Risk Management | by OCEG the Open Compliance and Ethics Group

OCEG Contributed

OCEG Illustrated Series: #1 How Do We Align Our GRC Initiatives?

OCEG One Minute Poll: How do You Manage Risk?

Strategic Risk Management: A Case Study of Constellation Energy

Is Risk Management Failing? Fundamentals of GRC: Mastering Risk Assessment

Ethics and Compliance Risk Management (LRN, 2007)

LRN 2007 ethics and compliance risk management practices report

IT Governance Defined

Managing the Business Risk of Fraud: A Practical Guide - Exposure Draft (IIA, 2007)

Risk Management Toolkit

Creating the "Wholly Sustainable Enterprise" A Practical Guide to Driving Shareholder Value Through Enterprise Sustainability (Deloitte, 2007)

Fraud Risk Management: Developing a Strategy for Prevention, Detection, and Response (2006)

Aligning People, Processes, and Technology for Effective Risk Management (IIA, 2008)

OECD Guidance Note, Compliance Risk Management: Managing and Improving Tax Compliance (2004)

Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)

RiskMetrics Group, Risk & Governance Blog

Managing the Business Risk of Fraud: A Practical Guide (2008)

Compliance readiness essentials: Program, Investigation and Defense (2008)

Glossary of Risk Management (ENISA)

2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk Research Report (2008)

Risk Intelligent Approach to Corporate Responsibility & Sustainability, The (2008)

BIS, Sound Practices for the Management and Supervision of Operational Risk (Basel Committee on Banking Supervision, 2003)

Information Technology Auditing and Cybercommerce: A Risk Perspective (2004)

CSO Security and Risk Magazine Archive

From internal control to enterprise risk management (2005)

INTOSAI Guidance for Good Governance (INTOSAI GOV)

Enterprise Risk Management: Tools and Techniques for Effective Implementation (IMA, 2007)

New Basel Capital Accord, The (BIS, 2001, as issued for comment)

Basel Committee on Banking Supervision, Principles for Sound Liquidity Risk Management and Supervision (2008)

OpRisk & Compliance Magazine

BS31100:2008 Code of Practice for Risk Management Order Page (2008)

UK, Association of Insurance and Risk Managers (AIRMIC)

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management (2006)

Australia, Better Practice Guide - Risk Management (2008)

FFIEC, Business Continuity Planning (2008)

Putting Risk in the Comfort Zone: Nine Principles for Building the Risk Intelligent Enterprise (Deloitte, 2008)

UK, Information security: business assurance guidelines (BERR / DTI)

An opportunity for transformation: How internal audit helps contribute to shareholder value (2008)

UK, OGC High Performing Property Internal Audit Assurance Matrix

FDIC, Guidance for Managing Third-Party Risk (2008)

UK, The Audit Commission - Corporate governance inspection: Key lines of enquiry 2006 (KLOE)

The ERM Current

Is Your Information Really Safe (2009)

OCEG Critical Conversations: CRO at the Center

OCEG Critical Conversations: CRO at the Center

OCEG Critical Conversations: CRO at the Center

OCEG Critical Conversations: CRO at the Center

OCEG Critical Conversations: CRO at the Center

Asset Management Firm: Leaving Behind Legacy Systems for GRC Infrastructure Support

Financial Services Firm - Multiple Systems and Databases Required to Support Risk Management Needs

LRN 2008 Risk Management Practices Report

ERM making inroads but still not mainstream: Study (2007)

IFAC, Managing Risk to Enhance Stakeholder Value (2002)

Identifying and Selecting the Right Risk Consultant (2007)

Observations on Risk Management Practices during the Recent Market Turbulence (March 2008)

Conducting a Risk Assessment for Governance, Risk & Compliance

FDIC, Guidance for Managing Third-Party Risk (2008)

Treasury Board of Canada Secretariat: Policy on Internal Audit (2009)

Umbrellas for Clouds: Applying Outsourcing Risk Mitigation Strategies to SaaS Transactions

Treasury Board of Canada Secretariat Internal Audit Web Site

2011 Aon Global Risk Management Survey

Final Guidance on Sound Incentive Compensation Policies (June 25, 2010)

Corporate Governance and Executive Compensation Provisions of the Dodd-Frank Act (July 2010)

Brief Summary of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010

Funding Liquidity Risk in a Quantitative Model of Systemic Stability (Central Bank of Chile, 2009)

Consultation Paper on Corporate Governance Regulations and Guidelines, Monetary Authority of Singapore, March 2010

Compliance vs. Security: Which Should Lead Corporate Governance? (August 2010)

European Commission: Solvency II

BIS, Group of Governors and Heads of Supervision announces higher global minimum capital standards (September 2010)

The Group of Governors and Heads of Supervision reach broad agreement on Basel Committee capital and liquidity reform package (July 2010)

FDIC, Implementation of the New Basel Capital Accord in the U.S.

FDIC, U.S. Banking Agencies Express Support for Basel Agreement (September 2010)

Treasury & Risk's 2010 Enterprise Risk Management Survey

A Field Research Study of Researchers’ Perspectives on Supply Chain Risk Management (2010)

IFAC, Global Survey on Risk Management and Internal Control (PAIB Committee, 2011)

High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011)

SEC, Risk Management Controls for Brokers or Dealers With Market Access (Final Rule, 2010)

Credit Risk Retention, Notice of Proposed Rulemaking (2011)

Incentive-Based Compensation Arrangements, Proposed Rule (April 14, 2011)

SEC, Reports to Congress: Risk Management Supervision of Designated Clearing Entities (2011)

NCUA, Corporate Credit Unions (2011, Final Rule)

Operational Risk & Regulation Magazine

Asia Risk Magazine

Corporate Governance - King III report - Introduction and overview (PwC)

NIST: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (2010)

Chief Risk Officers - Roles and Responsibilities (2011)

Standard & Poor's Ratings: Enterprise Risk Management

SEC, Registration of Security-Based Swap Dealers and Major Security-Based Swap Participants (2011)

Authority to Require Supervision and Regulation of Certain Nonbank Financial Companies (2011)

IMF, Making Banks Safer: Can Volcker and Vickers Do It? (2011)

Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible for Investment, Proposed guidance with request for comment (November 2011)

Member Contributed

FAQs for COSO's Enterprise Risk Management Integrated Framework

COSO, Enterprise Risk Management Integrated Framework: Executive Summary

DHS, Risk Management Approaches to Protection (October 2005)

Leadership Through Progressive Enterprise Risk Assessment (2004)

Global Association of Risk Professionals (GARP)

Managing Risk: An Assessment of CEO Preparedness - Executive Summary (PriceWaterhouseCoopers, 2004)

Nonprofit Risk Management Center: Articles, Topical Index

Risk Magazine

Disarming the Value Killers: A Risk Management Study (2005)

Enterprise Risk Management Resources: The Many Faces of Risk

Internal Controls and Managing Enterprise-Wide Risks (2004)

COSO Internal Control Framework Resources

Articles Page, The Committee of Sponsoring Organizations (COSO)

DHS, Risk Management Approaches to Protection: Final Report and Recommendations by The National Infrastructure Advisory Council (NIAC) October 11, 2005

Index of Risk Assessment Articles, Information Systems Audit and Control Association (ISACA)

Federal Sentencing Guidelines: Enterprise Risk Management (2004)

Enterprise Risk Management Specialty Guide May 2006 (Society of Actuaries)

United Kingdom, The Orange Book Management of Risk - Principles and Concepts (2004)

NIST: Risk Management Guide for Information Technology Systems (2002)

GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure (2005)

FFIEC, IT Risk Management Process

Basel Committee on Banking Supervision, Sound Practices for the Management and Supervision of Operational Risk (2003)

Centre for Analysis of Risk and Regulation (CARR)

Risk & Regulation Magazine (CARR)

OCEG Illustrated Series: #3 IT Roadmap For GRC

GRC Issues, Professional Blogs

Christiansen's IT Law: Information Law Theory and Practice

Measure Twice: Cut Once - Risk-Based Governance Pays Off

OCEG Illustrated Series: #4 How Do I Assess Risk?

OCEG Illustrated Series: How Can Automated Controls Help Identify And Manage Risk?

New Era of Risk Management

2007 State of the Internal Audit Profession Study: Pressures Build for Continual Focus on Risk (PWC)

OCEG Illustrated Series: #7 What Are The Elements Of Privacy Risk Management And Compliance?

Sarbanes-Oxley and Corporate Risk-Taking (2007)

Federation of European Risk Management Associations (FERMA)

UK, Foreign & Commonwealth Office (FCO)

Australia, Better Practice Guides, Appendix 6 - Risk Management

SAPinsider Magazine: Governance, Risk Management, and Compliance

Supply Chain's Last Straw: A Vicious Cycle of Risk (Executive Summary) (2007)

Insider Risk Management Guide (2006)

Risk and Insurance Management Society (RIMS)

Professional Risk Managers International Association (PRMIA)

Society for Risk Analysis (SRA)

United Kingdom's Turnbull Report Financial Reporting Council Internal Control Revised Guidance for Directors on the Combined Code, October 2005

Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework - Comprehensive Version (2006)

Strategic Risk Management: Creating and Protecting Value (2007)

Risk Management Magazine (Australia)

IT Audit Checklist: Risk Management (2006)

Enterprise Risk Management Can Help U.S. Commercial Lines Insurers Ward Off Irrational Pricing (S&P, 2007)

Here's Your ERM Sign (July 2007)

DHS, Best Practices, Knowledge and Tools: A Collection of Articles

Architectural Risk Analysis (2005)

Enterprise-wide risk management and the role of the chief risk officer (March 2000)

Overview of Enterprise Risk Management (2003)

Enterprise Risk Management for CIOs (2007)

Supply Chain Risk: Deal With It (2003)

New ASX Rules Rein In Risky Business (2007)

Risk Management in the Enterprise (2007)

Driving Principled Performance: Key Findings from the 2007 OCEG Governance, Risk Management, and Compliance (GRC) Strategy Survey (August 2007)

Internal Control from a Risk-Based Perspective (IFAC, 2007)

Looking for Risk in all the Right Places (2006)

Risk in the Strategic Planning Process (May 2007)

End of Enterprise Risk Management, The (2007)

OCEG Critical Conversations Series: CIO at the Center (2007)

Role of Internal Auditing in Enterprise-wide Risk Management, The (IIA, 2004)

Five Steps to Building Information Risk Management Frameworks (August 2007)

Planning For Risk; Analysis Of Risk Management (2007)

Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)

Compliance and Security Connection

GRC 360° - Driving Principled Performance

NIOSH Safety and Health Topic: Occupational Violence

FDA, Guidelines for Industry, Quality Systems Approach to Pharmaceutical CGMP Regulations (2006)

RiskCenter

Fraud Risk Management in Life Sciences Companies (Deloitte, Rev. 2009)

Managing risk in the information age (2007)

NIST, Managing Risk from Information Systems, Second Public Draft (April 2008)

New challenges for internal audit: Business and operational risks (2007)

Risky business: Facing adversity and riding the storm (2007)

Global Risk Management Survey 2007 (AON)

FFIEC, Bank Secrecy Act / Anti-Money Laundering Examination Manual 2007

NIST, Risk Management Framework