Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
Embedding RCSA into Strategic Planning and Business Strategy
This presentation was prepared for the New Generation Operational Risk: Risk Culture and Business Conduct Behaviour conference in Helsinki, Finland.
In this presentation, Ascendore CEO, Andrew Smart outlines how to integrate Risk & Control Self Assessment into the Strategic Planning and Business Strategy.
Based on the Risk-Based Performance Management approach, during this presentation an integrated approach to strategy and risk management is outlined, with risk appetite playing a central role.
An overview of how to develop SMART security metrics that are meaningful for targeted audience: operational, tactical and strategic. I discuss key performance and risk indicators and graphical presentation for your audience.
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
Organizations seeking a risk management solution may have trouble identifying a collaborative integrated platform that fits their needs. A good Risk Management Solution will scope potential risks and assess its impact on the enterprise goals and objectives. Here are the critical capabilities of a good risk management solution.
To learn more, visit: https://bit.ly/3vQ4DjC
Time Inc., the publisher of iconic magazines and related web platforms such as Time, Fortune, People, Sports Illustrated, and many others, spun out of Time Warner Inc. in 2014 to become a stand-alone publicly traded company. As part of that spin, Time Inc. established its own Internal Audit and Enterprise Risk Management (ERM) functions. This presentation covers first-hand information on the efforts, challenges, successes and pitfalls of Time Inc.’s ERM journey. You will take away valuable information including tools and templates that you can put to use in your own organization.
Presentation by: Russ Charlton, SVP – Internal Audit and Enterprise Risk Management, Time Inc.
App Showcase: Enterprise Risk ManagementResolver Inc.
You already know that mitigating risk is a crucial part of maintaining your organization’s health. But what’s your next step in ensuring the risks you’ve identified are actually being managed? In this presentation, we’ll cover the following aspects of an integrated approach to Risk Assessments and Risk Management: delegating responsive action and track action plan progress with automated reminders, easy re-assessment with or without a group workshop, and trending, alerts and analytics over time through web-based dashboards.
Presentation by:
Jamie Gahunia, Application Manager, Resolver Inc.
Mark Jenkins, Account Executive, Resolver Inc.
The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation, learn how a software tool can help reduce their compliance exposure by tracking regulatory changes, managing internal and external risks, and identifying process gaps.
Presentation by: Amanda Cohen, Application Manager, Resolver Inc.
An efficient, ITIL compliant, round-the-clock service desk and infrastructure management for a global insurance firm.
When a global insurance and reinsurance provider needed an experienced IT infrastructure management partner, it turned to CSS Corp. Our experience in simplifying IT Operations for complex IT environments with a wide range of technologies made CSS Corp the ideal choice for this engagement.
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
Embedding RCSA into Strategic Planning and Business Strategy
This presentation was prepared for the New Generation Operational Risk: Risk Culture and Business Conduct Behaviour conference in Helsinki, Finland.
In this presentation, Ascendore CEO, Andrew Smart outlines how to integrate Risk & Control Self Assessment into the Strategic Planning and Business Strategy.
Based on the Risk-Based Performance Management approach, during this presentation an integrated approach to strategy and risk management is outlined, with risk appetite playing a central role.
An overview of how to develop SMART security metrics that are meaningful for targeted audience: operational, tactical and strategic. I discuss key performance and risk indicators and graphical presentation for your audience.
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
Organizations seeking a risk management solution may have trouble identifying a collaborative integrated platform that fits their needs. A good Risk Management Solution will scope potential risks and assess its impact on the enterprise goals and objectives. Here are the critical capabilities of a good risk management solution.
To learn more, visit: https://bit.ly/3vQ4DjC
Time Inc., the publisher of iconic magazines and related web platforms such as Time, Fortune, People, Sports Illustrated, and many others, spun out of Time Warner Inc. in 2014 to become a stand-alone publicly traded company. As part of that spin, Time Inc. established its own Internal Audit and Enterprise Risk Management (ERM) functions. This presentation covers first-hand information on the efforts, challenges, successes and pitfalls of Time Inc.’s ERM journey. You will take away valuable information including tools and templates that you can put to use in your own organization.
Presentation by: Russ Charlton, SVP – Internal Audit and Enterprise Risk Management, Time Inc.
App Showcase: Enterprise Risk ManagementResolver Inc.
You already know that mitigating risk is a crucial part of maintaining your organization’s health. But what’s your next step in ensuring the risks you’ve identified are actually being managed? In this presentation, we’ll cover the following aspects of an integrated approach to Risk Assessments and Risk Management: delegating responsive action and track action plan progress with automated reminders, easy re-assessment with or without a group workshop, and trending, alerts and analytics over time through web-based dashboards.
Presentation by:
Jamie Gahunia, Application Manager, Resolver Inc.
Mark Jenkins, Account Executive, Resolver Inc.
The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation, learn how a software tool can help reduce their compliance exposure by tracking regulatory changes, managing internal and external risks, and identifying process gaps.
Presentation by: Amanda Cohen, Application Manager, Resolver Inc.
An efficient, ITIL compliant, round-the-clock service desk and infrastructure management for a global insurance firm.
When a global insurance and reinsurance provider needed an experienced IT infrastructure management partner, it turned to CSS Corp. Our experience in simplifying IT Operations for complex IT environments with a wide range of technologies made CSS Corp the ideal choice for this engagement.
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
On December 6th, 2018, Resolver and The Risk Management Society (RIMS) hosted a webinar titled, Proving the Value of Your ERM Program. 215 risk professionals attended and participated in a benchmarking survey. These are the results.
Often, the best way to help your child grow up is to kick him/her out of the house. However, there’s always that anxiety – will they thrive, get hurt, fail? Many internal audit and/or risk functions became volunteer parents of their organization’s ERM programs, bringing enthusiasm and commitment to the role. However, ERM (and ESRM) works best when it’s owned and embedded into the fabric of the business. Unfortunately, most ERM programs fail within three years or less after leaving the nest. Why? Explore common challenges and proven strategies for coaxing ERM safely and successfully from the nest.
Presentation by: Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
Resolver’s new platform, Core, is something you’ll hear a lot about over the next few days. This presentation provides an introduction to the foundations of Core, the applications that sit on top of Core, and the various use cases they address.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
Spreadsheets vs Software for SOX ComplianceResolver Inc.
Spreadsheets are like an old friend—always there when you need them. They’re familiar. Comfortable. But if you’re still using them for SOX you might soon find out that spreadsheets can be something else: dangerous. Learn what can make spreadsheets problematic—and why software is often a better option.
The Risk Paradox: Showcasing the Success of SecurityResolver Inc.
The Risk Paradox centers around the idea that, as the number of mitigated incidents increases, so does the perception that the Security department requires less budget and fewer resources due to the decreased impact of incidents on the organization. Marc DiGiorgio will delve into the concept of the Risk Paradox, while will showcase ways to track and report on your team’s success to help those outside of your department clearly see the true value of your efforts.
Presentation by:
Marc DiGiorgio, Chief Revenue Officer, Resolver Inc.
Mary Shiffer, Senior Customer Success Engineer, Resolver Inc.
Regulatory, as well as corporate compliance requirements, demand organizations to conform to a large number of rules, laws, policies, and standards.
Corporater's compliance management software helps you in enhancing your organization's performance by empowering your organization with a unified approach that integrates all your compliance processes and linking it back to the organization strategy.
You get a continuous insight into the status of the compliance and controls, thereby enabling you to improve the compliance and business process quality.
For more information, click here - http://bit.ly/2Prvf9C
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
The corporate and information security worlds are converging. Explore the impact of physical security threats and how these risks often go hand-in-hand with cyberattacks. Learn how to build and use an IT Security Risk Management Framework (RMF) for data-driven decision making in your organization.
What are the top 10 risk concepts that you can retire? We are inspiring a new generation of professionals to use data-driven techniques and international risk standards to support decisions in their organizations and to meet stakeholders´ expectations.
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
Cyber attacks from nation-state actors and their proxies are on the rise. Many of these attackers seek a broader scale to do more damage than simply defacing a website with embarrassing propaganda or by causing a temporary internet outage with a DDOS attack. These hackers often have significant backing and resources from their nation-state sponsors, officially or unofficially.
Increasingly, they are targeting key infrastructures such as power utilities, financial networks, hospitals, healthcare organizations, and state and local governments. A popular tactic is to come in through vendors or managed service providers where they can leverage one successful hack to access dozens of entities. This makes proper vendor and third-party risk management more important than ever.
In this webinar, “Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management” we will discuss the threats, methods and attack vectors that hackers are using, with recent examples followed by best practice areas to focus on in order to secure your organization from these types of cyberattacks.
Up to 5% of an organization’s assets disappear each year due to fraudulent activity. Using retail loss prevention as a case study, this presentation leads you through a discussion about the best practices protecting an organization’s assets.
Presentation by: Jamie Burr, Application Manager, Resolver Inc.
Thomson Reuters is pleased to be a sponsor for this years A-Team Entity Data and Applications Directory. This special publication lists all the major suppliers of regulatory and risk data services, covering areas such as:
FATCA, Solvency, EMIR, Dodd-Frank, UCITS, LEI, Counterparty Risk and so much more.
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
On December 6th, 2018, Resolver and The Risk Management Society (RIMS) hosted a webinar titled, Proving the Value of Your ERM Program. 215 risk professionals attended and participated in a benchmarking survey. These are the results.
Often, the best way to help your child grow up is to kick him/her out of the house. However, there’s always that anxiety – will they thrive, get hurt, fail? Many internal audit and/or risk functions became volunteer parents of their organization’s ERM programs, bringing enthusiasm and commitment to the role. However, ERM (and ESRM) works best when it’s owned and embedded into the fabric of the business. Unfortunately, most ERM programs fail within three years or less after leaving the nest. Why? Explore common challenges and proven strategies for coaxing ERM safely and successfully from the nest.
Presentation by: Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
Resolver’s new platform, Core, is something you’ll hear a lot about over the next few days. This presentation provides an introduction to the foundations of Core, the applications that sit on top of Core, and the various use cases they address.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
Spreadsheets vs Software for SOX ComplianceResolver Inc.
Spreadsheets are like an old friend—always there when you need them. They’re familiar. Comfortable. But if you’re still using them for SOX you might soon find out that spreadsheets can be something else: dangerous. Learn what can make spreadsheets problematic—and why software is often a better option.
The Risk Paradox: Showcasing the Success of SecurityResolver Inc.
The Risk Paradox centers around the idea that, as the number of mitigated incidents increases, so does the perception that the Security department requires less budget and fewer resources due to the decreased impact of incidents on the organization. Marc DiGiorgio will delve into the concept of the Risk Paradox, while will showcase ways to track and report on your team’s success to help those outside of your department clearly see the true value of your efforts.
Presentation by:
Marc DiGiorgio, Chief Revenue Officer, Resolver Inc.
Mary Shiffer, Senior Customer Success Engineer, Resolver Inc.
Regulatory, as well as corporate compliance requirements, demand organizations to conform to a large number of rules, laws, policies, and standards.
Corporater's compliance management software helps you in enhancing your organization's performance by empowering your organization with a unified approach that integrates all your compliance processes and linking it back to the organization strategy.
You get a continuous insight into the status of the compliance and controls, thereby enabling you to improve the compliance and business process quality.
For more information, click here - http://bit.ly/2Prvf9C
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
The corporate and information security worlds are converging. Explore the impact of physical security threats and how these risks often go hand-in-hand with cyberattacks. Learn how to build and use an IT Security Risk Management Framework (RMF) for data-driven decision making in your organization.
What are the top 10 risk concepts that you can retire? We are inspiring a new generation of professionals to use data-driven techniques and international risk standards to support decisions in their organizations and to meet stakeholders´ expectations.
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
Cyber attacks from nation-state actors and their proxies are on the rise. Many of these attackers seek a broader scale to do more damage than simply defacing a website with embarrassing propaganda or by causing a temporary internet outage with a DDOS attack. These hackers often have significant backing and resources from their nation-state sponsors, officially or unofficially.
Increasingly, they are targeting key infrastructures such as power utilities, financial networks, hospitals, healthcare organizations, and state and local governments. A popular tactic is to come in through vendors or managed service providers where they can leverage one successful hack to access dozens of entities. This makes proper vendor and third-party risk management more important than ever.
In this webinar, “Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management” we will discuss the threats, methods and attack vectors that hackers are using, with recent examples followed by best practice areas to focus on in order to secure your organization from these types of cyberattacks.
Up to 5% of an organization’s assets disappear each year due to fraudulent activity. Using retail loss prevention as a case study, this presentation leads you through a discussion about the best practices protecting an organization’s assets.
Presentation by: Jamie Burr, Application Manager, Resolver Inc.
Thomson Reuters is pleased to be a sponsor for this years A-Team Entity Data and Applications Directory. This special publication lists all the major suppliers of regulatory and risk data services, covering areas such as:
FATCA, Solvency, EMIR, Dodd-Frank, UCITS, LEI, Counterparty Risk and so much more.
Learn how to reduce financial fraud and improve risks management. What are the most common risks for activities and business processes? How a SoD repository is commonly set up? Learn the top 3 SoD conflict types and how to implement a methodology in order to leverage your SAP governance.
Main points covered:
• How to reduce financial fraud and improve risks management
• What are the most common risks for activities and business processes?
• How a SoD repository is commonly set up?
• Learn the top 3 SoD conflict types
Presenter:
The webinar was presented by M. Roseau, director of business development for In Fidem, a Canadian company based in Montreal, Quebec.
Link of the recorded session published on YouTube: https://youtu.be/bRsiWx2NodA
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers risk analysis for auditors
1. Rev2 IT Information Security Risk Management February 26, 2010
2. Today’s Discussion Agenda Rev2 Introduction RiskView Framework Examples Next Steps Goals Introduce RiskViewTM a decision support system which helps identify and focus on business- material risks Understand your risk-management focus areas & processes 2
3. Rev2 Risk Management InfoSec Risk Supply Chain Risk Service Delivery Risk RiskView replaces ad-hoc processes with a Fact-based, Scalable, Repeatable Framework Identify under controlled risk via business views Focus on the most material drivers “What-if” controls testing
21. Visualization—To facilitate analysis and understandingRequirements Effective risk management requires specialized structures, tools and systems that most companies lack 5
22.
23.
24.
25.
26.
27.
28. Recognize differences in asset value Strategic Data supports a fact-based, scalable, repeatable process 6
29.
30. What is RiskViewTM? A software Risk Data Warehouse platform that collects vulnerability data Business-specific modules with customizable views and analytics Advanced Visualization to create a packaged decision support system Highly-extensible platform, for fact-based, scalable, repeatable Risk Management Decisions 8
43. Filters = Focus Not every vulnerability is equal in terms of materiality Once aggregate material risk is identified and unacceptable levels detected, need to identify and profile drivers Date Range (trending) What-if (testing) Materiality (finding the “Critical Few”) 14