Risk Assessment

Order by:Group by:

Agency Guidances

DHS, Risk Management Approaches to Protection (October 2005)
DHS, Risk Management Approaches to Protection: Final Report and Recommendations by The National Infrastructure Advisory Council (NIAC) October 11, 2005
United Kingdom, The Orange Book Management of Risk - Principles and Concepts (2004)
NIST: Risk Management Guide for Information Technology Systems (2002)
NASA, Risk Management Procedural Requirements (Revalidated 2/1/07)
NCUA, Risk Assessment Reporting in Corporate Credit Unions
FFIEC, IT Risk Management Process
NIST, Risk Management Framework
Australia, Better Practice Guides, Appendix 6 - Risk Management
United Kingdom's Turnbull Report Financial Reporting Council Internal Control Revised Guidance for Directors on the Combined Code, October 2005
NIST: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (2010)
Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible for Investment, Proposed guidance with request for comment (November 2011)

GRC 360

GRC 360: Getting Connected: The Partnership Of Technology and GRC
GRC 360: Where are Your Weakest Links?

OCEG Illustrated

OCEG Illustrated Series: #4 How Do I Assess Risk?
OCEG Illustrated Series: # 6 How Can Automated Controls Help Identify And Manage Risk?

Agency Web Sites

European Commission: Solvency II

Articles

Leadership Through Progressive Enterprise Risk Assessment (2004)
Nonprofit Risk Management Center: Articles, Topical Index
Internal Controls and Managing Enterprise-Wide Risks (2004)
Elephant at the Enterprise Risk Management Party, The (2006)
Index of Risk Assessment Articles, Information Systems Audit and Control Association (ISACA)
Strategic Risk Management: Creating and Protecting Value (2007)
IT Audit Checklist: Risk Management (2006)
Here's Your ERM Sign (July 2007)
Architectural Risk Analysis (2005)
Enterprise Risk Management for CIOs (2007)
New ASX Rules Rein In Risky Business (2007)
Risk Management in the Enterprise (2007)
E-Discovery And Records Management: A Risk-Based Approach (July 2007)
Driving Principled Performance: Key Findings from the 2007 OCEG Governance, Risk Management, and Compliance (GRC) Strategy Survey (August 2007)
Risk in the Strategic Planning Process (May 2007)
Five Steps to Building Information Risk Management Frameworks (August 2007)
Planning For Risk; Analysis Of Risk Management (2007)
Aligning People, Processes, and Technology for Effective Risk Management (IIA, 2008)
Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)
ERM making inroads but still not mainstream: Study (2007)
Protecting Your Capital Against Risk (2007)
Measure Twice: Cut Once - Risk-Based Governance Pays Off
Federal Sentencing Guidelines: Enterprise Risk Management (2004)
Articles Page, The Committee of Sponsoring Organizations (COSO)
Insider Risk Management Guide (2006)
Managing risk in the information age (2007)
Looking for Risk in all the Right Places (2006)
Chief Risk Officers - Roles and Responsibilities (2011)

Blog

GRC Issues, Professional Blogs

Books / Publications

Risk Magazine
Risk & Regulation Magazine (CARR)
SAPinsider Magazine: Governance, Risk Management, and Compliance
Risk Management Magazine (Australia)
IFAC, Managing Risk to Enhance Stakeholder Value (2002)
COSO, Order page for the full text of the Enterprise Risk Management Integrated Framework (2004)
Operational Risk & Regulation Magazine
Asia Risk Magazine

Case Studies

GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)

Examples

ITA, Model By-Law on Risk Management

Guides

Enterprise Risk Management Specialty Guide May 2006 (Society of Actuaries)
Standard & Poor's Enterprise Risk Management for Financial Institutions: Rating Criteria and Best Practices (2005)
OCEG Measurement & Metrics Guide

International Materials

Basel Committee on Banking Supervision, Sound Practices for the Management and Supervision of Operational Risk (2003)
OECD Guidance Note, Compliance Risk Management: Managing and Improving Tax Compliance (2004)

National Regulations

OTS, Proposed Rulemaking, Risk-Based Capital Guidelines; Implementation of New Basel Capital Accord (August 4, 2003)
SEC, Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on Auditing Standards Related to the Auditor’s Assessment of and Response to Risk and Related Amendments to PCAOB Standards (2010)
SEC: Public Company Accounting Oversight Board; Order Approving Proposed Rules on Auditing Standards Related to the Auditor’s Assessment of and Response to Risk and Related Amendments to PCAOB Standards (2010)
NCUA, Corporate Credit Unions (2011, Final Rule)
Credit Risk Retention, Notice of Proposed Rulemaking (2011)
SEC, Registration of Security-Based Swap Dealers and Major Security-Based Swap Participants (2011)

Organizations & Associations

COSO, The Committee of Sponsoring Organizations of the Treadway Commission
Global Association of Risk Professionals (GARP)
Centre for Analysis of Risk and Regulation (CARR)
Federation of European Risk Management Associations (FERMA)
ERM Institute International, Ltd (ERM-II)
Risk and Insurance Management Society (RIMS)
Professional Risk Managers International Association (PRMIA)
Society for Risk Analysis (SRA)
RiskCenter
COSO, Guidance Documents

Private Lists / Directories

Enterprise Risk Management Resources: The Many Faces of Risk
COSO Internal Control Framework Resources

Research / Studies

Enterprise Risk Management Initiative
Managing Risk: An Assessment of CEO Preparedness - Executive Summary (PriceWaterhouseCoopers, 2004)
GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure (2005)
Enterprise Risk Management Can Help U.S. Commercial Lines Insurers Ward Off Irrational Pricing (S&P, 2007)
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
Global Risk Management Survey 2007 (AON)
Observations on Risk Management Practices during the Recent Market Turbulence (March 2008)
SEC, Reports to Congress: Risk Management Supervision of Designated Clearing Entities (2011)
Treasury & Risk's 2010 Enterprise Risk Management Survey
Disarming the Value Killers: A Risk Management Study (2005)
2011 Aon Global Risk Management Survey
IFAC, Global Survey on Risk Management and Internal Control (PAIB Committee, 2011)

Standards and Guidelines

Consultation Paper on Corporate Governance Regulations and Guidelines, Monetary Authority of Singapore, March 2010

Tools / Templates (Enterprise)

OCEG MATRIX ADAPTED FROM RIMS ERM RISK MATURITY MODEL
Risk Management Toolkit

White Papers

LRN 2008 Risk Management Practices Report
Enterprise-wide risk management and the role of the chief risk officer (March 2000)
Risk Intelligent Enterprise: ERM Done Right (2006)
Enterprise risk management: Aligning design principles to corporate goals (An IBM Executive Brief)
Sarbanes-Oxley and Corporate Risk-Taking (2007)
ERM: Frameworks, Elements, and Integration (2006)
Related terms
Investigations
Audit & Evaluation
GRC Planning and Organization
Risk Assessment
Training & Education
Crisis Management & Response
Ethical Culture
Governance
Helplines/Hotlines