First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

business objectives

Hyperventilating about cyber – Part 2

Is the level of concern about cyber merited? Should organizations and individuals be as worried about the possibility and consequences of a breach as they are advised by the consultants, information security pundits, and in news reports?

 

, , , ,

The basics of risk management

I want to congratulate David Hillson (a.k.a. the Risk Doctor) for his video explaining his view of risk management basics. In Risk management basics: What exactly is it?, he takes less than five minutes to sum up risk management with six questions:

 

, , ,

Reporting on risk to the board

Those charged with reporting on risk to the board and to the executive team should understand what they are trying to achieve, what information they need to be successful and how they can help.

 

, , , , , , ,

Don’t forget to audit controls!

It’s best to have management detect issues and for audit to assess whether those detective controls are adequate.

 

, , , , , , ,

Collaboration between the business risk and IT security teams

Take each of your business objectives and plans. Now, figure out what might result from a technology-related failure (noting that ‘technology’ extends beyond the IT function). Then, what are you going to do about it?

 

, , , , , ,