With individual countries required to implement Solvency II by October 2012, insurance companies face relatively tight deadline to comply with a more sophisticated risk-based approach to supervision throughout the EU. Companies must now implement new governance and processes to ensure they move beyond traditional insurance underwriting risk to a comprehensive risk management framework that assesses all internal and external risks and which ensures that companies are sufficiently capatalized to cover their exposures.
Companies are finding legal and regulatory compliance costs soaring while effectiveness declines, giving rise to huge fines, penalties, awards and settlements — often in the billions of dollars. By aligning business objectives and building compliance programs into existing management and business processes, responsibility and accountability is put where it works best, increasing effectiveness, reducing cost, and providing senior management and the board with the information they need.
The IT Risk Management Survey, which was sponsored and conducted by OpenPages in October 2009, highlights the current state and future direction of IT risk management in organizations today.
ERM provides organizations a programmatic way to deal with business uncertainty and the associated risk and opportunity. By utilizing disciplined risk and compliance management programs, firms can manage unexpected outcomes and reduce the impact of risk events when they do occur. But enterprise risk management encompasses more than balancing risk and reward, and it goes beyond regulatory compliance. Providing enhanced visibility into the risk landscape, ERM empowers business managers to make smarter decisions that maximize value, reduce costs and balance risk with returns. When embedded into everyday processes at all levels of the organization, risk management will drive business performance.
As corporate information technology infrastructure increases in size and complexity, corporations are recognizing the need for a better mechanism for assessing IT?s role and relative alignment to the key corporate initiatives. What began as a series of best practices has evolved into the field known as IT governance. This white paper is for business and technical people and introduces the key concepts and challenges with IT governance and introduces the reader to the IT governance solution provided by OpenPages.
Leading insurance companies are beginning to recognize the potential value in deploying a robust operational risk management framework and integrating it into their ERM efforts. They want to minimize surprises and decrease volatility; they want to be proactive in order to seize opportunities. The banking industry has acquired practices and tools which insurers can leverage to benefit their own risk management programs.
Internal audit is evolving from its traditional role of record examination and identification of policy violations to a more modern, consultative approach aimed at risk mitigation. As part of this evolutionary process, internal auditors have also focused more of their efforts on the risk assessment process and a top-down approach to audit scoping.
The four-step process for implementing a top-down, risk-based approach to establishing scope and test strategies for internal controls. When combined with appropriate technology support and sound business acumen, it can significantly reduce the costs for Sarbanes-Oxley documentation and testing.
In today's highly regulated business environment, organizations must comply with multiple global regulatory mandates, including privacy, industry and process regulations. Regardless of the scope of an organization's compliance environment, similarities across regulations create overlapping management, documentation, control and audit demands, which can overwhelm efforts to identify and manage compliance risk effectively and completely. Migrating away from manual processes for regulatory compliance means the deployment of a technology solution that can centralize and manage compliance activity and provide management with visibility into the organization's entire compliance posture.
Security breaches involving customer records and multi-billion dollar losses arising from rogue trading activities are just some of the high profile risk events that amplify the importance of Governance, Risk and Compliance (GRC) to a firm’s economic health. Risk convergence within a GRC framework aids the organization in reaching the next level – controlling costs, achieving efficiencies, managing risk and providing better support for business decision-making.
Convergence is the key to maximizing an organization’s governance efforts in today’s high-profile financial services industry. It is not an overnight proposition — but a multi-step, continuous process. This paper breaks down the convergence process into four steps toward effective risk and compliance management: Recognize, Harmonize, Synchronize and Rationalize
More than ever, corporate directors, business executives, and risk professionals realize that operational risk is critical not only for regulatory compliance but also for operational efficiency and effectiveness. In fact, there is a growing body of empirical research and survey data that would support two observations about ORM — (1) ineffective ORM is a key contributing factor when companies suffer a significant decline in market value, and (2) companies with effective governance, risk, and compliance programs are associated with higher levels of profitability and market valuation. This white paper shows how your organization can realize the business value of ORM.
This paper outlines the more significant requirements of the Securities and Exchange Commission and Public Company accounting Oversight Board proposals on internal control over financial reporting (ICFR) issued December 2006. It boils the 200 pages down to a manageable few, focusing particularly on changes from the prior rules and anticipated relevance of the proposals to companies already employing a technology solution to governance, risk and compliance, or those organizations of size, scale or complexity where a technology solution would promote effectiveness and efficiency.