• How Risk Management Is Changing in Response to the Economic Crisis

  July 01, 2009

  The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

• Enhancing IT Risk Management: An Exposure Draft

  February 01, 2009

  Information Technology (IT) risk is a business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. Even though the use of IT can cause many risks for an enterprise, there are also many benefits derived from the use of IT. IT risk is prevalent at all levels of an organization, and many organizations have a hard time integrating the management of IT risk with all of the other business risks an organization faces. This exposure draft, “The Enterprise Risk: Identify, Govern and Manage IT Risk, The Risk Framework Exposure Draft,” helps management properly integrate the management of IT risk into its Enterprise Risk Management, make well-informed decisions about the extent of the risk, risk appetite, and risk tolerance of the enterprise, and understand how to respond to risk.

• Managing Information Technology Risk:  A Global Survey for the Financial Services Industry

  December 31, 2008

  Ernst & Young’s first global survey for the financial services industry that provides industry data, trends, leading practices, and opinions on the components of effective information technology (IT) risk management. Based on survey responses, many financial institutions are seeking ways to better integrate IT risk management with their overall risk management program and processes.

• The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities

  September 30, 2008

  This report by KPMG, LLP describes insights from audit committee members of public companies regarding audit committee priorities and processes. The data come from the 2007-2008 Public Company Audit Committee Member Survey by the KMPG Audit Committee Institute which compiled findings from nearly 300 audit committee members and the 2008 Audit Committee Issues Conference attended by around 120 audit committee members. Key findings include that audit committees have grown more confident in their oversight of traditional financial reporting matters, but they believe there is a significant opportunity to improve their risk management oversight and believe that oversight of risk management is their top oversight priority for 2008.

• GRC Strategic Agenda: The Value Proposition of Governance, Risk, and Compliance

  February 01, 2008

  The increasing barrage of governmental, industry specific, and internal regulations, coupled with the pressures of increased competition and risk in a global market has clearly defined the need for organizations of all sizes to implement GRC initiatives. This article explains the need for GRC, GRC’s interconnectivity with IT, and the high level importance risk management plays in GRC initiatives.

• The Convergence of Physical and Information Security in the Context of Enterprise Risk Management

  December 31, 2007

  This report gives insight into the general state of security convergence, integration of converged security as part of ERM, role of risk councils, and benefits of converged risk management.

• ERM and Information Technology

  April 01, 2006

  Internal auditors are faced with new challenges as the importance of understanding information technology (IT) and its impact on risk management becomes even more critical. Internal auditors can provide value to businesses if they use their IT knowledge to help an organization implement a successful enterprise risk management (ERM) program.

• CROs Challenged by IT Risks

  September 01, 2005

  The white paper focuses on the increasing dependency companies have on IT processes and the new challenges placed on CROs. Senior executives at various industries were asked to provide insight on digital risks and the role CROs play in tackling such risks.

• Using Technology to Support ERM:  A Case Study

  December 31, 2003

  Companies face added complexity to overall risks threatening an enterprise. Management needs a risk management program that is complete and proactive toward risk. This article highlights steps that Zions Bancorporation took to develop an application to facilitate risk management.

• Impact of IT Risks on ERM

  December 01, 2003

  Many technological risks face modern organizations of all types and have become necessary considerations for general auditors. These risks can be placed into the five categories of access control, network security, data integrity, asset management, and software acquisition and development, all of which are necessary to consider even in businesses that function outside of technological markets. Framework should provide flexibility for change as technology changes yet mitigate risk through necessary restrictions.

Sub Navigation

ERM Resources

• Resources
• Articles
• Books
• Conferences
• Webcast
• Organizations
• ERM Roundtable Summaries