Risk Management Insights

I want to join the BLOG

05/02/2015 / Compliance Management

Is Technology the Key to Managing Compliance?

Once viewed as a luxury, the use of technology for compliance management within the financial services industry has now entered mainstream. The complexity of reporting obligations combined with the need for better document management, data security and effective communication has created the need for financial services firms (“FSFs”) to use technology as a means for better managing and running their compliance program. This article explores how FSFs, and any other regulated entity, can benefit from integrating technology to create a more effective and efficient compliance management process within the organisation.

Read More

02/02/2015 / Compliance Management

Compliance Risk Management

There has been, for many years, an ongoing debate as to the relationship between Compliance Management and Risk Management. Some have believed they are separate disciplines, others that risk management is a subset of compliance and yet others, that compliance is a subset of risk management.

The new ISO 19600 standard (December 2014) provides a reminder of how compliance and risk should operate together, as “colleagues” sharing a common framework with some nuances to account for their differences. The 29600 standard on “Compliance Management Systems” reflects largely the existing AS 3806-2006 standard, which it will replace.

Read More

27/10/2014 / Compliance Management

Considerations when designing an optimal compliance function

17 September 2014: Protecht was proud to be a part of Compliance Solutions Day 2014 hosted by Lexis Nexis and Compliance Network Australia at the C3 Convention Centre in Vienna, Austria.

Protecht's Executive Directors, David Bergmark and David Tattam with Arithmetica, one of our European partners.
 

The following post is an overview of David Tattam's presentation:

Optimising the Compliance Function in 2014 and Beyond

Compliance means conforming to a rule. That rule may arise from an external source such as a law or regulation or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.

The issue for an organisation is: how can conforming with the rule(s) be ensured?  This is the key objective of a compliance function.  The methods we can use to ensure we conform with the rules are many and varied and an organisation needs to determine what compliance methodology will be used. The compliance methodology should balance a desired level of compliance against the cost and time in achieving that level of assurance. Getting this balance right will lead to an optimal compliance function.  

Considerations when designing an optimal compliance function include:

Read More

24/10/2014 / Security Risk Management, Enterprise Risk Management, information security management, Compliance Management

Information Risk Management as part of your ERM framework

 

We hear many times that this is the information age and that data is the new gold.  The “Big Data” trend encapsulates this and focuses our minds on the potentially huge amounts of data our businesses have access to, both internal and external. Data and information is therefore a potentially high value asset but just like a gold mine, it needs to be mined and refined into something valuable and protected. 

Due to the explosion of available information and the ever increasing importance of using this information to provide our business with the information resources it needs to function, information risk management has never been more critical for business.

This article considers information risk management as part of an overall Enterprise Risk Management (ERM) framework.

The starting point for information risk management is to identify all sources of information that is used and managed by the organisation.  This requires the development of an “Information Asset Register”.  This should include such things as:

  1. Information Asset Name
  2. Type:  Electronic / physical
  3. If electronic:  Production, Test or Back-up
  4. Type of storage: Server, laptop, desktop, mobile device, web, USB key, physical (filing cabinet) etc.
  5. Type of information (field descriptors)
  6. Purpose /use of information
  7. Location (geo location)
  8. Number of records
  9. Relevant external obligations over information. Is the information public or private? For government, unclassified / protected etc.
  10. Information / Storage owner
  11. Methods of write access (add, amend, delete)
  12. Methods of read access (web, intranet, print etc.)
  13. Parties with write access
  14. Parties with read access
Read More