Risk Assessment | by OCEG the Open Compliance and Ethics Group

OCEG Contributed

OCEG Illustrated Series: #1 How Do We Align Our GRC Initiatives?

LeanGRC™ - Improving Your Risk Profile: LeanGRC Assessments

Is Risk Management Failing? Fundamentals of GRC: Mastering Risk Assessment

GAIT Methodology, The (IIA, 2007)

Risk Management Toolkit

DOJ, 2005 Money Laundering Threat Assessment

Aligning People, Processes, and Technology for Effective Risk Management (IIA, 2008)

OECD Guidance Note, Compliance Risk Management: Managing and Improving Tax Compliance (2004)

Journal of Forensic Accounting

Critical Examination of the FDA's Efforts to Preempt Failure-to-Warn Claims, A (2008)

Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)

RiskMetrics Group, Risk & Governance Blog

Managing the Business Risk of Fraud: A Practical Guide (2008)

Glossary of Risk Management (ENISA)

Risk Intelligent Approach to Corporate Responsibility & Sustainability, The (2008)

BIS, Implementation of the compliance principles (Basel Committee on Banking Supervision, 2008)

BIS, Compliance and the compliance function in banks (Basel Committee on Banking Supervision, 2005)

CSO Security and Risk Magazine Archive

UK, The risk-based approach to anti-money laundering (AML) (FSA)

From internal control to enterprise risk management (2005)

COSO, Internal Control - Integrated Framework Guidance on Monitoring, Internal Control Systems, Volume III - Application Techniques (Exposure Draft, June 2008)

Auditing: Solving 10 problems implementing the New risk assessment standards (2008)

AICPA, Risk Assessment Standards Nos. 104-111

Enterprise Risk Management: Tools and Techniques for Effective Implementation (IMA, 2007)

New Basel Capital Accord, The (BIS, 2001, as issued for comment)

IIA, Using Nonfinancial Measures to Assess Fraud Risk (2008)

OpRisk & Compliance Magazine

PCAOB Release No. 2008-006: Proposed Auditing Standards Related to the Auditor's Assessment of and Response to Risk; Proposed Conforming Amendments to PCAOB Standards (2008)

Australia, Better Practice Guide - Risk Management (2008)

FFIEC, Business Continuity Planning (2008)

Putting Risk in the Comfort Zone: Nine Principles for Building the Risk Intelligent Enterprise (Deloitte, 2008)

UK, 2008 information security breaches survey: technical report (BERR, 2008)

GAIT for Business and IT Risk (GAIT-R) (The IIA, 2008)

SEC Publishes Its Guidance for Management on Evaluating Internal Controls (FSA, IIA, 2007)

OCEG Announces Standards To Improve Corporate Conduct

LRN 2008 Risk Management Practices Report

IFAC, Managing Risk to Enhance Stakeholder Value (2002)

Identifying and Selecting the Right Risk Consultant (2007)

Protecting Your Capital Against Risk (2007)

Observations on Risk Management Practices during the Recent Market Turbulence (March 2008)

Conducting a Risk Assessment for Governance, Risk & Compliance

ARRA and Single Audits: Addressing the Risks and Challenges (2010)

USSC, Amendments to the Sentencing Guidelines - Reader Friendly Version of Amendments (Aprill 28, 2011)

OMB Circular A-133 Compliance Supplement March 2009

European Commission: Solvency II

SEC, Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on Auditing Standards Related to the Auditor’s Assessment of and Response to Risk and Related Amendments to PCAOB Standards (2010)

SEC: Public Company Accounting Oversight Board; Order Approving Proposed Rules on Auditing Standards Related to the Auditor’s Assessment of and Response to Risk and Related Amendments to PCAOB Standards (2010)

Asia Risk Magazine

Standard & Poor's Ratings: Enterprise Risk Management

Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible for Investment, Proposed guidance with request for comment (November 2011)

Member Contributed

FAQs for COSO's Enterprise Risk Management Integrated Framework

COSO, Enterprise Risk Management Integrated Framework: Executive Summary

DHS, Risk Management Approaches to Protection (October 2005)

Sarbanes-Oxley Sections 302 & 404: A White Paper Proposing Practical, Cost Effective Compliance Strategies (April 2003)

Leadership Through Progressive Enterprise Risk Assessment (2004)

Global Association of Risk Professionals (GARP)

Managing Risk: An Assessment of CEO Preparedness - Executive Summary (PriceWaterhouseCoopers, 2004)

Disarming the Value Killers: A Risk Management Study (2005)

Risk Intelligent Enterprise: ERM Done Right (2006)

Enterprise Risk Management Resources: The Many Faces of Risk

COSO Internal Control Framework Resources

DHS, Risk Management Approaches to Protection: Final Report and Recommendations by The National Infrastructure Advisory Council (NIAC) October 11, 2005

Index of Risk Assessment Articles, Information Systems Audit and Control Association (ISACA)

OTS, Proposed Rulemaking, Risk-Based Capital Guidelines; Implementation of New Basel Capital Accord (August 4, 2003)

Federal Sentencing Guidelines: Enterprise Risk Management (2004)

Enterprise Risk Management Specialty Guide May 2006 (Society of Actuaries)

GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)

GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure (2005)

FFIEC, IT Risk Management Process

ITA, Model By-Law on Risk Management

Risk & Regulation Magazine (CARR)

OCEG Illustrated Series: #3 IT Roadmap For GRC

OCEG Illustrated Series: #4 How Do I Assess Risk?

Management Antifraud Programs and Controls: Guidance to Help Prevent and Deter Fraud (AICPA, 2002)

2007 State of the Internal Audit Profession Study: Pressures Build for Continual Focus on Risk (PWC)

SEC Interpretation, Commission Guidance Regarding Management's Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (June 27, 2007)

UK, Foreign & Commonwealth Office (FCO)

Australia, Better Practice Guides, Appendix 6 - Risk Management

Supply Chain's Last Straw: A Vicious Cycle of Risk (Executive Summary) (2007)

Professional Risk Managers International Association (PRMIA)

Society for Risk Analysis (SRA)

ERM: Frameworks, Elements, and Integration (2006)

IT Audit Checklist: Risk Management (2006)

Architectural Risk Analysis (2005)

Overview of Enterprise Risk Management (2003)

Enterprise Risk Management for CIOs (2007)

Supply Chain Risk: Deal With It (2003)

Measuring the Effectiveness and Performance of Your Program (July 2007)

New ASX Rules Rein In Risky Business (2007)

Risk Management in the Enterprise (2007)

Driving Principled Performance: Key Findings from the 2007 OCEG Governance, Risk Management, and Compliance (GRC) Strategy Survey (August 2007)

Looking for Risk in all the Right Places (2006)

Risk in the Strategic Planning Process (May 2007)

End of Enterprise Risk Management, The (2007)

Five Steps to Building Information Risk Management Frameworks (August 2007)

Planning For Risk; Analysis Of Risk Management (2007)

Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)

NIOSH Safety and Health Topic: Occupational Violence

An Introduction to IT Governance (Paisley, 2006)

Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)

RiskCenter

NIST, Managing Risk from Information Systems, Second Public Draft (April 2008)

Global Risk Management Survey 2007 (AON)