What we’re reading this week from the world of risk management.
Center for Financial Professionals: Establishing an Effective Governance Structure to Better Account for Operational Risks
“In today’s financial environment, operational risk has moved to the top of the CRO agenda and it’s developed from being considered just ‘operations risk’ or the risks of processing transactions to a more inclusive risk discipline.”
Norman Marks: Risk Management Balances Creation and Preservation of Value
“We want all the risk-takers, all the decision-makers, to take a balanced view. They should analytically view each decision and action, considering the options, with as much trusted information as possible about what might happen.”
GovInfoSecurity: HIPAA Enforcer’s Latest Actions: An Analysis
“In its latest monthly cyber awareness alert, OCR stresses that healthcare entities and their business associates need to make security incident response plans a top priority in the face of “the constant upsurge of security breaches that involve cyberattacks.”
National Law Review: OCR Settlement Includes Vendor Breach of ePHI in Absence of Business Associate Agreement
“Through further investigation, OCR found that OHSU stored over 3,000 individuals’ ePHI in Google Drive and Google Mail, a cloud-based service provider. OHSU did not have a business associate agreement in place with Google.”
Ethical Boardroom: What does board oversight of management’s risk appetite and tolerance really mean?
“There is growing consensus that a key element necessary to prevent the next wave of corporate governance breakdowns is better board-level oversight of management’s risk appetite and tolerance. Achieving this will require concerted, sustained, and major effort and, most importantly, tolerance for massive change from boards, regulators, CEOs, chief risk officers, internal audit and risk professions and their professional associations, and more.”
Join our Risk Intelligence group on LinkedIn for regular updates.