How the COSO Framework Helps You Comply with SOX

Written by
Published 06/04/2020

In May 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control-Integrated Framework. COSO is an organization that aims to improve organizational performance and corporate governance through effective internal control, enterprise risk management, and fraud deterrence. COSO is a joint initiative of five private-sector organizations: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Financial Executives International (FEI), the Institute of Management Accountants (IMA), and the Institute of Internal Auditors (IIA). To implement the COSO internal control framework, you need to assess the new framework’s five components, i.e., control environment, risk assessment, control activities, information and communication, and monitoring activities, as well as its 17 principles against your current…

Tags: , ,
Categorized in: ,

What are the Elements of an Integrated Risk Management System?

Written by
Published 06/02/2020

Integrated risk management (IRM) is “a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks,” according to research firm Gartner Inc. Put simply, integrated risk management is an approach to risk management that integrates risk activities across every level of your company to enable better decision-making by your decision-makers. Elements of an integrated risk management system: Risk Identification Risk Assessment Risk Response Risk Communication Risk Monitoring Risk Identification During risk identification, your organization identifies and develops a solid understanding of its risks. You should include risks that could keep you from achieving your business objectives…

Tags:
Categorized in:

5 Strategies to Mitigate Business Risk During Coronavirus

Written by
Published 05/28/2020

Business risk in the United States may be higher during the novel coronavirus pandemic than at any time in our generation, making risk management a must. What are your strategies for risk mitigation—not only in your enterprise but up and down your supply chain—amidst COVID-19 disease outbreaks? Business interruption is a growing concern right now.  The Risks Are High A recent Pew Research Center report finds that 43 percent of small businesses are closed, at least temporarily, because of pandemic risk. And among the U.S. businesses with paid employees, 40 percent are in high-risk industries, the report states. These enterprises, in particular, are more likely to face business continuity issues including supply chain disruptions, absenteeism, cybersecurity breaches, and other potential…

Tags:
Categorized in: ,

Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Written by
Published 05/26/2020

As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well. Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats. The situation is dire and urgent. The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) on April 8 issued a joint warning about the increased risk of a security breach that the COVID-19 pandemic has brought about. The…

Categorized in: ,

May 2020: Compliance Certification Roundup

Written by
Published 05/25/2020

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks.   Here’s our May 2020 roundup of compliance news from around the United States, and around the world. PCI Certification Roundup PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. On April 29, GreenBox POS, San Diego, completed an audit of its technology infrastructure resulting in PCI Level 1 Compliance Certification. The company builds customizable, Blockchain-based payment solutions. Read more. In late…

Tags:
Categorized in:

COVID-19: Importance of Ethical Leadership During a Crisis

Written by
Published 05/21/2020

Change is hard—and during the COVID-19 pandemic, it’s happening at breakneck speed. Your employees and business partners need to know now, more than ever before, that they can trust you to be honest and transparent with them. This is the essence of ethical leadership. We’re standing on shaky ground as the virus sweeps through our nation and upends our economy. People are losing their jobs, their health insurance, and perhaps even their savings. Some are losing loved ones to the novel coronavirus or worried that they, or others, will fall ill. Buffeted on all sides by calamity, your people need your steady hand. They need you to not only show your trustworthiness with reassuring words and honest assessments of where…

Categorized in: ,

COVID-19: User Access Management Best Practices

Written by
Published 05/20/2020

As cybercriminals step up their efforts during the COVID-19 crisis to infiltrate your information systems, identity and access management (IAM) processes are more important for cybersecurity than ever. Aimed at preventing data breaches and unauthorized access to your systems, IAM becomes more critical as more of your employees perform their work from home. The firewalls that protected your system perimeter won’t suffice any longer, because there is no perimeter. Users are dispersed, and user accounts and your business applications are in the cloud. Identity and access management can be a complex process, especially if yours is a larger organization. But it’s a valuable component of risk management and required by many compliance frameworks. User access management should be a part…

Categorized in: ,

COSO-Based Internal Auditing

Written by
Published 05/19/2020

Internal audit and compliance departments benefit from having a comprehensive framework to use to perform corporate risk assessment and internal control testing as well as fight fraud. The most popular framework is the COSO Framework. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was originally formed in the United States in 1985 to combat corporate fraud. This commission developed recommendations for public companies, internal audit departments, and educational institutions. COSO was created and designed to provide thought leadership by developing comprehensive frameworks and guidance on internal controls, fraud prevention, and enterprise risk management.  COSO Internal Control-Integrated Framework  The COSO Internal Control-Integrated Framework provides an applied risk management approach to internal controls that’s relevant to both external financial reporting…

Categorized in:

What is Compliance Oversight?

Written by
Published 05/14/2020

Regulatory compliance is continuously evolving, which makes it increasingly imperative that everyone involved in the Compliance Management System (CMS) understand their responsibilities. Various sectors mandate oversight, including healthcare, finance, and cybersecurity. It is also a foundational business practice to safeguard company reputation and demonstrate integrity to consumers and the public.  Compliance management is a top-down system, like most workplace cultures and business processes. Thus, the CMS is established and maintained through the Board of Directors’ oversight, which ensures the regulatory process is fully functional within their organization.  Reviewing the CMS: What’s Required?  It’s important to review the elements of a CMS to understand the role of compliance oversight. The core functions of a CMS are to protect the organization and…

Categorized in:

11 Proven Risk Mitigation Strategies

Written by
Published 05/12/2020

Business is inherently risky. Types of risk abound: financial, legal, regulatory, reputational and more. In the most extreme scenarios, failing to maintain an acceptable level of risk could result in injury or death, as in a factory; or, in the case of critical infrastructure, widespread economic catastrophe. Even when the potential losses are less dire, however, every business, large and small, needs an effective risk management program, both as part of its project management and its overall enterprise management. This program should consider all the risks posed to the business: internal risks as well as external, including supply-chain risks. Every risk management program will follow essentially the same action plan: Risk assessment  Risk identification, including the root cause  Risk analysis:…

Categorized in: