5 Reasons to Get an Independent Annual Risk Assessment for Your Company
Most companies are required to conduct an annual risk assessment. It is a key part of business planning and risk management. This can help you to make…
Cyber risk is not just IT Risk. It’s business risk.
Leaders are increasingly recognizing the dangers in our connected world, where cyber incidents can wreak havoc on finances and reputations alike…
Cybersecurity During the Holidays
It is difficult to quantify the exact number of hacks that occur during the holidays, as this can vary from year to year and depend on a variety of factors…
Understanding Governance, Risk and Compliance (GRC)
Automated governance, risk, and compliance (GRC) refers to the use of technology to manage and monitor an organization's compliance with laws, regulations, and internal policies.
Separation of Duty: A Case Study on the Value-add of Internal Audits
Part Four of our Control Freaks Series takes into the world of Internal Audit and Audit Readiness assurance and examines the value of Risk Management to an Internal Audit process.
CONTROL FREAKS! Internal Controls and how to make them.
Sorry, my fellow humanities friends, but this is not about the internal expression of your inner poet and deepest feelings! However, properly established and managed, internal controls will go a long way to protecting your organization, not to mention passing audits and maintaining those increasingly important security certifications.
Control Freaks! SOA Internal Control - Risk Register. Who’s on first?
The Statement of Applicability (SOA) defines both which of the suggested 114 controls from Annex A you will implement, and the justification to not implement certain controls. In regards to ISO 27001, an SOA report is required as well as an SOA statement for each control.
Control Freaks! Everything you wanted to know about…
…compliance obligations - regulations, standards, controls, internal controls & more…
Certified? Congratulations! Now What?
Now that you have your SOC 2, ISO 27001 certification, or if you’re maintaining any control requirements in your organization, you can improve your performance and better protect your assets with a risk-first approach.
HIPAA Fines on the Rise for Small to Mid-Size Health Providers
Federal fines for HIPAA compliance are on the rise and this trend will likely continue while the Healthcare industry remains an active target for cyber threat.
On-Demand SSP and POA&M Reports
SSP and POA&M reports are complex and take time to maintain, unless you are using C1Risk.
How to Lower Your Compliance Costs: Just Add Risk
Compliance is costly, time-consuming and often frustrates one or many in the company. It should not. Here are simple mistakes to avoid and processes to build that will help your company climb the compliance mountain with relative ease.
The FDIC Incident Reporting Rule is No Small Challenge for Financial Institutions
In one of the strictest cybersecurity incident management rulings to-date, starting May 1, banks in the U.S. will be required to notify their primary federal regulator of a cybersecurity incident within 36 hours. How is your company preparing to meet this requirement?
CMMC Certification: Don’t Get Lost in the NIST
Confused much? Well, don’t get lost in the NIST, CMMC, or any other related standard for that matter.
Business Resilience in Light of the OKTA Security Breach
With a public announcement last week, OKTA, a global leader in multi-factor authentication, acknowledged after several months, the exposure of over 350 clients to a security hack in January 2022.
Global Risk and Compliance: A Strategy
Today, we will evaluate successful global risk and compliance strategies. We will focus on a “DevOps” approach to risk management and the development of a risk scrum team that connects through an integrated risk management platform to continuously monitor and prioritize risk and mitigation. Are you scratching your head? Read on.
Build Your Risk Program: Start Here
Whether you are in the process of beginning build your risk program, formalizing it, or in the midst of maturing it, here are some factors for consideration. Organizations should not design risk management programs as a process set in stone. Risk is a river – a constant flow with changing currents, power, and directions.
A Steady State of Managed Risk
Today’s article focuses on best practices and governance principles for how to achieve a steady state of managed risk in your organization.
Risk Best Practices: The People Factor
If you get it wrong, your own people can become one of your greatest risks. Get it right, and they will continue to be your greatest assets.