May 17, 2012

Posts Comments

You are here: Home / Archives for Information / Corner Office Viewpoint

Compliance Officer and In-House Counsel — Synergies and Conflicts

February 20, 2012 By 1 Comment

Amy E. Hutchens, a frequent contributing writer for this website and the National Contract Management Association (NCMA), has written an interesting article entitled “Wearing Two Hats: The Dual Roles of In-house Counsel and Compliance Officer”, and, given the fact that corporate regulatory and enforcement authorities have become more active and aggressive in the past several months, our staff would like to encourage a more detailed reading of Amy’s approach to this dual challenge often facing a new arrival to a new in-house counsel appointment.   Of course, economic constraints can often be their own motivation(s) for trying to combine these often conflicting roles in an organization.

As Amy states in her article, “…wearing the hats of both in-house counsel and compliance officer can be challenging and rewarding at best and can become a nightmare at worst.”

The question(s) Hutchens addresses in this article speak to the very realistic world challenges of risk that organizations –both large and small – live with every day, and, in doing so, they also raise the possibilities of real world consequences that often result from a decision to unify the roles of in-house counsel and compliance officer within any one organization.

Let us know your thoughts and comments as you read more of how Hutchens attempts to answer the following questions:

  1. Given today’s business environment, is it realistic to expect a general counsel to operate as a great compliance officer?
  2. Are the inherent conflicts reconcilable?
  3. Is executive management deprived of a valuable perspective when the roles are combined?

Click on the following link Wearing Two Hats by Amy E Hutchens to read the full article.

If applicable, please pass this information along to those business continuity, disaster preparedness, risk management or even PS-Prep strategy planning teams, as well as, compliance officer or general counsel individuals in your organization.

Click here to view the National Contract Management Association website for more related articles and information on the topic of compliance and in-house counsel activities. (Registration Required)

Amy E. Hutchens is general counsel and Vice President of Compliance and Ethics Services for Watermark Risk Management International, LLC.

Photo courtesy of National Contract Management Association (NCMA) Magazine – Feb 2012

Filed Under: Business Continuity Info, Corner Office Viewpoint, PS-Prep Program, Regulatory Compliance Tagged With: , , , , , , ,

Risk Management and Crisis Response Traits

February 7, 2012 By Leave a Comment

In a recent article written by Kevin M. Quinley, entitled “Avoid These Seven Traits that Will Sink Your Risk Management Program!”, the topic of organizational crisis management in the context of product liability is addressed from an interesting adaption of consultant Jim Lukaszewski’s presentation identifying seven behaviors that spell trouble when it comes to how an organization will act when faced with an unexpected crisis or disruptive event.

Quinley’s article should focus our readers’ attention on several perceived typical reactions by organizations when faced with a disruptive event — like a product liability claim or law suit.  And, by learning from this information, it could be a first important step for an organization to take toward building a strong corporate risk management and mitigation plan against these potential threats.

A quick summary of those typical reactions expressed by both Llukaszewski and Quinley are:

  1. Denial
  2. Victim Confusion
  3. “Testosterosis”
  4. Arrogance
  5. Scapegoating
  6. Media-Phobia
  7. Whining Parties

Click here to read Quinley’s full article.

If applicable, please pass this information along to those risk management team members in your organization.  And, in some cases for smaller companies in the private sector, PS-Prep strategy and business continuity planning groups could add this content to their library of available reference materials as well.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , ,

Black Swans in the Boardroom

February 7, 2012 By Leave a Comment

Photo courtesy of ashfordbirder.blogspot.com

Judging from recent comments and inputs from our readers, many business continuity planning teams fully realize that the risk landscape facing their organizations is changing, and, while they and their upper management teams can see that a new risk landscape is emerging, it remains difficult to define what is behind those changes or how their risk management strategies should respond to them.

Trying to keep this awareness out of a negative light, Armoghan Mohammed and Richard Sykes (both part of the PricewaterhouseCoopers International Limited group) have written and recently released a report entitled “Black Swans Turn Grey: The Transformation of Risk”.

Our staff agrees with Mohammed and Sykes’s belief that through a better understanding and management of risk strategy, organizations will be more resilient and better positioned to pursue their corporate objectives.

First a little background on the concept of risk and a “black swan event”.  In 2007, the Nassim Nicholas Talleb wrote about “The Black Swan: The Impact of the Highly Improbable”, and, the term “black swan” was quickly adopted and became one of the three (3) major types of risks now recognized by risk management methodologies – the other two are “known risks” and “emerging risks”.

Mohammed and Sykes argue and suggest that recent experience(s) indicate that events that fit the description of “black swans” are happening more and more frequently –therefore they ask the question, “Are black swans actually turning grey?”

Exploring this approach and tying it, as well, to a real need to map out the new risk landscape, align it with the requirement for board members to better understand this reality, and integrate this reality into the management leadership so that organizations develop a risk aware culture with explicit focus on the risk appetite of the organization and then align that risk appetite with the objective marketing and growth strategies for that organization.  In other words, the board has the responsibility — building on an enterprise risk management methodology – to: (1) fuse strategy more closely with risk, (2) articulate a more explicit and holistic risk appetite and (3) promote and support more active collaboration within their organizations to build stronger resilience levels across total business management systems.

Click here to read Mohammed and Sykes’ full whitepaper.

If applicable, please pass this information along to those risk management and business continuity planning teams in your organization, and, where needed, introduce these thoughts to PS-Prep strategy planning teams, as well.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , ,

Risk Awareness Concerns and Organizational Risk Management System Potential Integration(s)

February 5, 2012 By Leave a Comment

Photo courtesy of meship.com

By: Lisa DuBrock, CPA, CBCP, MBCI

Recently in an article written by Subrata Guha entitled “New ISO IEC 20000-1: Alignment with ISO 27001”, Guha makes the point that, “…. since ISO 20000-1 and ISO 27001 are so closely linked, there is a strong argument that these two standards should be implemented as a single management system – and, that the new release of ISO 20000-1 makes this process easier than ever before.

I contend that the melding of those 2 standards is certainly an excellent idea —especially since some well-defined areas such as incident management, change management, and security management link up so well. And, I believe that many companies have done just that; whether they implement the standards together or individually and then knit the individual management systems and overlapping control structures together.

What I’d like to propose today is — depending on your own corporate and organizational culture — to consider a coupling of two other standards that have a natural affinity to work together.  Those standards are ISO/IEC 27001:2005 Information Security Management System and ASIS SPC.1 Organizational Resilience:  Security, Preparedness and Continuity Management System.

Both the ISO 27001 and the ASIS SPC.1 standards build their foundation on the concept that management identifies, adopts, implements, monitors, updates and, most importantly, manages their related management system(s) based on that particular organization’s appetite for risk – i.e. Risk Appetite.

As with any organization’s business management system (BMS), the process of implementing that BMS to a standard (i.e. ISO 27001 or ASIS SPC.1) begins with and is based on the scope that the organization sets for its BMS.

In this instance, both ISO 27001 and ASIS SPC.1 adhere to the management system requirements of: Management Commitment (including resourcing, training and awareness, and approval of the system), Internal Audit, Management Review and Continual Improvement.

Both of these standards also require a statement of applicability (SOA).  However they differ in how the SOA is defined.  In SPC.1 the SOA documents the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management and business continuity management.   In ISO 27001 the SOA is a documented statement describing the control objectives and controls that are relevant and applicable to the organizations ISMS.

What really differs between these standards, however, is the context of the risk process.  For ISO 27001, the context is based on the information assets identified within the scope of the management system.  Within SPC.1 the Organizational Resiliency Management System is based on legal and other requirements, information about significant hazards and threats and protection of critical not just information assets (physical, intangible, environmental and human).

By having an organization integrate the implementations of both ISO 27001 and ASIS SPC.1 standards simultaneously, it would almost be a certainty that a stronger and more clear understanding of risk and what is needed for that organization’s mitigation of those risks (i.e. to be more secure) would be achieved.

If you agree or not with this opinion, please share your comments and inputs regarding this potential integrated approach.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Information Security, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Privacy and Security Controls in Your Corporate Board Room — Perhaps a Review is Necessary

January 27, 2012 By Leave a Comment

Photo courtesy of blog.dattobackup.com

In a recent article written by NICOLE PERLROTH a potential risk mitigation event was revealed and should be cause for all organization’s to re-verify that camera’s used in their corporate board rooms are properly and verifiably protected from hackers.

Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone lines. Over the last decade, however, videoconferencing — like everything else — migrated to the Internet.

Now, many businesses use Internet protocol videoconferencing — a souped-up version of Skype — to connect with colleagues and customers. Most of these new systems were designed with visual and audio clarity — not security — in mind.

Click here to read this full article and become aware of how easily professional security experts were able to hack into the board room conference cameras of unsuspecting companies of all sizes.

If applicable, please pass this info along to those risk management and IT / information security team members in your own organization.

Filed Under: Corner Office Viewpoint, Cybersecurity, Information Security Tagged With: , , , , , , , , , ,

Risk Management Efforts Lead to Earnings Stability — New Report Findings

November 17, 2011 By Leave a Comment

Judging from comments this website continues to receive, organizational business continuity and PS-Prep strategy planning groups have a full time job reminding and/or convincing upper management to invest in proactive risk management practices throughout the entire organization.

The results of a recent study entitled “The Risk/Earnings Ratio: New Perspectives for Achieving Bottom-Line Stability” may be just what the doctor ordered to shed some light on this topic — especially, given the fact that many organizations today continue to reduce budgeted capital and other resources across diverse functional areas and operations, including physical risk management.

By adopting strong risk management practices, the findings of this study suggest that a company will reduce not only the frequency and severity of these potential loss exposures, but also may reduce volatility of those earnings.  In other words, given the strong correlation between management of property risks and earnings stability revealed in these survey results, it would appear that cutting back on risk management resources may instigate potential loss of earnings and more volatility of those earnings levels – all to the detriment of shareholder value.

This study of risk management and the potential impact on earnings stability was commissioned by commercial and industrial property insurer FM Global  and was conducted by Oxford Metrica, an independent strategic advisor to FORTUNE 500 companies.

Check this study out  and perhaps you will have some additional resource material to support your BC/DR team’s efforts to get upper management more on board to support and fund your team’s disaster preparedness and readiness efforts today.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , ,

Disaster Recovery, Relief, Preparedness and the Role of Philanthrophy

November 8, 2011 By Leave a Comment

Photo courtesy of dreamstime.com

With so much emphasis on hard economic times putting growing pressure on capabilities and resources needed in times of disaster, philanthropic efforts can be one of the contributing solutions to aid those in need resulting from a disaster or catastrophic event.  The fact is that when time is of the essence, philanthropic organizations can respond quickly and with great agility to a crisis.  Even more important, private dollars possess the ability to invest in long-term efforts such as disaster recovery and disaster preparedness.

To bring our attention to many of the dynamics and potential role(s) that philanthropy can (and in reality does play) in disaster preparedness, relief and recovery, the Center for Strategic and International Studies (CSIS) and Louisiana State University (LSU) recently hosted a discussion concerning that crucial role of private philanthropy in BC/DR featuring  the following panel of guest speakers; John Davies, President and CEO of the Baton Rouge Area Foundation, Regine Webster, Executive Director of the Center for Disaster Philanthropy and Edmund Cain, VP, Grant Programs of the Conrad N. Hilton Foundation.  The program was moderated by Lori Bertman, President and CEO of the Irene W. and C.B. Pennington Foundation.

Click here  to view a video of this event and learn more about this potential resource to assist individuals, communities and organizations trying to not just survive and recover from disasters, but also, to better face those potential crisis management and risk mitigation events by being better prepared and ready when those disaster events occur.

If applicable, please pass this information on to those business continuity, risk management and PS-Prep strategy planning team members in your organization and community.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , ,

Cyber Atlantic 2011

November 4, 2011 By Leave a Comment

 

 

Photo courtesy of cybercrime urh.feldkirch.at

The Cyber Atlantic exercise 2011 is part of the ongoing EU-U.S. partnership to strengthen mutual capabilities for addressing emerging threats to global networks. Through the EU-U.S. Working Group on Cybersecurity – including representatives from DHS’ National Cyber Security Division (NCSD), the Department of Justice, EU member states and the European Commission – stakeholders focus on cyber incident management, enhancing public-private partnerships, and raising awareness about cyber threats, and combating cybercrime. 

Two hypothetical scenarios were tested in Cyber Atlantic 2011: a cyber-attack which attempted to extract and publish online sensitive information from the EU’s national cyber security agencies, and an attack on supervisory control and data acquisition (SCADA) systems in EU power generation equipment.

Our staff has listed some links below to offer our readers a variety of content regarding this important event:

“United States and European Union Hold First-Ever Joint Cyber Tabletop Exercise”  posted by: Lee Rock, Acting Director of US-CERT

“Cyber Atlantic 2011 Shows Cyber Security Has No Borders”  posted by Sue Marquette Poremba, ITBusinessEdge

“SCADA Systems: Achilles Heel of Critical Infrastructure”  posted by Tony Bradley, PCWorld

“Cybersecurity by the numbers: How bad is it?” posted by Larry Dignan, ZDNet

“U.S. and European experts meet to prepare for the cyber-wars of the future”  posted by Martin Bryant, TheNextWeb

“E.U. and U.S. Conduct Readiness Tests for Cyber-Attacks” posted by European Commission / Press Release

If you found this information useful or applicable, please pass it along to those cybersecurity, risk management, organizational resilience and PS-Prep strategy planning team members in your organization.

Filed Under: Corner Office Viewpoint, Cybersecurity, Information Security, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , ,

Risk Management, Global Supply Chain Management and the Languages of Bribery

November 4, 2011 By Leave a Comment

One of the more unusual risk components in global supply chain management involves the language of bribery.  And, with fines and penalties for violations of anticorruption laws skyrocketing, feedback from our reader’s comments and following this topic on Google global alerts, our staff has found that multinational companies are applying many of their resources into the pursuit of anticorruption compliance.   

In a recent article written by James G. Tillen and Sonia M. Delman, posted on the Forbes website, and entitled “A Bribe by Any Other Name”, we find the two dynamics mentioned above explained in a very easy to understand way with many examples offered to clarify their message, and as such, may be a valuable reading resource for global supply chain risk managers. 

Although the article written by Tillen and Delman is somewhat dated in time, our staff believes it remains relevant today and should be an incentive for multinational companies to review this area of supply chain management risk on a regular basis. 

Below you will find a short summary of a list of common bribery jargon used in certain countries.  Be sure to review the complete list when reading this full article: 

Country/Language Bribery Jargon
Argentina cohecho; soborno; coima; cometa
Angola gaseoso
Brazil propina; jetto; jetinho; caixinha; graxa; troco; nota; acerto
Bulgaria rusvet
Cambodia tea money
China huilu; chaqian
Croatia mitto; podmititi (v.)
East Africa chai
Egypt baksheesh; shay
France pot-de-vin; arroser (v.); graisser (v.)
Gambia maslaha
Germany shmiergeld
Greece bakssissi
Hausa (spoken in West Africa) toshiyar-baki
Honduras pajada
Hong Kong hactzien
Hungary megvesztegetes; kezet fogni (v.); keno penz; csuszo penz; lekenyerezni; lefizetni
India rishwat; baksheesh; ghoos; hafta; chai-pani
Indonesia suap; pungli; uang sogok
Iran roshveh
Italy tangento; omaggi; spintarella; bustarella
Japan on; wairo; kuroi kiri

 

Click here to read the full article by Tillen and Delman.

If applicable, please pass this information along to those business continuity and PS-Prep strategy planning global supply chain team members in your organization.

Photo courtesy of gpnetnow.com

Filed Under: Business Continuity Info, Corner Office Viewpoint, PS-Prep Program, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , ,

U.S. BC Management Compensation Report Released

November 3, 2011 By Leave a Comment

 

Photo courtesy of rainydaybudget.com

Many of our readers are members of business continuity planning teams, and, may likely now be involved setting goals, objectives and budgets for the coming new fiscal year.

To assist in assessing your organization’s current and/or next fiscal year BCM budget, BCM dedicated staffing or to simply get a peer assessment to your industry peer group, our staff recommends a visit to Cheyenne Marling-Haase’s BC Management website.

You can download a complimentary summary copy of the most recent BC Compensation Report for the U.S., reflecting data collected between May-October 2011 with a focus on 2010 compensation levels.   Or simply click here  to read more about this important resource for BC and risk management planning groups.

On this site, you will find that the BC Management’s 2011 study states …” that the average total compensation (base + bonus) for a Business Continuity professional is $114,331 USD. This data point is a positive indicator that things are beginning to improve with regards to compensations in the business continuity profession. Previous study results going back to 2007 reported an average total compensation for (full-time employee) FTE between $100,496 and $101,554. BC Management’s BCM Comprehensive Compensation (Initial Findings) Report also highlighted that there are fewer respondents who indicated a total compensation decrease (33.33% in 2011 compared to 40.73% in 2010).”

How does your organization’s compensation plan compare? 

If applicable, please pass this information along to those BCP, risk management and/or PS-Prep strategy planning team members in your organization.

Filed Under: Business Continuity Info, Corner Office Viewpoint, PS-Prep Program, Risk Management Tagged With: , , , , , , , ,
« Older Posts
Newer Posts »