Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Defining Reputational Risk

Posted on by

The following article is part of a new blog series that will explore ideas, concepts, discussions, arguments and applications associated with the field of enterprise and strategic risk management.

One of the more striking conclusions contained in Aon’s 2015 Global Risk Management Survey is that damage to reputation and/or brand was considered by the survey cohort to be the most significant risk to the enterprise. The survey was conducted in Q4 of 2014 and received input from over 1,400 respondents coming from both the private and public business on a worldwide basis.

The “Top Ten” most identified risks included:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to act or retain top talent
  6. Failure to innovate/meet customer needs
  7. Business interruption
  8. Third-party liability
  9. Computer crime/hacking/viruses/malicious codes
  10. Property damage.

The survey results should not come as any real surprise given the number of sensational news stories coming from around the world that highlight potential or real reputational or brand problems. We have witnessed data breaches ranging from credit card identity theft in consumer retail, to serious product recall notifications in the food and beverage industry, to product performance/ warranty failures in the automotive arena, as well as “hints of reputational quality,” defined as “trust” in the early stage politics of the presidential selection process involving private vs. public use of email servers. There is little doubt that news, sensational or not, impacting reputational or brand, will continue for some to come. The real question is: Should anyone care?

Defining reputational/brand risk is hard to accomplish:

Based on some additional research done by my colleague Sylvesto Lorello, reputational risk is not a new concept, but it arguably has no established or universally agreed upon definition. Academic and business thinking about this subject continues to evolve. Within the insurance underwriting community that I have been in touch with, reputational or brand risk is being compared in scope to contingent liability risks, but with a serious caveat: the basis of the risk is highly variable and the duration of the risk event/loss event is difficult to pin down economically.

The concept of reputation and brand for example, are notably absent from the 2004 framework for enterprise risk management proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It is also overlooked in the Basel II international accord for regulating bank capital, which was also issued in 2004.

A lack of common standards or definitions of reputational risk mean that companies perceive it in different ways.

buy cytotec online orthomich.com/img/blog/jpg/cytotec.html no prescription pharmacy

Some risk practioners are beginning to view reputation as a “risk of risks” similar to the dialogue surrounding the “internet of things/objects.” Interestingly, an emerging dialogue is developing around whether reputation or brand is actually a risk or a residual event stemming from other extenuating risk domains or actions.

The ISO 31000 (2009)/ISO Guide 73:2002 definition of risk is the “effect of uncertainty on objectives.” In this definition, uncertainties include events (which may or may not happen) and uncertainties caused by ambiguity or a lack of information.

The U.S. Federal Reserve in 1995 defined reputational risk as “…the potential that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation or revenue reductions.

buy vidalista online orthomich.com/img/blog/jpg/vidalista.html no prescription pharmacy

In this case, the definition points to the potential for hard data from which basis and duration can be calculated.

Definitional issues aside, eventually societies will develop benchmarks with which to measure reputational or brand acceptability. One way of thinking about this approach is shown in the following exhibit.

UntitledHere we ignore some of the more difficult definitional discussion around a combined reputation/brand perspective, and limit our view to reputation alone.

buy fluoxetine online thecifhw.com/wp-content/uploads/2023/10/jpg/fluoxetine.html no prescription pharmacy

From a practical early stage standpoint, an entities reputation could be view from potential threat and potential impact perspective. On the threat side, it may be possible to segregate threats into four categories:

  • Risk to reputation stemming from employment activities;
  • Risk to reputation coming from product or customer issues;
  • Risk to reputation derived from governance; and,
  • Other less easily classified risks to reputation.

These categories appear for graphical purposes as if they are mutually exclusive, but in reality, there are good examples of causal overlap that increased risk volatility and severity. Recent oil spills and automobile product failure/recalls are enduring situations where more than one causal category created a economically catastrophic reputational problem.

On the other side of the graphic we outline the potential impacts to reputation coming from the threat categories. Again, while not mutually exclusive or exhaustive, the impact areas include:

  • Customer base
  • Financial valuation
  • Brand and media
  • Staf
  • Other less easily defined impacts.

Coming next, who are the stakeholders and how might one approach measuring reputational risk.

Navigating Technology Risks

Posted on by

One of the key questions being asked by audit committees and boards of directors of organizations around the globe is whether their emerging technology risks are being properly identified and managed. To that end, the Global Internal Audit Common Body of Knowledge (CBOK) released “Navigating Technology’s Top 10 Risks,” which identifies the top technology risks and ways that organizations can learn about and address these risks.

Here are the top five out of 10 risks ranked by the study:

1.      Cybersecurity

One of the biggest cybersecurity risks faced by companies is the possibility of theft of confidential data by external perpetrators, and the study found this is the most discussed IT topic among executives, internal auditors, audit committees and the board. One of the biggest cybersecurity risks faced by companies is the possibility of theft of confidential data by external perpetrators.

buy mobic online dentalhacks.com/wp-content/uploads/2023/10/jpg/mobic.html no prescription pharmacy

More than 70% of survey respondents consider the risk of a data breach to be extensive or moderate, while 82% of IT specialists consider this risk to be even higher.

buy singulair online dentalhacks.com/wp-content/uploads/2023/10/jpg/singulair.html no prescription pharmacy

2.     Information Security

With the recent spotlight on data breaches, the current focus is a layered defense of critical information rather than a single layer of protection.

A strong information security program encompasses:

● Robust risk assessment process

● Effective governance and compliance procedures

● Documented and communicated information security policies and standards

● Effective security awareness training program

● Efficient access control procedures

● Tested disaster recovery, business continuity and incident response programs

● Operational asset management, network management, patch management and change management processes

● Tight physical security

3.     IT Systems Development Projects

While organizations need to update their technology systems, success rates are low. The study found that the success of systems development projects was 16.2% for overall success, 52.7% for challenged projects and 31.

buy sinequan online dentalhacks.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

1% for impaired or canceled projects.

Examples of project objectives not achieved include missed deadlines, cost overruns, efficiencies not delivered as expected, flawed software that was not tested before implementation, reduced integration from the initial plan and less functionality than was identified in the business case when the project was approved.

4.     IT Governance

In many organizations, management questions the amount of money spent on IT and increasingly monitors IT costs. This added emphasis is also due to the widening gap of what IT thinks the business needs and what the business thinks IT can deliver.

A good IT governance program must have these elements:

● Clear alignment to business

● Measurable value delivery to business

● Accountable controls of resources, risk, performance and cost

IT Governance Activity

5. Outsourced IT Services

Because of the increased focus on IT costs, some key IT services have been outsourced. According to the study, this can expose an organization to risks that may remain undiscovered until a failure occurs. An average of six out of 10 internal auditors surveyed said they expect an increase in audits of outsourced IT services over the coming year, according to CBOK, which is administered through the Institute of Internal Auditors. The largest increase is expected in Sub-Saharan Africa and the smallest in Europe.

Katrina’s Lessons in Windstorm Risk Management

Posted on by

Hurricane Katrina, which pummeled the Gulf Coast of the United States 10 years ago on Aug. 29, has proven to be the deadliest and costliest disaster on record. The 2005 Atlantic hurricane season was the most active in recorded history with more than 30 tropical and subtropical storms, including 15 hurricanes.

According to the study, Hurricane Katrina 10: Catastrophe Management and Global Windstorm Peril Review by Allianz Global Corporate & Specialty, it was predicted that hurricanes would become more frequent and intense after 2005, however, “In reality, the exact opposite has occurred,” Andrew Higgins, technical manager, Americas at Allianz Risk Consulting explained in the report. Instead, there has been a reduction in Atlantic hurricane activity during the last 10 years, with 2013 seeing the fewest Atlantic basin hurricanes since 1983. “These results illustrate the fact that we do not fully understand the complex climate variables that affect hurricane activity,” he said.

Because Katrina’s impact was so devastating and widespread, many changes have since been made. New Orleans has built a new system of levees, for example. Flooding caused by Katrina revealed the state of the levee systems in the U.S. to be substandard and in need of repairs estimated at $100 billion,the National Committee on Levee Safety found. “There are many levee systems throughout the U.S. that would reveal similar deficiencies if subjected to the same level of scrutiny as those in New Orleans,” according to the study.

“Katrina will always be remembered as an extraordinary natural disaster that affected millions of individuals and businesses and left an indelible impact on the global insurance industry,” Hugh Burgess, head of corporate lines at AGCS, said in a statement. “Even without considering the influence of climate change, the prospect of increasing losses due to storms is more of a result of continued economic development in hazard-prone developed coastal areas. Preparedness limits windstorm exposure and Katrina has taught us many lessons on this front.”

Top lessons from Hurricane Katrina:

1. Storm surge impact and risk modeling

“Storm surge modeling prior to Katrina essentially assumed that the height of the storm surge was a function of the maximum sustained winds,” Higgins said. “Katrina clearly showed that there are other factors that affect storm surge height… We have learned that in addition to wind speed, the physical size of the hurricane can affect the storm surge. Camille’s hurricane-force winds extended 60 miles from the storm center, while Katrina’s extended 120 miles. The larger size of Katrina was a major factor in pushing more water onto the shore.”

2. Flooding threat

The flooding caused by Katrina showed that the conditions of the levee systems in the U.S. are very poor. “The 2013 Report Card for America’s infrastructure developed by the American Society of Civil Engineers rates the levees in the U.S. as a D-,” Higgins said.

3. Wind damage prevention

Substantial wind damage occurred to structures that experienced hurricane force winds from Katrina, despite the fact that the recorded wind speeds were less than the wind design speeds. So what happened? “Most of the wind damage occurred to the building envelope,” Higgins explained. “That includes the roof covering, walls and windows. If the building codes had been strictly followed, the wind damage would have been greatly reduced. Poor workmanship and a lack of knowledge were the primary culprits.” He added, “Today, the Gulf Coast is in a better position to withstand the effects of a hurricane due to better education, improved construction guidelines and increased third party inspection.”

4. The importance of business continuity

After widespread catastrophes businesses typically relocate, meaning the client base can diminish until recovery progresses. The key to recovery is to establish a plan in advance that identifies clear priorities for attention to crucial operations, so the business can get back up-and-running as quickly as possible.

5. Insurance coverage issues

While insurance claims settlement levels from Katrina were high, it’s imperative to know what’s protected ahead of time. Many insureds were surprised to find out they were not covered for storm surge losses, the main coverage issue resulting from the storm. Whether damage was caused by wind or water became a key focus of post-Katrina litigation.

6.  Unexpected impact of demand surge

Demand surge is a post-catastrophe complication which can have not only catastrophe-related consequences in terms of rising prices due to a shortage of available goods, but other loss consequences as well. For example, a shortage of American-made drywall because of the demands of rebuilding led to a significant increase in imports of defective drywall manufactured in China. This resulted in a number of environmental issues and eventual litigation, particularly in the storm-affected states of Florida and Louisiana.

Allianz concluded that businesses need to start early to prepare for the worst-case scenario. “Businesses need to be sure to have tested business continuity plans and especially communications cascades in place and have insurance policies at a safe location,” advised Andreas Shell, Head of short-tail claims at AGCS. “Creating a separate booking account to which businesses can record hurricane-related damages to easily identify the loss incurred can also help.”

Terry Campbell, regional claims head, Americas at AGCS noted that every company should take these steps to ensure the claims settlement process runs as smoothly as possible after a windstorm event: “Follow the protocol outlined in the catastrophe response plan. If there isn’t one in place, one should be immediately developed for that event. Ensure there is adequate staff to respond and that there is ongoing communication to include scheduled meetings to discuss progress as well as issues, problems etc. These can be done as frequently as necessary,” he said.

POS System and Critical Infrastructure Attacks, Hactivism Pose Top Cyber Threats

Posted on by

Maintaining enterprise security only gets more difficult, as additional means of cyberattack and increasingly sophisticated techniques are added to attackers’ arsenal.

buy ventolin online www.tvaxbiomedical.com/scripts/css/ventolin.html no prescription pharmacy

“Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks,” explained researchers from network infrastructure and security services company Verisign. “Security practitioners must not only protect their enterprise assets, but also guard against threats to their supply chain and other business ecosystems.

buy neurontin online www.tvaxbiomedical.com/scripts/css/neurontin.html no prescription pharmacy

These threats, coupled with the cyber threat landscape’s continuous evolution in terms or actors, tactics and motivations, have created a situation where organizations must now move toward an intelligence-driven, holistic security approach to keep pace with the rapid changes in attackers’ tactics, techniques and procedures (TTPs).”

According to Verisign’s “2015 Cyber Threats and Trends: What You Need to Know to Protect Your Data,” the top cyberrisks from 2014 and the first half of 2015 came from:

  • attacks on point-of-sale (POS) systems
  • banking trojans and downloaders
  • various forms of hacktivism
  • critical infrastructure attacks
  • open-source software exploitation
  • vulnerability research “crowdsourcing”

Check out the infographic below for some of the report’s key insights into the top cyberthreats and the biggest vulnerabilities for enterprise security:

verasign cyber threats trends 2015