Risk Management

A well-known nationwide pharmacy retailer was recently subject to an enforcement action by the U.S. government costing them a settlement of $2.25 million, the implementation of a comprehensive written compliance program, and an agreement to submit to compliance audits every 2 years for 20 years. What type of violation could have resulted in such a severe punishment to the company? The answer may surprise you – these penalties were the result of reported HIPAA security breaches.

Tasked with improving their companies’ operations by systematically evaluating and improving the effectiveness of risk management, control, and governance processes, chief audit executives and internal auditors couldn’t be operating in a more difficult time with the Dodd–Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) confronting them.

While the continued adoption of CR reporting may not surprise those active in the field, the details of how CR reporting is evolving deliver a compelling view into the expectations that companies now face.

Technology change, competitor action, cyber attacks, supply chain disruption, regulatory change, product blunders and executive departures – the risks to business performance are unceasing in a dynamic environment. Yet, in the need for performance lies the seed of improved risk management.

Veteran SEC Official John Reed Stark discusses the implications of new SEC disclosure requirements for managements and boards.

Results from the Protiviti’s 2011 IT Audit Benchmarking Survey reveal that many organizations, including one in four with revenues up to $1 billion, are not conducting any kind of IT risk assessment.

The trend toward more depth in board oversight of risks is a good thing, leading to boards with a deeper understanding of business and compliance risks and boards that are better positioned to help their company achieve long-term sustainable success.

A lesser-known provision of the Dodd-Frank Act requires publicly traded companies to disclose if their manufacturing process employs conflict minerals like tantalum, tin, tungsten, and gold. These minerals play an important role in a wide variety of industries, from electronics and communications to semiconductors and jewelry, and they are found in products as diverse as cell phones, nuclear reactors, and light bulbs.

Knowing the common traits of a fraudster can help employers be better prepared to prevent damaging incidents from happening in their organizations.

As organizations invest in a variety of risk processes and functions, many companies find that they often lack a unifying vision and/or clear objectives, limiting the realization of benefits. GRC convergence replaces a fragmented approach with a single view of risk that is articulated across the entire organization, providing a common language, approach, and methodology for risk management. KPMG’s GRC Holistic Model is designed to bring people, process, and data together for effective convergence.