Risk Management | by OCEG the Open Compliance and Ethics Group

OCEG Contributed

Risk Assessment Webinar Slides

85% of Corporate Executives Believe Risk Management Needs Overhaul

CARNIVAL GRC ACHIEVEMENT AWARD 2010 PRESENTATION

Identifying Value-Added Risk Assessments: Preliminary Findings of the OCEG Effective Risk Assessment Study

New Rules of Engagement for Crisis Management (2007)

Managing the Business Risk of Fraud: A Practical Guide - Exposure Draft (IIA, 2007)

Risk Management Toolkit

Fraud Risk Management: Developing a Strategy for Prevention, Detection, and Response (2006)

Corporate Defence: Are Stakeholders Interests Adequately Defended? (2006)

Why Corporate Defence Management is a Strategic Imperative (2006)

Challenges Facing Contemporary Corporate Defense (2006)

An Executive Guide to Corporate Defence Management (CDM) (2006)

Corporate Defence Continuum, Governance, Risk and Compliance, The (Part 1) (2007)

ANSI, Identity Theft Prevention and Identity Management Standards Panel

GRC Journal

Aligning People, Processes, and Technology for Effective Risk Management (IIA, 2008)

OECD Guidance Note, Compliance Risk Management: Managing and Improving Tax Compliance (2004)

Journal of Forensic Accounting

Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)

Information Security Forum

Security Matters, Software Engineering Institute, Carnegie Mellon University

International Money Laundering Information Network (IMoLIN)

RiskMetrics Group, Risk & Governance Blog

Ask the Analysts: GRC Techology 2008

ISM3 Model V2.1 Overview

OCEG GRC Technology

SarbanesOxleyFocus.com

Managing the Business Risk of Fraud: A Practical Guide (2008)

FDA, PAT A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance (2004)

PharmaManufacturing.com - Regulatory Compliance Site

Glossary of Risk Management (ENISA)

Have You Looked under the Hood of Your Fraud Program Lately? (2008)

2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk Research Report (2008)

Risk Intelligent Approach to Corporate Responsibility & Sustainability, The (2008)

AICPA, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®) (2006)

BIS, Sound Practices for the Management and Supervision of Operational Risk (Basel Committee on Banking Supervision, 2003)

IT for GRC: Improving Information Quality

Risk Intelligence

Issue and Incident Investigation

Managing Compliance Requirements

BIS, Implementation of the compliance principles (Basel Committee on Banking Supervision, 2008)

BIS, Compliance and the compliance function in banks (Basel Committee on Banking Supervision, 2005)

Treasury/FRS/FDIC/FTC: Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 (2007)

Corporate Eye

Information Technology Auditing and Cybercommerce: A Risk Perspective (2004)

Emergency Economic Stabilization Act of 2008

CSO Security and Risk Magazine Archive

Legal Literacy.com - Building Bridges Between Business and Law

From internal control to enterprise risk management (2005)

COSO, Internal Control - Integrated Framework, Guidance on Monitoring Internal Control Systems: Volume II - Guidance (Exposure Draft, 2008)

COSO, Internal Control - Integrated Framework Guidance on Monitoring, Internal Control Systems, Volume III - Application Techniques (Exposure Draft, June 2008)

Enterprise Risk Management: Tools and Techniques for Effective Implementation (IMA, 2007)

Basel Committee on Banking Supervision, Principles for Sound Liquidity Risk Management and Supervision (2008)

OpRisk & Compliance Magazine

PCAOB Release No. 2008-006: Proposed Auditing Standards Related to the Auditor's Assessment of and Response to Risk; Proposed Conforming Amendments to PCAOB Standards (2008)

NIST, Performance Measurement Guide for Information Security (2008)

BS31100:2008 Code of Practice for Risk Management Order Page (2008)

UK, Association of Insurance and Risk Managers (AIRMIC)

Australia, Better Practice Guide - Risk Management (2008)

FFIEC, Business Continuity Planning (2008)

BlogInfoSec.com: An Information Security Magazine in a Blog Format

Putting Risk in the Comfort Zone: Nine Principles for Building the Risk Intelligent Enterprise (Deloitte, 2008)

SEC Publishes Its Guidance for Management on Evaluating Internal Controls (FSA, IIA, 2007)

An opportunity for transformation: How internal audit helps contribute to shareholder value (2008)

UK, OGC High Performing Property Internal Audit Assurance Matrix

FDIC, Guidance for Managing Third-Party Risk (2008)

The ERM Current

December 2008 Fujitsu Research Institute Presentation

GRC Technology Roadmap Teleconference: December 18, 2008

Financial Services Firm: Enterprise-Wide Integration of Risk Elements and Controls

Financial Services Firm - Multiple Systems and Databases Required to Support Risk Management Needs

OCEG for Technology

ERM making inroads but still not mainstream: Study (2007)

IFAC, Managing Risk to Enhance Stakeholder Value (2002)

GRC-XML Working Group Meeting #2 - February 13, 2008

Glossary of GRC Terms from Financial Services Provider Perspective

2007 ITIL Glossary

Identifying and Selecting the Right Risk Consultant (2007)

Glossary of Terms from Compliance Spectrum

Acquire a global view of your organization's security state: the importance of security assessments (IBM, 2007)

How to Survive (and Win) with Sarbanes-Oxley (2008)

Business Continuity and Disaster Recovery (2008)

Protecting Your Capital Against Risk (2007)

Observations on Risk Management Practices during the Recent Market Turbulence (March 2008)

Compliance Spectrum Announces OCEG Technology Council Membership

Leading Strategies for Enterprise Risk Management

Member Contributed

FAQs for COSO's Enterprise Risk Management Integrated Framework

COSO, Enterprise Risk Management Integrated Framework: Executive Summary

DHS, Risk Management Approaches to Protection (October 2005)

COSO, Order page for the full text of the Enterprise Risk Management Integrated Framework (2004)

Leadership Through Progressive Enterprise Risk Assessment (2004)

Global Association of Risk Professionals (GARP)

Managing Risk: An Assessment of CEO Preparedness - Executive Summary (PriceWaterhouseCoopers, 2004)

Nonprofit Risk Management Center: Articles, Topical Index

Risk Magazine

Enterprise Risk Management Specialty Guide May 2006 (Society of Actuaries)

United Kingdom, The Orange Book Management of Risk - Principles and Concepts (2004)

PBGC Risk Mitigation Program (Early Warning Program)

Risk & Regulation Magazine (CARR)

OCEG MATRIX ADAPTED FROM RIMS ERM RISK MATURITY MODEL

RIMS Enterprise Risk Management Maturity Model Executive Summary

Does the Company Get It? 20 Questions To Ask (And Have Answered) Regarding Compliance, Ethics, and Risk Management

SecurityBenchmark.com

Christiansen's IT Law: Information Law Theory and Practice

Tone at the Top, IIA Newsletter

Sarbanes-Oxley Section 404: A Guide for Management by Internal Control Practitioners (IIA, 2d Edition, 2008)

BELIEVE in a Structured Approach to Risk Management Success

Enterprise Risk Management Initiative

Sarbanes-Oxley and Corporate Risk-Taking (2007)

SEC Interpretation, Commission Guidance Regarding Management's Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (June 27, 2007)

Federation of European Risk Management Associations (FERMA)

UK, Foreign & Commonwealth Office (FCO)

Australia, Better Practice Guides, Appendix 6 - Risk Management

SAPinsider Magazine: Governance, Risk Management, and Compliance

Treasury Board of Canada's Integrated Risk Management Framework

Supply Chain's Last Straw: A Vicious Cycle of Risk (Executive Summary) (2007)

United Kingdom's Turnbull Report Financial Reporting Council Internal Control Revised Guidance for Directors on the Combined Code, October 2005

Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework - Comprehensive Version (2006)

ERM: Frameworks, Elements, and Integration (2006)

Strategic Risk Management: Creating and Protecting Value (2007)

Risk Management Magazine (Australia)

IT Audit Checklist: Risk Management (2006)

Enterprise Risk Management Can Help U.S. Commercial Lines Insurers Ward Off Irrational Pricing (S&P, 2007)

Here's Your ERM Sign (July 2007)

Architectural Risk Analysis (2005)

Enterprise-wide risk management and the role of the chief risk officer (March 2000)

Overview of Enterprise Risk Management (2003)

Enterprise Risk Management for CIOs (2007)

Supply Chain Risk: Deal With It (2003)

New ASX Rules Rein In Risky Business (2007)

Risk Management in the Enterprise (2007)

E-Discovery And Records Management: A Risk-Based Approach (July 2007)

Driving Principled Performance: Key Findings from the 2007 OCEG Governance, Risk Management, and Compliance (GRC) Strategy Survey (August 2007)

Internal Control from a Risk-Based Perspective (IFAC, 2007)

End of Enterprise Risk Management, The (2007)

Five Steps to Building Information Risk Management Frameworks (August 2007)

Planning For Risk; Analysis Of Risk Management (2007)

Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)

RiskCenter

Issue & Inquiry Project Charter Template

Impacts and Implications of ERM on IT, The (2006)

NIST, Managing Risk from Information Systems, Second Public Draft (April 2008)

New challenges for internal audit: Business and operational risks (2007)

Risky business: Facing adversity and riding the storm (2007)

Global Risk Management Survey 2007 (AON)

DHS / FEMA, National Response Framework (NRF) (2007)

DHS / FEMA, National Response Framework Resource Center

NIST, Risk Management Framework