Digital technology drives immense business opportunity explains Neill Tinegate, adding that this comes with an ever-increasing need for boards to understand and mitigate significant risks. In this blog, he considers cyber security, data governance and privacy, emerging technology as well as digital transformation - and he discusses some vital considerations for board members in each of these areas.
Read MoreThe insolvency risk for company directors - are you swimming naked?
The standards of diligence and care expected of non-executive directors in the oversight of a company are extremely high and, as Francis Kean explains, often become the subject of intense scrutiny and controversy in protracted and expensive investigations and proceedings following collapse. He discusses the potential coverage issues under D&O liability insurance policies and argues that non-executive directors should take an active and personal interest in the insurance protections which may be available to them in the event the worst happens.
Read MoreAre you sitting comfortably? Cyber risk, board attestations and the implications for NEDs
Cyber risk remains one of the most challenging risks facing many organisations. Regulations in the US, EU and UK in relation to cyber risk disclosure requirements are making these risk ever increasingly prominent for business and challenging for their non-executive board members. Andy Watkin-Child discussed the complexities of cyber risk and the various regulatory responses emanating from the UK, US, and EU at December’s Risk Committee Chairs Forum hosted by the Risk Coalition, highlighting the challenges for non-executives and risk committee members.
Read MoreRisk management and internal audit should collaborate to navigate the poly-crisis of risk
The global risk landscape has become increasingly complex to navigate, and the multitude of risks that organisations face has become ever more interconnected, says Mamun Madaser. He explains that the risk of a polycrisis – defined as a cluster of related global risks with compounding effects, such that the overall impact exceeds the sum of each part – has now become a very real threat. Risk in Focus 2024, a Europe-wide annual research project analysing the top risks faced by businesses, identifies cybersecurity as remaining the biggest threat to organisations. Human capital, diversity, and talent management as the second biggest risk, followed by macroeconomic and geopolitical uncertainty which is ranked jointly with changes in laws and regulations as the third most significant risk. To tackle this, he says internal audit and risk management should work together to build their organisation’s resilience to support them to successfully navigate the more risky, uncertain, and volatile times we face.
Read MoreHow to mitigate the risk of cyber security breaches – part 2
Organisations need to implement a comprehensive set of security tools that are appropriate to their businesses, says Jim Watson, and they also need to identify their most valuable and confidential data, ensuring that appropriate security tools and controls are used to minimise the risks involved. Building on his earlier blog which discussed the role of organisational culture in mitigating cyber risks, he discusses the key requirements of IT security tools and controls. He also explains the role that second-line risk management and compliance functions need to play in monitoring the security first-line controls, and the need for regular third-line internal audits to evaluate the effectiveness of governance, risk management and control processes.
Read MoreRisk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
One of the key proposed change under the UK Corporate Governance Code would require Boards to conclude on the effectiveness and material weaknesses regarding their risk management and internal controls relating to operations, reporting and compliance. Nisha Sanghani, summarising discussions at a recent Risk Coalition Risk Committee Chairs Forum, explains that the main aspect of the discussion focused on whether organisations have the right risk management framework in place to be able to confidently meet the requirements of the proposed Code revisions. The view generally, however, was there is much work to be done by organisations to be able to do this. However, if done properly, she says that UK companies can avoid firefighting when caught out by risk, and perhaps can even start to think about making commercial risk-based decisions.
Read MoreHow to mitigate the risk of cyber security breaches – part 1
Cyber security breaches regularly hit the headlines these days, and the fact of the matter is that we only hear about a fraction of the incidents that happen. The threat of these incidents is a significant risk for organisations and breaches can have devastating results for the companies and people involved. They can result in serious financial impact, lost customers and reputational damage to companies - even risk to health and life. In this blog, Jim Watson explains that people are often the weakest part of an organisation’s cyber defence, so organisations need to embed security within their culture and governance, ensuring that all levels of the organisation understand the importance and value of security.
Read MoreThe implications of the revised UK Corporate Governance Code
The latest of the Risk Coalition’s CRO Forum roundtable discussions held this month considered the implications of the proposed revisions to the UK Corporate Governance Code for senior risk professionals. The discussion highlighted several challenges that organisations might face if the revised Code is implemented as proposed. These challenges mainly relate to: the expansion in the Code’s scope beyond financial risks and controls, the need for organisations to identify and prioritise material controls, the requirement to report material weaknesses and the need for expertise and resource to handle the proposed changes effectively. This blog summarises the roundtable discussions and highlights key planning considerations.
Read MoreFinancial regulators take aim at crypto-finance
Recently, the Bank for International Settlements (BIS) and the Financial Stability Board (FSB) published important reports about the risks inherent in crypto-finance. They make unpleasant reading for some. The BIS concludes that crypto’s inherent structural flaws make it unsuitable to play a significant role in the monetary system, whilst the FSB proceeds to list series of major risks arising from crypto-assets. Andrew Cunningham sets out how board directors and risk professionals should respond to the latest work from the BIS and the FSB.
Read MoreOpening our eyes to the risks in our hands
Some risks we cannot do anything about, some we choose not to do anything about, and others prompt us to take action. According to Emma Martins, Data Protection Commissioner at the Office of the Data Protection Authority in the Bailiwick of Guernsey, it is much easier to respond to risks when we are clear about what they are. When the harms are less visible, or hard to imagine, we tend not to be very good at ‘risk engagement’. One such area is data, which is often thought be an ephemeral concept, but she says we could not be more wrong. The risks are very real and - for example in relation to data protection and privacy - and could potentially be significant. She explains why it is essential to be laser focused on harm prevention when it comes to data and the risks faced.
Read MoreAdapting to economic uncertainty
Nowadays, the state of the economy seems to perpetually be in the media headlines, and businesses continue to grapple with an uncertain, challenging and volatile economic backdrop. A new survey by the Chartered Institute of Internal Auditors finds that six in ten internal audit executives now regard the risk level posed by economic uncertainty to their organisation to be either high or very high. Gavin Hayes explains that, to navigate these risky and challenging times, collaboration between risk management and internal audit has never been more vital.
Read MoreBoards need to set their own agenda if they are to be effective
There are a wide range of topics hitting the headlines when it comes to board effectiveness and what boards need to focus on. Diversity and inclusion, climate risk, artificial intelligence - the list goes on. The boardroom agenda is ever increasing, and understandably so given the environment businesses today find themselves in. These issues have tended to eclipse core questions related to the conduct of board meetings and Andrew Cunningham provides us with a useful reminder of the key areas boards should remember to focus on, including the importance of agenda setting.
Read MoreHow to survive a world of uncertainty
We are living in a world of uncertainty and the ranges of possible outcomes of many of the events we are facing are not known. What will the impact of generative artificial intelligence on society be, for example? Historical data and statistics cannot help us determine the likelihood of any particular outcome occurring when we are faced with uncertainty, so traditional risk management techniques such as stress testing will be of limited use in the circumstances; stress testing relies on the notion that we know the range of potential outcomes. Kathryn Kerle advocates storytelling and supplementing traditional approaches with reverse stress testing as useful techniques that can help us manage risk more effectively when dealing with uncertainty.
Read MoreThe value of risk management - where is the evidence?
Is there really any evidence suggesting that mature, more successful organisations tend to operate more mature risk management frameworks? A recent Risk Coalition Risk Committee Chairs Forum (RCCF) discussion explored this question. The discussion highlighted the crucial role boards play in setting the right tone at the top, as well as the importance of fostering a risk-aware culture, where challenging assumptions and discussing risks openly are encouraged.
Read MoreEnhancing audit quality: a new risk-based approach leveraging big data
Audit failures have appeared in the press headlines far too often, yet concerns raised about the effectiveness of the auditing profession - and its ability to identify and address potential risks - have never gone away. Olivier Beroud asks why audit failures happen, and how can they be prevented. He argues that an approach based on big-data mining, combined with powerful analytics, could provide the foundation for a risk-based approach that could enhance audit quality and that restores confidence in auditing.
Read MoreArtificial intelligence: the challenges of existential AI
Artificial Intelligence (AI) has emerged as a powerful tool that holds immense potential to transform various aspects of our lives. As much as the benefits it can bring, Dr Hammou Messatfa points out the crucial need to recognise and address the existential threats associated with AI’s advancement. He discusses the distinction between trustworthy AI and existential AI, and explores the concept of ‘unaligned AI systems’ - noting that the risks associated with this could be greater than existential threats such as pandemics, climate change, and nuclear war.
Read MoreWhat's the value of risk management… and why hasn’t anyone been able to prove it?
There seems to be relatively little conclusive evidence to prove the value of all the risk management activity that Is going on. The Risk Coalition’s newly established CRO Forum recently considered how risk management activity can move beyond simply being seen as a cost to the business to become genuinely value adding. As Chris Burt explains, participating risk leaders believe that a shift in mindset is needed, and there also needs to be a change in the role of risk management to facilitate strategic decision-making.
Read MoreTransition plans: engagement is key to insuring the transition to Net Zero
The most recent of the Risk Coalition’s Risk Officers Sustainability Forum (ROSF) roundtable discussed ‘Transition planning and associated risks’. Alex Hindson sets out his key takeaways from this discussion, pointing out that it is important to start by acknowledging transition plans will be complex. He says to be successful requires effective engagement whilst being transparent about progress is also critical. He identifies three key questions that all organisations should be asking themselves in relation to their transition plans.
Read MoreNavigating Not Easily Quantifiable risks: the role of the Board Risk Committee
In an increasingly complex and uncertain business environment, not easily quantifiable risks pose significant challenges to organisations and their boards. The role of the board risk committee becomes paramount in addressing these risks effectively by facilitating exploration, encouraging alternative perspectives, and advocating for a comprehensive risk management approach. Chris Burt from the Risk Coalition summarises discussions from a recent roundtable meeting of the Risk Committee Chairs Forum,
Read MoreData and digital risk prevention: a business risk and a business opportunity
Data breaches and digital controversies can severely damage an organisation’s brand and its company valuation, so boards need to be vigilant to ensure the safety of their data and the continued success of their business. Steve Sanders and Lisa Burton explain that taking appropriate pre-emptive steps to protect data will minimise risk and create a safer, more secure environment for all stakeholders involved. They advocate the creation of a Digital Risk Committee, an internal multi-disciplinary team that avoids the risk of siloed working, and which delivers real benefit within an organisation.
Read More