Overcoming the issues faced when explaining outcomes that may be discriminatory which can damage a company’s reputation Is Machine Learning really needed to automate financial processes or does the negativity around ethical considerations enough to reconsider? Can regulatory bodies ever be confident enough in the decisions made by the machines to allow ML to really progress in financial services? Looking towards ensuring transparency in the models decision making process to determine if it is suitable for deployment in financial decisions

AReNA - Debate Is Machine Learning Mature Enough

Hernan Huwyler, MBA CPA

More from Hernan Huwyler, MBA CPA (20)

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf

Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...

Model to Quantify Compliance Risks.pdf

Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps

Profesor Hernan Huwyler MBA CPA - Operacional Compliance

Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023

The Behavioral Science of Compliance CUMPLEN.pdf

R is for Risk 2 Risk Management using R

Compliance and the russian invasion - Prof Hernan Huwyler

DPO Day Conference - Minimizing Privacy Risks

Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler

Cyber Laundering and the AML Directives

Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...

ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?

10 Mistakes in Implementing the ISO 37301

Qa Financials - 10 Smart Controls for Software Development

IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento

Hernan Huwyler - Boards in a Digitalized World

Hernan Huwyler MetricStream German Law idw ps 340

AReNA - Debate Is Machine Learning Mature Enough

Recently uploaded

Looking to unlock the full potential of your data? Check out EnFuse Solutions' comprehensive data management services! Their tailored solutions are designed to streamline operations, provide valuable insights, and drive growth for your business. Trust EnFuse to turn raw information into a strategic asset that propels your organization toward success: https://www.enfuse-solutions.com/services/data-management/

Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...

Rahul Bedi

The Truth About Dinesh Bafna's Situation.pdf

Mont Surfaces

Event Report - IBM Think 2024 - It is all about AI and hybrid

Holger Mueller

The Leading Cyber Security Entrepreneur of India in 2024.pdf

insightssuccess2

name：Test bank for Byrd & Chen's Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I by Gary Donell Edition：2023-2024 Edition 1st edition Volumes I author：By Gary Donell ISBN： type：Test bank format：word/zip All chapter include Consistent with the title of this textbook, our objective is to instill a solid understanding of the basics of income tax and GST/HST through an appreciation of the tax principles, concepts, and unique vocabulary that make up the framework upon which the Canadian tax system has been built. This level of understanding is not solely directed at a theoretical or academic level; considerable emphasis is placed on practical everyday situations in preparation for careers where an understanding of tax in some form will be helpful at a minimum and essential at best.

Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...

ssuserf63bd7

Ready to unlock the full potential of your LinkedIn profile? Join us for an immersive workshop where you'll gain invaluable insights and practical tips to optimize your profile, expand your network, and elevate your personal brand. Official event during Techweek NZ: May 23rd @ 6pm - 7:30pm St Peters Church Garden Room 211 Willis Street, Te Aro, Wellington New Zealand Google Meet Link: View details and RSVP https://calendar.app.google/h34Jub18s6Ri31NS7

LinkedIn Masterclass Techweek 2024 v4.1.pptx

Symbio Agency Ltd

The Complete Guide to IPTV App Development Process: Step-by-Step Guidance? The growing demand for customized content viewing experiences has caused development companies such as WHMCS SMARTERS to create custom IPTV apps which has also influenced how people stream and view content such as movies, series, and Live TV. Keep reading this guide to learn the process of IPTV app development. For more information visit our website. https://www.whmcssmarters.com

The Ultimate Guide to IPTV App Development Process_ Step-By-Step Instructions

WHMCS Smarters

Greetings, Hawk Energy is pleased to present you with its latest energy news NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi https://www.linkedin.com/posts/khaled-al-awadi-38b995b_newbase-energy-activity-7199590540223397888-1Qgd?utm_source=share&utm_medium=member_desktop Regards. Founder & S. Editor NewBase EnergyError! Filename not specified. Khaled M Al Awadi, Energy Consultant MS & BS Mechanical Engineering (HON), USA Greetings, Hawk Energy is pleased to present you with its latest energy news NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi https://www.linkedin.com/posts/khaled-al-awadi-38b995b_newbase-energy-activity-7199590540223397888-1Qgd?utm_source=share&utm_medium=member_desktop Regards. Founder & S. Editor NewBase EnergyError! Filename not specified. Khaled M Al Awadi, Energy Consultant MS & BS Mechanical Engineering (HON), USA Greetings, Hawk Energy is pleased to present you with its latest energy news NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi https://www.linkedin.com/posts/khaled-al-awadi-38b995b_newbase-energy-activity-7199590540223397888-1Qgd?utm_source=share&utm_medium=member_desktop Regards. Founder & S. Editor NewBase EnergyError! Filename not specified. Khaled M Al Awadi, Energy Consultant MS & BS Mechanical Engineering (HON), USA Greetings, Hawk Energy is pleased to present you with its latest energy news NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi https://www.linkedin.com/posts/khaled-al-awadi-38b995b_newbase-energy-activity-7199590540223397888-1Qgd?utm_source=share&utm_medium=member_desktop Regards. Founder & S. Editor NewBase EnergyError! Filename not specified. Khaled M Al Awadi, Energy Consultant MS & BS Mechanical Engineering (HON), USA

NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...

Khaled Al Awadi

How to Maintain Healthy Life style.pptx

rdishurana

Did you know that the average ecommerce conversion rate is a mere 2.86%? That means for every 100 visitors to an online store, only about 3 make a purchase. With so much competition and an ever-increasing number of online shoppers, optimizing your website for higher conversions is crucial for the success of your ecommerce business. In this comprehensive guide, we'll dive into 12 powerful conversion rate optimization (CRO) strategies that can help you turn more website visitors into paying customers. From improving website speed and optimizing for mobile devices to leveraging social proof and utilizing analytics, we'll cover actionable tips and best practices to help you maximize your ecommerce website's potential.

12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf

SOFTTECHHUB

transform-your-business-with-cutting-edge-inventory-management-and-3pl-integr...

Connect3PL

Salesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical Trials

FEXLE

Hyundai capital 2024 1quarter Earnings release

irhcs

2024 has seen a number of employment law changes take effect, with some more planned for the near future. Keeping up to date with these changes is vital to avoid costly mistakes and to ensure that your workplace reaps the benefits which come from compliance with current law and best practice. Our free one-hour webinar, delivered by our employment solicitors, Claire Berry and Joanna Smye, discusses the most important employment law changes in 2024, reviews key cases from the last six months and provides you with practical advice on the important learning points to take away.

HR and Employment law update: May 2024.

FelixPerez547899

Textile Olympiad 𝟯.𝟬 Supported by The Business Standard and Textile Today: 𝗔𝗻 𝗜𝗻𝘁𝗲𝗿 𝗨𝗻𝗶𝘃𝗲𝗿𝘀𝗶𝘁𝘆 Business 𝗖𝗮𝘀𝗲 𝗖𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝗼𝗻 where university undergraduates get to showcase their brilliance. Dive deep into real-world textile industry challenges, analyze intricate scenarios, and craft innovative solutions.

Team-Spandex-Northern University-CS1035.

smalmahmud11

Using Generative AI for Content Marketing

Chuck Aikens

www.seribangash.com An Article of Association is a legal document that contains the rules, regulations, and guidelines for the internal management and operation of a company. It is one of the two key documents along with the Memorandum of Association that forms the company's constitution, outlining its structure and objectives. While the Memorandum of Association defines the company's external objectives and powers, the Article of Association deals with its internal affairs. https://seribangash.com/public-private-company-difference/ Here's a detailed note on the Article of Association: Contents: The Article of Association typically includes provisions regarding the rights and duties of shareholders, the appointment and removal of directors, the conduct of board and general meetings, the distribution of dividends, the issuance and transfer of shares, borrowing powers of the company, and any other matters relating to the administration and management of the company. Flexibility: Unlike the Memorandum of Association, which is relatively fixed and requires formal procedures to amend, the Article of Association can be amended more easily by passing a special resolution in a general meeting of shareholders. This flexibility allows companies to adapt their internal rules according to changing circumstances and requirements. https://seribangash.com/public-private-company-difference/ Standard Provisions: While companies have the flexibility to customize their Articles to suit their specific needs, certain standard provisions are commonly included, such as: Shareholders' rights and obligations: Including voting rights, procedures for convening meetings, and methods for appointing proxies. Directors' powers and responsibilities: Specifying the powers of the board of directors, procedures for appointment, retirement, and removal of directors, and rules for board meetings. Dividend policies: Outlining the procedures for declaring and distributing dividends to shareholders. Transfer of shares: Stipulating the process for transferring shares, including any restrictions or pre-emption rights. Borrowing powers: Defining the limits and conditions under which the company can borrow money. https://seribangash.com/public-private-company-difference/ Winding up procedures: Describing the procedures for voluntary or involuntary winding up of the company. Legal Requirement: In most jurisdictions, companies are required to have Articles of Association as part of their incorporation documents. These Articles must comply with the laws and regulations of the jurisdiction in which the company is registered. Public Accessibility: While the Memorandum of Association is a public document that anyone can access, the Article of Association is often kept as an internal document and may not be available for public inspection. Binding Nature: The provisions contained in the Article of Association are binding on the company, its shareholders, directors, and other officers.

Constitution of Company Article of Association

seri bangash

Unlock Your TikTok Potential: Free TikTok Likes with InstBlast

InstBlast Marketing

Vendors of country report usefull datass

DilipParmar63

Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...

Björn Rohles

Recently uploaded (20)

Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...

The Truth About Dinesh Bafna's Situation.pdf

Event Report - IBM Think 2024 - It is all about AI and hybrid

The Leading Cyber Security Entrepreneur of India in 2024.pdf

Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...

LinkedIn Masterclass Techweek 2024 v4.1.pptx

The Ultimate Guide to IPTV App Development Process_ Step-By-Step Instructions

NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...

How to Maintain Healthy Life style.pptx

12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf

transform-your-business-with-cutting-edge-inventory-management-and-3pl-integr...

Salesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical Trials

Hyundai capital 2024 1quarter Earnings release

HR and Employment law update: May 2024.

Team-Spandex-Northern University-CS1035.

Using Generative AI for Content Marketing

Constitution of Company Article of Association

Unlock Your TikTok Potential: Free TikTok Likes with InstBlast

Vendors of country report usefull datass

Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...

Hernan Huwyler - 10 risk concepts to throw on the bonfire

1. 10 risk concepts to throw on a bonfire and how they can be replaced Prof. Hernan Huwyler, MBA CPA

2. Heat maps Use scientific probabilistic analysis such as Monte Carlo Simulations and decision trees instead 1Proven mathematical flaws make them useless and misleading

3. Risk reports Improve the planning tools developed by the business and add follow-ups on performance instead 2 Unnecessary reporting layers disconnected from decision-making

4. Risk tolerance Implement standard controls embedded in policies and contracts for future activities instead 3 Wishful thinking about risk expressed in generic statements

5. Self-assessments Focus the assessment and the support on decision-makers with specific tools for each plan instead 4 Generic questions to ask a generic audience about their general risk perceptions

6. Risk registers Add reserves, insurance and control costs into the planning processes instead 5 Siloed document not leading to the management of risks

7. EMR Use simple probabilistic tools developed from the 40s instead 6Jargon-based nonsenses used to sell services by 1-day trained consultants and auditors

8. Inherent risks Assess the efficiency of current controls by auditing instead 7 Unrealistic scenarios which are impossible to assess

9. Scoring and rating Use tools to assess multiple scenarios triggered by the volatility of planning assumptions instead 8 Arbitrary links between biased adjectives and risks

10. Red, Yellow, Green Use analytic techniques to assess the full spectrum of risk scenarios instead 9Colorblind-unsafe prioritization of already made opinion-based decisions

11. KRIs Measure the performance of plans, budgets and projects instead 10Ratios expected to monitor how risk factors evolve, depending on who you ask

Hernan Huwyler - 10 risk concepts to throw on the bonfire

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Hernan Huwyler - 10 risk concepts to throw on the bonfire

Similar to Hernan Huwyler - 10 risk concepts to throw on the bonfire (20)

More from Hernan Huwyler, MBA CPA

More from Hernan Huwyler, MBA CPA (20)

Recently uploaded

Recently uploaded (20)

Hernan Huwyler - 10 risk concepts to throw on the bonfire