From Scapegoat to Savior: The Risk Manager Story

Chris McClean

Chris McClean

Even in the toughest times, winners will invariably emerge. With the way expectations are changing regarding corporate controls and disclosure, risk management professionals (whose lack of influence was seen as a substantial cause of our current state of affairs to begin with) will likely be among the first beneficiaries of our new outlook on business.

Forrester customer inquiries seem to have taken a step back when it comes to risk management. While there are still plenty of incoming technology and vendor selection questions, there has been a noticeable spike in calls about fundamental issues, such as how to build and organize risk management programs. Knowledge and experience in risk management basics is in high demand.

Last week, the New York Times emphasized this demand by highlighting the current value of graduate degrees or certification related to risk management. The article explains:

Read more

Is IT Risk Management Compatible With ERM?

Chris McClean

Chris McClean

Every month or so, news events (attacks on government sites, massive privacy breaches, etc.) provide a ‘wake-up call’... a proof point used by vendors and practitioners alike that protecting our national and corporate information assets has never been more critical. On occasion we even see these incidents yield promises of action, for example the anticipated appointment of a US Cybersecurity Czar, which my colleague Khalid Kark discusses here

But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register.

Read more

This week in history - volcanos, hurricanes, and the risk of Black Swans

Chris McClean

Chris McClean

Pouring over endless details of risks, regulations, taxonomies, and technologies can sometimes give us a narrow view of the world, so it seems worthwhile to take a minute to mark the 125th anniversary of the cataclysmic eruption of Krakatoa this week. For those of us that want to think big but can’t remember that far back, this week is also the 3rd anniversary of Hurricane Katrina’s devastating sweep across a wide stretch of the US Gulf Coast.

Read more

Power Outages Are A Major Risk That Most Companies Overlook

Stephanie Balaouras

Stephanie Balaouras

TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.

When companies think of disaster recovery and downtime, they typically think of catastrophic events such as hurricanes, tornadoes, and earthquakes. What companies don't realize is that the most common cause of downtime is power failures. In a joint study by Forrester Research and The Disaster Recovery Journal of 250 disaster recovery decision-makers and influencers, 42% of respondents indicated that a power failure was the cause of their most significant disaster declaration or major business disruption.

Read more

Legislators to the rescue

Chris McClean

One of the most substantial trends we expected to see in governance, risk, and compliance in 2008 is the tightening of regulations in response to major risk management failures. Yesterday, we saw a clear example of that, as the US Senate approved a bill that would nearly double the size of the Consumer Product Safety Commission, largely in response to the massive toy recalls that took place last year.

Also this week, the UK’s Medicines and Healthcare Products Regulatory Agency showed signs of cracking down on disclosure of drug trial results after problems persisted with certain anti-depressant drugs in relation to teenage suicide (even though criminal charges will not be filed).

The sub-prime issue may likely be the next major target for legislative changes, although most discussion seems to be focused on consumer protection at this point, not tighter control over lenders.

Read more

Reward: $68 million for ratting out your employer

Chris McClean

It has been a busy few weeks of news for whistleblowers.  Earlier this month, former Merck sales manager H. Dean Steinke was awarded $68 million of the roughly $400 million recovered by states and federal agencies when the company settled a lawsuit he brought against it seven years ago. (This was part of a larger $671 million Merck paid to settle complaints of overcharging government health plans and offering inappropriate incentives to doctors to prescribe its products.)

While a number of whistleblowers have been lauded by the press over the years, Steinke’s $68 million presents the possibility of more tangible incentives to those aspiring to expose corporate crimes. Other recent, related news includes:

- Court extends SOX whistleblower protection. Last week, a US District Court judge in New York found that whistleblower protection under the Sarbanes-Oxley Act applies to employees outside the United States, helping empower virtual armies of international employees that may have something to report.

Read more

What Constitutes A $7B Control Failure?

Chris McClean

The media yesterday (Wall Street Journal, Associated Press, Economist, etc.) were all over 31-year-old Jérôme Kerviel, the trader at France’s Société Générale who has apparently confessed to fraudulent trades resulting in an estimated loss of roughly $7.2 billion.

In further coverage, we hear that the bank has apologized to share holders, filed legal claims against Kerviel, and promised the public that the incident does not suggest any larger issues with the company’s risk management. The Wall Street Journal however, follows up with a story questioning the effectiveness of regulatory oversight that can let something like this transpire despite Société Générale’s claims that controls were adequately tested and did not fail.

Read more

Keeping up with global regulations

Chris McClean

The Foreign Corrupt Practices Act (FCPA) has been seemingly more newsworthy than usual recently (even impacting Hollywood elite), with somewhat conflicting accounts of the US cracking down on bribery both here and abroad, and the rationale for the US to accept some level of bribery for the sake of broader national interests.

Read more

Risky by association

Chris McClean

The holiday season gave media and industry one more opportunity to discuss Mattel’s massive product recalls this year, and admittedly, I still find myself interested in the story. In this case, it was the World Business Council for Sustainable Development’s article calling out Mattel’s “Epiphany at Christmas”. 

The revelation: “If it's got your company's name on it, it's your problem.”

Read more

Risk Management Lessons from the ‘Mortgage Meltdown’

Chris McClean

Great article this morning in the Wall Street Journal about Goldman Sachs’ performance during the credit meltdown. The company has expectations of record income this year, while competitors are faltering left and right.

There are three important issues in this story — and in the sub-prime crisis in general — that all good risk management professionals know, and should keep in mind as often as possible.

Read more