Category Archives: Governance, Risk & Compliance

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Vendor Risks: Preventing Recalls with ERM

Posted on by

Recall
In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

buy ocuflox online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.
buy tadalafil online https://royalcitydrugs.com/tadalafil.html no prescription

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.

Red flags raised by regulators aren’t always seen by the companies they’re most relevant to, however.

buy cytotec online meadfamilydental.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

The fact that these outbreaks occurred seems to demonstrate that customers’ vendor management practices either failed or simply weren’t robust enough to detect issues. It all comes down to effective enterprise risk management (ERM). ERM provides the tools and framework that allow any organization to standardize processes and effectively mitigate vendor risk.

An ERM approach is characterized by standard criteria, interdepartmental communication, and automatic alerts and notifications. It keeps everyone in the organization on the same page and ensures assessment results are always understandable and accessible. This eliminates redundancy in the risk management process. As a result, you can quickly and easily determine the last time your organization evaluated a supplier. Something as simple as a notification that regulators have published new requirements might save your organization from acquiring infected or defective products.

There are three general stages that apply to any successful risk management effort:

  1. Identify specific risks, followed by assessment and evaluation
  2. Implement tailored mitigation activities to address those risks
  3. Monitor those mitigations to ensure long-term effectiveness

The first step serves as the foundation for steps two and three. Without a proper understanding of what risks your organization faces, it is impossible to prioritize and mitigate them. Especially across multiple business departments or within supply chains—it is quite difficult to identify and account for every variable.

To keep up with vendors’ fluctuating conditions, teams need to systematically identify and assess risks, catching them as they crop up. Preventing assessments from becoming obsolete is the key to keeping a pulse on everything that may affect the business, therefore avoiding unwanted surprises.

Risk assessments also help determine the best way to allocate limited resources. Minimizing vendor-related risks needn’t be burdensome, however. It should be a streamlined process that, by enabling you to avoid harmful incidents, improves operational efficiency. Once your risk assessments reveal the areas of highest priority, you can determine exactly how to mitigate those concerns.

The Freedom of Information Act can be extremely helpful when it comes to your third-party risk management efforts. It grants all companies the right to ask vendors for specific information about plant processes, worker training, sanitation practices, and maintenance. Suppliers are required to be forthcoming with all information (when asked), and teams need to take advantage of this opportunity. It is an important part of the risk management equation and will help you understand your risks before disruptions occur.

Performing vendor risk assessments—in the form of inspections, questionnaires, and service level agreements—generates an enormous amount of data and information. This information is useful for mitigating risk, but only if it is up to date, consistent and distributed to the appropriate individuals. The Freedom of Information Act provides an opportunity to evaluate suppliers with robust risk assessments, and ERM provides the means to capitalize on that opportunity. Ad-hoc assessments of current and prospective vendors, without standardized processes, will only get your team so far.

Steps to Effective ERM

Capitalizing on your vendor assessment rights is only part of the equation. Without an appropriate means of processing, distributing, and making data actionable, you’re back at square one. To make sense of important data, follow these steps:

  1. Create a taxonomy: define relationships between risks, requirements, goals, resources and processes. If each area of the business uses its own system for identifying and classifying risk, the resulting information is subjective and unusable by other departments. There is also significant information overlap—and therefore waste. Use your existing information to create a standard for data collection with minimal work.
  1. Streamline with the standardized risk assessments identified in step one. Risk assessments can be conducted in many different formats and qualities. Use resources already in place and streamline the results using the standard from step one. The most effective way to collect risk data is by identifying the root cause, or why an incident occurred. Honing in on the root cause provides useful information about what triggers loss and your organization’s vulnerabilities.
    buy tretiva online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

    When you link a specific root cause to a specific business process, designing and implementing mitigations is simpler and more effective.

  1. Connect mitigation activities to each of the key risks in these processes. A risk taxonomy gives you a more holistic understanding of all the moving parts in your organization. This makes it easier to design mitigation activities.
  1. Connect incidents, complaints and metrics (for each business process) to mitigation activities. Typically, companies already dedicate many resources to monitoring business performance, collecting information about incidents, complaints and metrics. These processes are often inefficient and ineffective. Simply connecting them to mitigation activities, however, identifies the reason such incidents happen. You can then take straightforward corrective actions, meeting top priorities and allocating resources with forward-looking measures. Risk management, after all, is not about minimizing fallout after an incident, but preventing such an incident from happening in the first place.

To make this entire process effective, management must work to develop an enterprise-wide risk culture. ERM is not just an executive-level process, but should be pushed all the way to frontline managers, where everyday decisions are made and the risks are known—but resources are often absent.

Approach your vendor risk assessments as you would any other risk assessment—they should be reoccurring and standardized. Perform them regularly and evaluate the results with the same scale and criteria with which you evaluate all other risks. Finally, automate information collection and review so that reporting reveals cross-silo dependencies before these risks turn into scandals. The result will be increased vendor security and the prevention of surprises, at a fraction of the cost.

A Risk-Based Approach to Rating and Correcting Individual Cyberrisk

Posted on by

LAS VEGAS—At this week’s Black Hat conference, some information security professionals turned to a key issue to control enterprise-wide cyberrisk: hacking humans.

buy antabuse online blockdrugstores.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

As phishing continues to be one of the top threats for businesses, hackers and security professionals here continue to try and make sense of why this threat vector is so successful and how to better defend against these attacks.

In a session called “Blunting the Phisher’s Spear: A risk-based approach for defining user training and awarding administrative privileges,” Professor Arun Vishwanath presented some of his research on the “people problem” of cybersecurity, proposing a new model for quantifying the cyberrisk posed by individuals within the enterprise and tailoring training to best mitigate the risk they pose. While many corporate training programs stage fake phishing emails and then lecture those who fail, he said, this model continues to be ineffective, as proven by the increase in these attacks and their efficacy across all industries. People are not the problem, Vishwanath asserted, rather it is in our understanding of people.

Vishwanath and his colleagues have come up with a model to explain how users think, the Suspicion, Cognition, Automaticity Model (SCAM). Faulty ideas about cybersecurity practices, popular myths and other irrational beliefs lead to illogical and unsafe practices. Automatic behaviors also play a significant role in risky behavior, particularly with mobile devices and the ritualistic checking of email – users open messages mindlessly and get so used to clicking links, downloading files or entering credentials that they do not really factor logic into these decisions.

Based on this model of why individuals act in risky ways, he recommends developing a Cyber Risk Index (CRI) based on a short, 40-question survey given to individual employees to evaluate the cyberrisk they specifically pose, which can also be aggregated across divisions, sectors and organizations.

buy prelone online blockdrugstores.com/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

buy silvitra online https://royalcitydrugs.com/silvitra.html no prescription

As the results highlight different areas of weakness that lead to the employee’s risky behaviors, the CRI can dictate the best ways to that individual and mitigate the risk.
phishing risk training What’s more, this quantitative score of individual cyber hygiene can be used to track changes in risk posture over time and to improve current decision processes regarding privileged access to the organization’s systems to better control data at risk.

buy cymbalta online blockdrugstores.com/wp-content/uploads/2023/10/jpg/cymbalta.html no prescription pharmacy

Check out Dr. Vishwanath’s whitepaper for more on this approach.

Employer Accountability Targeted by Osha and DOJ

Posted on by

Safety harness
OSHA and the Department of Justice (DOJ) formally agreed to team their investigations and prosecute worker endangerment violations on Dec. 17, 2015. While the agencies have worked together in the past, this is now a formal arrangement which employers should be very concerned about, especially those with something to hide. Facing OSHA is bad enough, but it’s a walk in the park compared to tangling with the Department of Justice.

online pharmacy atarax with best prices today in the USA

“On an average day in America, 13 workers die on the job, thousands are injured, and 150 succumb to diseases they obtained from exposure to carcinogens and other toxic and hazardous substances while they worked,” said Deputy Attorney General Sally Quillian Yates in a memo sent to all 93 U.S. Attorneys across the country. “Given the troubling statistics on workplace deaths and injuries, the Department of Justice is redoubling its efforts to hold accountable those who unlawfully jeopardize workers’ health and safety.”

Deputy Yates urged federal prosecutors to work with the DOJ in pursuing worker endangerment violations. The worker safety statutes provide only for misdemeanor penalties. Prosecutors, however, are now encouraged to consider utilizing Title 18 and environmental offenses, which often occur in conjunction with worker safety crimes, to enhance penalties and increase deterrence. Title 18 of the United States Code is the criminal and penal code of the federal government, dealing with federal crimes and criminal procedure.

This cooperation could lead to hefty fines and prison terms for employers and individuals convicted of violating a number of related laws.

online pharmacy flagyl with best prices today in the USA

For example, the owner of a roofing company may go to prison for up to 25 years in connection with the death of one of his workers who fell off of a roof. Not only did the worker not have the required fall protection equipment, but the owner then lied to OSHA inspectors.

James McCullagh, owner of James J. McCullagh Roofing Inc. of Philadelphia, pleaded guilty in federal court to six charges in connection with the death of Mark Smith in June 2013. Smith fell 45 feet from a roof bracket scaffold while repairing the roof of a church in Philadelphia.

McCullagh pleaded guilty to one count of willfully violating an OSHA regulation causing death to an employee (failing to provide fall protection equipment) and four counts of making false statements. He admitted lying to investigators that he had provided safety gear and harnesses to his employees when, in fact, he hadn’t.

McCullagh also admitted to telling an OSHA inspector he had seen his employees in harnesses and tied off earlier on the day Smith fell to his death. McCullagh pleaded guilty to one count of obstruction of justice for instructing workers to tell OSHA investigators that they had safety equipment when they did not. He was sentenced in March 2016 to 10 months in prison as well a one year of supervised release and a $510 special assessment.

“No penalty can bring back the life of this employee,” said OSHA chief David Michaels, “but the outcome, in this case, will send a clear message that when employers blatantly and willfully ignore worker safety and health responsibilities, resulting in death or serious injury to workers, or lie to or obstruct OSHA investigators, we will pursue enforcement to the fullest extent of the law, including criminal prosecution.”

While criminal prosecution in worker fatalities is still a rarity, the likelihood of charges being brought increases when there is suspicion of lying to OSHA or other federal officials.

This partnership has been brewing for a while, as the Justice Department has tried to use the nation’s tougher environmental statutes to bring stronger prosecutions of workplace safety violations by focusing on companies that put workers in danger.

OSHA has placed emphasis on criminal enforcement of workplace safety violations recently by referring more cases to the Department of Justice and U.S. Attorneys offices for criminal prosecution. They referred or assisted with the criminal prosecution of 27 cases in fiscal year 2014—the highest ever in OSHA history.

What can an employer do to avoid the double team? They first need a strong offense by recognizing that under the OSHA Act, they are responsible for providing a safe and healthful workplace. Second, they must know that OSHA’s mission is to assure safe and healthful workplaces by setting and enforcing standards. They also provide training, outreach, education and assistance.

online pharmacy nolvadex with best prices today in the USA

OSHA inspections can be conducted without advance notice, on-site or by phone by highly trained compliance officers. Their priorities are imminent danger; catastrophes and fatalities; worker complaints; targeted inspections due to high injury or illness rates; and severe violators as well as follow-up inspections.

One of the errors many employers make is waiting too long to put an effective program in place. They risk a huge fine, being placed on the Severe Violators Enforcement list, or even jail. Before OSHA shows up, companies need to establish good safety and health programs with four essential elements:

  • Management Commitments and Employee Involvement. The manager or management team must lead the way by setting policy, assigning and supporting responsibility, setting an example and involving employees.
  • Worksite Analysis. The worksite is continually analyzed to identify all existing and potential hazards.
  • Hazard Prevention and Control. Methods to prevent or control existing or potential hazards are put in place and maintained.
  • Training for Employees, Supervisors and Managers. Managers, supervisors, and employees are trained to understand and deal with worksite hazards.

“Every worker has the right to come home safely. While most employers try to do the right thing, we know that strong sanctions are the best tool to ensure that low road employers comply with the law and protect workers lives,” said Assistant Secretary for Occupational Safety and Health Dr. David Michaels. “More frequent and effective prosecution of these crimes will send a strong message to those employers who fail to provide a safe workplace for their employees.

We look forward to working with the Department of Justice to enforce these life-saving rules when employers violate workplace safety, workers’ health and environmental regulations.”

That’s why it is important to have a living, targeted safety program, versus one copied from another employer or one quickly downloaded from a website. OSHA inspectors can quickly determine if a program is real or just a binder on a shelf.

Given the formal partnership with OSHA, the Justice Department’s renewed focus on prosecuting individuals, company executives, managers, and supervisors for workplace safety violations, organizations should note the enhanced risks, and implement measures to stay in the clear and keep their workers safe.

Protect Your Company from Intellectual Property Risks

Posted on by

In intellectual property management, mistakes can be extremely costly, and are, unfortunately, easy for an IP manager to make.

buy ivermectin online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ivermectin.html no prescription pharmacy

The stakes are high: these could cause your company to lose its intellectual property (IP) rights, or worse, may result in competitors obtaining those rights.

buy rogaine online meadfamilydental.com/wp-content/uploads/2023/10/jpg/rogaine.html no prescription pharmacy

Here are the Top 10 IP management slip-ups that can increase these threats to your company:

  • Failure to capture an invention  With the “America Invents Act,” the United States converted to “first to file” from “first to invent.” Unlike the olden days, the first one toCopyright file a new invention—not the first to invent it—gets the rights to the patent. If one of your inventors has a patentable idea and you don’t find out about it, you risk having a competitor file ahead of you.
    buy revia online meadfamilydental.com/wp-content/uploads/2023/10/jpg/revia.html no prescription pharmacy

    Your company can also be excluded from using the invention, which may be a major setback.

  • Failure to meet statutory deadlines  Once you begin the patent filing process, you must meet strict statutory deadlines to file abroad and respond to communications from the patent offices. These include conversion to non-provisional status, application filing deadlines and national filing deadlines. Miss these dates and your patent rights disappear.
  • Failure to Stay in the Loop  Are there IP related conversations and actions happening in your company that you are not aware of? While you may be diligently tracking your activities, your inventors, attorneys or outside counsel could be taking actions (or not taking actions) that you need to know about. Things can easily fall through the cracks if you are not tracking them or in the loop. This may result in expensive mistakes and potential loss of patent rights.
  • Failure to Accurately Project Costs  There are costs associated with building an IP portfolio, including outside counsel fees, filing fees and maintenance fees. Your IP program can be adversely affected if you cannot accurately project what these fees will be and budget accordingly.
  • Failure to respond to patent trademark office actions on time  During prosecution, your patent applications will receive communications from patent offices. Either you or your outside counsel must respond to these on time. Failure to take timely actions, can lead to expensive penalties and/or loss of rights.
  • Failure to properly disclose material information  In many countries, including the U.S., you are required to file information disclosure statements that include all relevant prior art. These statements need to be consistent across all of your related patent applications. Failure to make proper disclosures can result in the loss of your patent rights.
  • Failure to maintain your patent  In most countries, you must pay regular maintenance fees for issued patents or annuities for pending applications. If you miss making a payment, are delinquent, or if a payment is not properly processed, you can lose your patent rights or may have to pay significant penalties to restore your rights.
  • Failure to enforce license obligations  If you have licensed patents to others, you need to monitor the agreement and track the royalty payments. Failure to do so can result in significant loss of royalty revenue, and unlicensed use of your IP.
  • Failure to align patent portfolio to business needs  Over time, your patent portfolio will grow. At the same time, your company’s business strategy may change. You need to monitor your portfolio to make sure it is aligned with your business needs. Maintaining a portfolio of low-value patents that doesn’t support your business strategy is a bad investment.
  • Failure to account for your IP portfolio  For companies with SEC reporting obligations, it is mandatory to accurately disclose your patent assets. If you don’t have an accurate picture of your actual portfolio, you will encounter costly and embarrassing legal problems.

As the IP manager, you are responsible for seeing that these failures don’t happen. While this is a challenge, it is one that you can meet by working closely with your inventors and outside counsel. You must also be very careful to track events in an IP calendar.