Risk management has become a core component of effective governance programs. International governance frameworks such as COSO, the OECD Principles of Corporate Governance and the Basel Committee’s International Convergence of Capital Measurement and Capital Standards, all have incorporated risk management requirements that include the need to develop internal controls to manage not only financial risk, but operational and technical risk as well.  Risk management processes and controls are also critical to information technology governance frameworks, such as ISACA’s Control Objectives for Information and Related Technologies (COBIT) framework, and to comprehensive security program approaches such as the BS7799/ISO17799 standard for information security management systems.

Effective risk management serves not only to limit potential costs of non-compliance, but also to drive investments based on the objective risk values and tolerances assigned to activities within key business processes and functions.  In addition to challenges similar to those faced by security and compliance staff, risk management challenges include:

• The need for real time identification of compliance threats and vulnerabilities, with reporting that enables the rapid and accurate assessment of risk value so that management can initiate the appropriate reaction and controls
• The need to generate and provide accurate business intelligence around potential risks and appropriate risk mitigation strategies.
• The need for objective measurement of risk, based on real-time operational performance and data use, in order to generate empirically based risk assessment and tolerances to drive decisions around compliance program priorities and implementation.
• The need to provide accurate reporting and assessment in meeting the above challenges in order to provide a defensible governance and compliance program.

If you would like to speak with a Synomos representative regarding Align please contact us.