Risk Management Insights

I want to join the BLOG

David Bergmark, Chief Executive Officer

David Bergmark consults on a variety of market and enterprise risk management issues and is actively involved in the development and implementation of Protecht's risk management software (ERM and ALM). David started out in the audit division of Price Waterhouse in 1990, handling clients such as Macquarie Bank and Bankers Trust. By 1994 he was Risk Controller for Carrington Securities - a financial markets trading company. In 1996 David left Carrington to head up the Risk Management Department at IBJ Australia Bank (IBJA) where he was responsible for the development of all risk disciplines at the bank – market, credit, liquidity and operational.
Find me on:

Recent Posts

Key Risk Indicators, Protecht.ERM system, Internal Audit

Enterprise Risk Management Software and the Internal Audit function

The Internal Audit function has always been an integral part of any organisation, giving independent comfort to stakeholders that the governance and the control environment are operating as expected and and in an effective way. As part of that work, recommendations to improve systems and processes are often provided.

The starting point for any risk-based internal audit is to understand the risks associated with key business functions or processes, and the controls that mitigate either the likelihood of the risk occurring or its impact.

Read More

Press/Media, Protecht Culture

Thank you for an awesome 2018! 🎉

Firstly, thank you to all of our clients, followers and subscribers for your support over the last 12 months. It has been an incredible year of growth. To close off Protecht's 19th year in business, here's a round up of key events, milestones and stats from 2018.

Read More

Enterprise Risk Management, ERM, Risk in Motion, Protecht.ERM system

Enterprise Risk Management - Connecting the Dots. RiskInMotion

Connecting the dots (in this case, the risks).

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Read More

Compliance Management, Enterprise Risk Management

Understanding Compliance Risk

Today, corporations and government agencies are facing an unprecedented wave of regulatory obligations and increased penalties for non-compliance. The financial services sector, as an example, needs to comply with a myriad of prudential regulations, federal privacy, AML/CTF, consumer credit and protection laws to name a few. Obligation registers now contain over 1,000 entries for compliance teams to deal with. In smaller organisations, these teams are often under-resourced due to compliance being a cost centre.

In this blog, we will discuss issues around some of the complexities of effective compliance risk management.

Read More

Protecht News & Events, Risk Culture, Risk Management

2017 Wow... What a Year

Protecht's 2017 in Review! Thank You for Your Support

The last 12 months have been full of amazing changes and challenges for Protecht and we want to take this opportunity to thank all our clients, partners, staff members and blog readers for all the support. We have many reasons to celebrate; continued growth in our wonderful advisory, development and support teams, record growth in client numbers as well as the move of our Sydney head office to a bigger and better space. It was almost 20 years ago that David Tattam and I commenced working together on the Protecht concept, dreaming of one day having a leading risk management training, advisory and software company. There is still more to do as always, but it has been the most rewarding business risk that we have ever taken. 

Below are some of the milestones that made this year unforgettable for us and also some pictures of our clients and staff Christmas parties. Merry Christmas and Happy New Year 2018. 

Read More

Compliance Management, Risk Culture, ERM

Reputation Damage - Risk Event or Risk Impact?

Looking back over the last 12 months, corporate scandals continue with the finance industry seemingly always managing to make the headlines. Wells Fargo fake accounts in the US, CBA anti money laundering issues in Australia are two examples. The flow on effects from these scandals are often similar:

  1. Executives and CEO's involved are ushered out the door - key person risks arise.
  2. Fines were or will be imposed by regulatory agencies, which seem larger and more punitive in recent years.
  3. Class action lawsuits are attempted on behalf of disgruntled shareholders resulting in additional legal fees and potential settlement costs.
  4. Strategic growth objectives are derailed, as the companies involved need to batten down the hatches to recover from the scandal.
Read More

Enterprise Risk Management, Risk Controls

Risk Event Libraries. Do your own sanity check.

At Protecht, we get to see a lot of risk event libraries. There continues to be some confusion as to what is actually a risk event that is worthy of its place in a central library of risks. We often see these libraries peppered with failed controls, impacts and causes rather than the true underlying risk event.

In this blog we hope to provide some tips for you to do your own sanity check on the quality of risks in your risk registers or library. 

It helps to first think about the output – what will our reporting to stakeholders at both management and Board level look like and be used for. If risk events are too broad, aggregation of supporting data such as incidents and internal audit findings connected to such broad risks will become less useful, as will any attempt to allocate a meaningful set of controls to the risk. Too specific with lots of detail, renders summation of the top risks in charts as too unwieldy and confusion as to what is the actual risk event.

Examples would be as follows:

Criminal activitytoo broad. In this example, there are too many sub risks with different controls that need to be assessed. If all internal audit findings and incidents relating to internal fraud were wrapped up to this ‘risk event’ the first thing any Board member would ask is what type of criminal activity are we talking about? Rather than a risk event – this would be a good risk category, similar to other risk categories such as Employment Practices and Safety and Business Disruption.

Read More

Security Risk Management, information security management

Cyber security – will we ever be safe?

I recently read an article in the @TheEconomist (April 8 edition) entitled The Myth of Cyber Security, a somewhat depressing article on the poor state of cyber security globally. The author discussed numerous reasons behind the current problems:

  • Software complexity and speed of development
  • Users failure to protect themselves
  • The technology industry’s inability to self regulate and accept liability for product flaws

The last point drawing comparisons to the car industry in the early 1960’s. It was not until the government forced their hand on safety did the industry’s attitude change.  The author considered that perhaps additional government intervention could be beneficial to the technology sector.  Examples included increased reporting requirements for companies that are hacked, forced default password changes and legislated timeframes for fixes to "at risk" products.

Read More

Protecht News & Events, Risk Culture, Risk Management

2016 - The Year That Was

2016 Done and Dusted

Over the last three weeks we have had Christmas parties in Melbourne and Sydney for our clients, as well as our staff Christmas event. (Check out more photos at the end of the post.) Needless to say, we are all looking forward to some downtime leading into the New Year.

Read More

Enterprise Risk Management, Risk Culture, Risk Maturity, Risk Manager

Successfully Implementing an Enterprise Risk Management System

5 factors of success

I was thinking about the characteristics of companies that make the decision to acquire and then successfully implement an Enterprise Risk Management software solution. Why? Well, we are in the business of providing software solutions to companies so we are always interested in understanding, why certain companies get more out of ERM solutions than others.  However, upon reflection, I think it is also important for companies on the ERM journey to reflect on these factors of success in their own decision-making process. So what are some of the factors of success?

1. Company Size – Does Size Matter?

Often company size is considered as a driver for moving to an ERM software solution. The bigger the company, the greater the need as there are more people involved in the process. Manually following up actions, treatment plans and risk assessment becomes more time-consuming and prone to errors. So generally speaking, we would expect some correlation between the number of ERM installations and size.

Read More