Once a month, our Risk Roundup provides a recap of 10 interesting articles and online resources on Risk and GRC that caught our attention. Enjoy the recap for May 2018.
This guide from the Institute of Risk Management (IRM) explains the approach used in ISO 31000 and identifies the importance and relevance of ISO 31000 and other frameworks. The guide also outlines the practical application of ISO 31000 and provides commentary on the use of the standard by risk professionals and on its implementation. Download report
Bias skews perception, leading to bad decisions. Everybody has biases. The difference is that some people are better than others at recognizing them. This article explains nine biases that risk managers should know about, in order to make sure that they make the right decisions. Read more
It is really important for an organization to keep track of the things they are willing to do and not confuse them with other risky behaviors they aren’t. This is called determining the company’s risk appetite. When it comes to risk appetite, there are three categories: “On-strategy”, “Parameterized risks”, and “Off-strategy”. Read more
In this video, thought leader and former chief audit executive Norman Marks describes the biggest mistake internal auditors make when communicating with management and the board, and offers insight on how to improve those communications. Watch video
The rapid adoption of new data technologies, including artificial intelligence and the cloud, has made data risk a bigger concern for organizations in almost every industry. Strong data management and a thorough understanding of related risks are critical to managing trust with data, both from within the organization and externally. Read more
Technology is becoming more and more necessary for the growth of companies, enhancing their abilities to get products to market faster and automate core processes. But while emerging technologies like artificial intelligence and blockchain are fast becoming the new normal, risk management is not keeping up. Read more
Since artificial intelligence is a combination of algorithms, and since algorithms are programmed by humans, there could be a risk that AI may not produce the desired outcomes. This does not undermine the benefits of AI, but it does imply that organizations should consider AI risk, ask themselves some key questions, and even audit the outcomes of AI.
The rapid pace of new product introductions, a shifting third-party provider landscape, and global logistics and distribution disruptions have become common challenges for organizations that operate on a worldwide basis. In turn, those challenges are placing greater pressures on global supply chain compliance. Read more
Internal auditors are increasingly taking advantage of new technologies to incorporate data analytics in their audits. More and more chief audit executives are jumping into this growing area by assigning auditors to “go do data” without sufficient training, preparation, or strategic direction. Auditors taking on this role need to be aware of the risks surrounding data analytics. Read more
Yesterday’s risk management practices are no longer adequate to address today’s threats. Risk can be positive, negative or both, and can address, create or result in opportunities and threats. The key driver for effective risk management is to create and protect value. Read more
Visit Enablon Insights again a month from now to learn more about what caught our attention in Risk and GRC!