Risk Management

A well-known nationwide pharmacy retailer was recently subject to an enforcement action by the U.S. government costing them a settlement of $2.25 million, the implementation of a comprehensive written compliance program, and an agreement to submit to compliance audits every 2 years for 20 years. What type of violation could have resulted in such a severe punishment to the company? The answer may surprise you – these penalties were the result of reported HIPAA security breaches.

Tasked with improving their companies’ operations by systematically evaluating and improving the effectiveness of risk management, control, and governance processes, chief audit executives and internal auditors couldn’t be operating in a more difficult time with the Dodd–Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) confronting them.

While the continued adoption of CR reporting may not surprise those active in the field, the details of how CR reporting is evolving deliver a compelling view into the expectations that companies now face.

Technology change, competitor action, cyber attacks, supply chain disruption, regulatory change, product blunders and executive departures – the risks to business performance are unceasing in a dynamic environment. Yet, in the need for performance lies the seed of improved risk management.

Veteran SEC Official John Reed Stark discusses the implications of new SEC disclosure requirements for managements and boards.

Results from the Protiviti’s 2011 IT Audit Benchmarking Survey reveal that many organizations, including one in four with revenues up to $1 billion, are not conducting any kind of IT risk assessment.

The trend toward more depth in board oversight of risks is a good thing, leading to boards with a deeper understanding of business and compliance risks and boards that are better positioned to help their company achieve long-term sustainable success.

A lesser-known provision of the Dodd-Frank Act requires publicly traded companies to disclose if their manufacturing process employs conflict minerals like tantalum, tin, tungsten, and gold. These minerals play an important role in a wide variety of industries, from electronics and communications to semiconductors and jewelry, and they are found in products as diverse as cell phones, nuclear reactors, and light bulbs.

Knowing the common traits of a fraudster can help employers be better prepared to prevent damaging incidents from happening in their organizations.

Companies are being compelled to reassess their risk management and oversight processes in light of increasing exposure and new accountability requirements. In this changing business landscape, we also see that risks are proliferating and key stakeholders (Boards, shareholders) are demanding enhanced GRC programs/strategies. This issue brief emphasizes KPMG's guiding principles to help deliver a successful and sustainable risk management program/structure to drive business performance.