Rethinking the RCM

Much like fire and early man, the Excel-based RCM-to-Assurance Professional relationship has seemingly been in existence since the dawn of time (or at least the dawn of Excel). Thankfully there is a better way to manage this critical element of your assurance process. And you can do it without having to sacrifice what made the Excel-based approach so appealing in the first place—structured data, demonstration of key relationships, management of key attributes.

How to Build Your Risk Register

One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.

Reading Roundup: Fresh Ideas in Risk Management

If risk management is on your radar, take a look through the articles and insights below. They might just challenge your thinking…in a good way.

Defining Your Vendor Management Policy

More than likely, you have a process for managing vendor relationships. You may even have a sophisticated process with a centralized vendor repository, risk assessments, due diligence, contract review, careful onboarding and ongoing monitoring. But how many of your employees know the process? And more importantly, how many of them understand how they fit in?

How to Gain Control of Third-Party Risk: A Case Study

Identifying and managing risk within your own organization is challenging enough. When you add a diverse array of third-party relationships, the picture becomes exponentially more complex. Learn how Intarcia has taken control of vendor risk management with automation, structure and real-time reporting.

Guest Post: Weeding Out Vendor Risk in the RFP Process

By Dave Hulsen, Co-Founder of RFP365 – Gardening is one thing, but what about our growing businesses and the third-parties we engage to help us flourish? As I thought about the numerous vendors we rely on, I started to think about what “pesky” vendors might be choking out our true partners (i.e. the ones that are truly critical to our success). If any of our vendors are increasing the amount of risk we manage to unacceptable levels, we need to identify them.

Vendor Risk: Find It Before It Finds You

Managing risk within the confines of your own business is hard enough. When you tack on risk associated with vendor relationships, the complexity only grows. As business leaders, we have to carefully manage vendor relationships to protect our customers, employees and stakeholders, but the process can be daunting.

What’s New and Exciting? Dynamic Filters for Audit, Risk & Compliance

With each release, I make time to analyze the key features and perform updates across our full suite of Internal Audit, Risk Management and Compliance solutions. As I do this, I’ll be sharing my thoughts, ideas and insights here on the blog, if only to help spark ideas for our clients on how they, too, can use Onspring to the fullest.

Driving in the Rain: How to Handle the Unpredictable Through Effective Risk Management

One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.

How to Be Lazy Where It Counts

When you develop software, there are many stages of the design phase that are highly critical to the final product. Too often, companies are in a rush to push feature releases or changes to their products that are “box checkers.” They’re trying to compare themselves to a competitor in a favorable light, without actually thinking about the problem in depth, or not considering things such as long-term performance and usability.

Enterprise Risk Management: Building Awareness, Understanding and Action

How does a financial services company launch an Enterprise Risk Management (ERM) program with a department of just a few? The Onspring team had the opportunity to work with an organization to help build their ERM program from the ground up. Now, with multiple years of data to review, the company has discovered tangible benefits, wide sweeping perception improvements and actionable data to facilitate change in the right direction.

Understanding Risk: Just Like Learning to Ride a Bike

When risk taking tips over into unethical behavior, organizations face potentially catastrophic outcomes. But is all risk-taking bad? Certainly not. In fact, it’s essential for business growth. To put it simply, a business that takes no risks is quickly out of business.