Operational Resilience Series #8: Designing a good self-assessment process

You’re well on your way in implementing an operational resilience programme; you have identified your important business services, defined impact ...

Operational Resilience Series #7: What reporting do management want to see?

We’ve defined important business services, designed impact tolerances and mapped the processes and resources that support them. We’ve run through ...

Operational Resilience Series #6: Identifying vulnerabilities and actions

In this series we’ve defined important business services, designed impact tolerances and mapped the processes and resources that support them. In our ...

Operational Resilience Series #5: Design and running of a scenario

So far in this series we have identified important business services, designed impact tolerances and mapped the processes and resources that support ...

Operational Resilience Series #4: Mapping important business services

So far in this series we have identified your important business services, and designed impact tolerances. Now we turn to an important step in ...

Operational resilience maturity: How to reach ‘sophistication’ by 2025

What does op-res maturity mean in practice – and how can you navigate the pathway to achieve it? In this article, Protecht’s EMEA Director of ...

Operational Resilience Series #3: Designing your impact tolerances

The previous blog in this series looked at how to define your important business services. In this blog, we will consider how you can determine the ...

Operational Resilience Series #2: What are your important business services?

In the first blog in this series, we covered what operational resilience is. In this article, we will focus on identifying your important business ...

OpRes vs BC vs DR: How you can all work together

In the first article in this series, we defined how operational resilience, business continuity and disaster recovery fit together conceptually ...

OpRes vs BC vs DR: What’s the difference?

Despite the catchy title, we should be honest and say that there isn’t really any ‘versus’ between Operational Resilience, Business Continuity and ...

When risk and reward don’t talk

Recently I visited a shopping centre that I hadn’t visited in a while. The below ‘feature’ caught my eye and caused me to scratch my head. Multiple ...

How NZAA took ownership of risk and compliance management

 

Cyber risk: If LastPass can be breached, what about you?

LastPass recently announced that they have been subject to a data breach, with some of their source code stolen (don’t worry, master passwords appear ...

Operational Resilience: Industry survey results

How prepared are organisations for resilience? Let’s cover the top-line data first. The survey of risk professionals found that nearly all surveyed ...

Operational resilience: Webinar Q&A

Protecht held a webinar on operational resilience in July 2022. The attendees asked a range of questions, some which we were able to answer during ...

Operational resilience: What is a resilient organisation?

There has been an increased focus on operational resilience in organisations in recent years. In financial services in particular, operational ...

Operational resilience: Where is global regulation heading?

Regulators in the financial sector have been tackling the field of operational resilience head on for the last few years. Different regions are in ...

Operational Resilience Series #1: What is operational resilience?

One of the key concepts getting serious airplay on the current risk management stage is operational resilience. It is a key focus of global financial ...

Year of discontent: Will strikes hit your business?

Inflation is on the rise, pushing up the cost of living. They say a picture is worth a thousand words, in which case this picture is a good place to ...

Rogers outage: When a resilience failure takes out a nation

We live in an increasingly connected world, and most of us experience that connectivity through our mobile phones and our home or work internet. How ...

Cyber risk: Bringing resilience to remote working

Most businesses and security experts agree that the shift to remote work has encouraged malicious actors and opened new attack surfaces for them to ...

Operational resilience: Standalone or an integral part of ERM?

Like many professions, we risk managers seem to be masters at picking the latest trend and promoting it as if it’s the only thing that matters. ...

Wells Fargo: The standard you walk past?

The US retail bank Wells Fargo has had a considerable number of incidents over the last several years.

How Lotto NZ placed its risk management bets on Protecht.ERM

Lotto NZ (officially the New Zealand Lotteries Commission) is a Crown entity that operates lotteries nationwide. It's been one of New Zealand's ...

Pinnacle stays in control worldwide with Protecht

Pinnacle Investment Management supports a diverse range of affiliate investment management firms across Asia-Pacific, EMEA and North America. ...

Airline delays: Is your operational resilience program flying high?

After some of the toughest years ever for the airline industry, travel is back on the cards as we adapt to the ‘new normal’. However, that new normal ...

New FDIC rules will help banks manage crypto risks

In April, the US banking regulator FDIC issued Financial Institution Letter 16-2022 on crypto-related activities to the banks that it supervises.

Retro Risk: Pepsi versus the Pentagon

How many brands can claim that their consumer goods promotion warranted a statement from the Pentagon? It turns out that the answer is “at least ...

Why insurers should follow a risk appetite approach to ESG

Global speciality insurer Chaucer Group has committed to net-zero greenhouse gas emissions by 2050. The insurer and reinsurer is among a growing ...
ESG

Barclays SEC breach shows no bank is immune to compliance failure

A few months ago, UK lender Barclays Bank announced that it had discovered a compliance breach from 2019 in its US operations. The bank sells ...

Is Google's multi-million fine a wake-up call for data protection?

Google is the latest tech giant to be fined for violations of GDPR provisions. The €10 mn (US$11 mn, AU$15mn) fine was issued by the Spanish data ...

Risk bow ties: Mutually exclusive and collectively exhaustive?

In our recent webinar Risk Art Class - Visualize your risk with bow tie analysis, we were asked an interesting question: "How do you ensure that ...

Operational resilience: Is your software supply chain soft?

According to a recent survey of over 1000 Chief Information Officers by identity management provider Venafi, 82% believe their organisation is ...

ERM Webinar Review: Moving from a Siloed to a True Enterprise Approach

The traditional siloed view of risk management has evolved over many years of its development as a discipline, but there is increasing pressure to ...

Why insurers need to prioritise the digitisation of risk and compliance management

The global insurance industry has been impacted heavily by COVID and extreme weather events. Insurers worldwide have had to respond and adapt to such ...

Understanding what a practical Operational Resilience capability looks like

In this blog article, you will find the webinar recording of the session on Operational Resilience delivered by David Tattam, Chief Research and ...

ISO 37301: your next step in compliance?

Investment in compliance management continues to grow exponentially. In Macquarie Group’s latest financial results, compliance spend amounted to 17% ...

Risk Appetite Development and Operationalisation - Q&A

Protecht recently conducted a webinar on “Risk Appetite: Development and Operationalisation” covering our North American, EMEA and APAC markets. A ...

Are you allocating enough resources to compliance and risk management, and are you getting a positive ROI?

Macquarie Group has disclosed in its latest financial results that the group spent $785 million on compliance in the year to 31 March 2022, a 22% ...

Your Marketplace questions answered

What is Marketplace? Marketplace makes it easy to implement and scale Protecht.ERM. It provides templated registers, workflows and analytics ...

Impax reimagines risk in asset management

London-based financial services firm Impax Asset Management administers a suite of equity, fixed income and private equity investments. The company ...

Freeway harnessing the power of risk in the insurance industry

Freeway UK Insurance Services Limited, a leading provider of taxi insurance across the UK market, engaged Protecht to deliver a holistic risk ...

Risk Appetite Driven Decision Making

"Would you rather?" is a party game that poses dilemmas by asking questions starting with "would you rather?". As an example:

4 Ways Marketplace Will Change Your Enterprise Risk Management

Establishing an ERM system can be as daunting as building a house from the ground up. There are hundreds of decisions to be made that will affect how ...

ERM and other Risk Management acronyms

The management of an organization's risks on a true enterprise basis should be the aim of contemporary risk management. Enterprise Risk Management ...

What we can all learn from the APRA prudential inquiry report into the CBA

Taking Risk Management to the next level  The APRA report of the prudential inquiry in the Commonwealth Bank of Australia (CBA) was issued on 1 May ...

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan ...

Top 5 Risk Management Challenges for FinTechs

It’s clear that today’s operating environment is changing at a very rapid pace, which means the risks are evolving fast, too. In this blog, we ...

Operational Resilience Leadership Webinar Wrap Up

The drivers of operational resilience are creating a perfect storm. On one hand, the financial services regulators are demanding action while on the ...

Investing in Operational Resilience – the most lucrative investment you will ever make!

The World Economic Forum has estimated that “Fighting COVID-19 could cost 500 times as much as pandemic prevention measures”[1]. This means that an ...

How Melbourne Polytechnic implemented a system that manages risks in a fluid tertiary education environment

Melbourne Polytechnic’s risk reporting was labour intensive and data was scattered across various platforms, making it difficult to access and ...

How the British Council implemented a centralised audit and incident management system in 100+ countries

The British Council exams program lacked up to date solutions for managing exams audit, incident management, and associated processes. Implementing ...

Risk Bow Tie Leadership Webinar Wrap Up

Risk Bow Tie Analysis is a powerful tool to document and communicate any type of risk. At Protecht we have always been passionate about the Bow Tie ...

Tie your risks with a Bow Tie

  The dress Bow Tie originates from the 17th century. Croatian mercenaries held their shirts together around the neck using tied scarfs during the ...

Are you really in control of your Culture and Conduct risks?

The list of key risks that should be keeping us awake at night seems to be forever changing. Whatever your list, Culture and Conduct Risk should be a ...

Webinar Q&A: Protecht.ERM Risk Management System Showcase

We want to thank Adel Fakhreddine for answering the questions and also to all the participants around the world for being really proactive and ...

Victorian Government raises the bar on Risk Management. How will you rise to the occasion?

The Victorian Government’s Risk Management Framework (VGRMF) which applies to Victorian Government departments and public bodies covered by the ...

From Static to Dynamic WHS Risk Reporting. WHS series session 10.

In this blog, David Tattam summarises his insights from the tenth live session "From Static to Dynamic WHS Risk Reporting" in the webinar series "A ...

Risk Culture Audits!

The IIA-Australia's guide is a timely reminder of the need for continued focus on risk culture. Although the guide is focused on Financial Services, ...

WHS Compliance and Compliance Risk Management. WHS series session 9.

Protecht’s eleven part complimentary webinar series focusing on a comprehensive deep dive into Workplace Health and Safety (WHS), kicked off on 23 ...

A Risk Management Framework for WHS. WHS Series Session 3.

In this blog, David Tattam summarised his insights of the second live session "A Risk Management Framework for WHS" in the webinar series "A Deep ...

Risk and Hazard Assessment. WHS Series Session 4.

In this blog, David Tattam summarised his insights of the fourth live session "Risk and Hazard Assessment" in the webinar series "A Deep Dive into ...

Understanding WHS Treatment Methods and Controls. WHS Series Session 2.

In this blog, David Tattam summarised his insights of the second live session "Understanding WHS Treatment Methods and Controls" in the webinar ...

Incident Management. WHS Series Session 7.

In this blog, David Tattam summarised his insights from the seventh live session "WHS Incident Management " in the webinar series "A Deep Dive into ...

Controls Design and Controls Assurance for WHS. WHS series session 8.

Protecht’s eleven part complimentary webinar series focusing on a comprehensive deep dive into Workplace Health and Safety (WHS), kicked off on 23 ...

Identifying, Tracking, Monitoring and Reporting WHS Risk Metrics. WHS Series Session 5.

In this blog, David Tattam summarised his insights of the fifth live session "Identifying, Tracking, Monitoring, and Reporting WHS Risk Metrics" in ...

How Toyota Financial Services Australia Went from Manual to Auto

Craig Greenwood, Former Toyota Financial Services Chief Compliance Officer, and his team wanted to continue using established business procedures but ...

Operational resilience

Over the past ten years, consumer banking behaviours have significantly changed. Today, the majority of customers engage banks via digital channels. ...

How will you shape the future of Risk Management?

A futurist’s role is to help shape the future of something (risk management) in order to make it more relevant and valuable based on: Its known ...

Webinar Wrap-up: Managing Disruption – The Keys to Riding the Storm

Over 800 risk professionals joined Richard Waterer, Managing Director EMEA for Aon, and David Tattam, Director of Research and Training from The ...

Understanding Workplace Health and Safety Risks

Protecht’s eleven-part complimentary webinar series focusing on a comprehensive and deep dive into workplace health and safety, kicked off on 23 July ...

Webinar Q&A: How COVID-19 learnings will shape the New Normal of Risk Management

During our live webinar session on How COVID-19 learnings will shape the New Normal of Risk Management, our participants asked questions covering ...

It all starts with sound Risk Management

This interview was featured in the Forge Magazine. You can access the full publication here.  Too many organisations view risk management as a ...

Aligning your Workplace, Health & Safety capability with an ERM framework. WHS Series Session1.

What does ERM mean? Enterprise Risk Management (ERM) is becoming increasingly accepted as an integral part of business management processes within ...

A Roundtable of COVID-19 Experiences Across 36 Organisations

The sharing of experiences at any time of life is an enriching and valuable experience. In times of crisis, experience sharing is gold. A key factor ...

Managing the War Room

One of the early observations we have made from the COVID-19 crisis experience to date relates to the operations of the war room and the crisis ...

COVID-19 Operational Resilience: Where will you bounce?

In a recent post by Warren Black, he stated: "Clearly, organisational resilience in the face of disruption, is not about bouncing back but rather ...

Compliance Management and COVID-19 – Joined at the Hip

Compliance at the best of times is often met with sighs and feelings of burden and “we need to do it because we’ve been told to” attitude. In a ...

Analysis and assessment of the treatment methods and controls for COVID-19

Now that the Pandemic risk has “hatched” and we are operating in the midst of its development, it has produced a substantially changed risk profile ...

Webinar Q&A: How to easily measure your risk culture

You can find here the list of questions and answers to the topics that were raised during the live session of the webinar: How to easily measure your ...

Webinar Q&A: Best practices to measure and manage Risk Culture

You can find here the list of questions and answers to the topics that were raised during the live session of the webinar: Best Practices to measure ...

Risk Culture Dashboard

Risk Culture is the system of values and behaviours in an organisation that guides all risk-related decisions. We believe that getting the right ...

The 20 Critical Questions Directors Should Ask About Internal Audit Resourcing 

Here are some audit committee questions you can ask to check the adequacy of internal resources: Organisation requirements 1. Does the internal audit ...

Culture and Conduct Risk – Myths and Realities

I have hope. Hope that my children (14 and 12) and their fellow Gen Zs and Gen Alphas will fix us. We are well on the way – the #MeToo movement and ...

Risk Management Training to Improve Your Business

As a business seeking to maximise your return on employee investment, there’s hardly a better choice than to educate staff at all levels with risk ...

Common IT questions around Risk Management Software

If you're reading this article, it's likely that you're facing one of these two scenarios: You are a risk manager looking for risk management ...

Dynamic Risk Profiling

At the end of last year I had the opportunity to do a workshop at the Annual Risk Leaders Conference organised by the Institute of Risk Management ...

Easy Monitoring with Health and Safety Incident Management Software

Our health and safety incident management software, Protecht.ERM, will help your organisation to minimise loss and disruption to your operations due ...

Use Protecht.ERM for Effective Enterprise Risk Management

Protecht.ERM is trusted by countless enterprises across dozens of different industries to deliver their ERM capability. Financial organisations that ...

Non-Financial Risk – Why the big focus?

The latest focus in risk management seems to be "Non-Financial Risk". Search for "Non-Financial Risk" on Google and you will be returned everything ...

Internal Audit and Enterprise Risk Management

What is Internal Audit? "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an ...

Understanding RiskInMotion: How to bring all your risk information into one dashboard

Risk is always in motion - its measurement is forever changing. In this webinar, David Tattam and David Bergmark talk about how using dynamic ...

The Risk and Control Self Assessment Process in an Integrated Risk Management Framework

This is part 3 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about the eight ...

Auditing your Control Framework - SOPAC 2019

How do you encourage your staff to embrace risk and controls? In this recording, David Tattam talks about how understanding the dynamics and ...

Managing Risk with the Second Line of Defence Launchpad

The Second Line of Defence Launchpad within the Protecht.ERM system is an effective and interactive visualisation designed specifically for the Line ...

Risk Governance and the Three Lines of Defence

Effective risk management requires governance structures and processes commensurate with the organisation’s context. Regardless of the organisation’s ...

Expected and Targeted Risks

Are they useful? Residual risk, the risk after considering existing controls, is universally accepted as important to assess in the risk assessment ...

Inherent Risk – Is it useful?

The ISO 31000:2009 standard does not refer to “inherent” risk. Is this a deliberate omission and if so, what is the reason? This leads to the ...

The 6 key elements to creating and maintaining a good risk culture

You can take a horse to water but you cannot make it drink. You can take risk management to your business but you cannot make them do it. People, to ...

Integrated Controls Assurance – Maximum Assurance, Minimum Effort

Controls assurance is a critical component of any robust risk management framework, providing an organisation with: Objective evidence that controls ...

Key Components of a Compliance Framework – The Obligations Register

What is the definition of Compliance? Compliance is an outcome of conforming to a rule. That rule may arise from an external source such as a law or ...

7 Steps of the Risk and Control Self Assessment (RCSA) Process in Your Personal Life

This post is part of our series Operational Risk Management – Learning from yourself as an expert already! My last blog highlighted the extensive use ...

Need Help Defining a Risk Control?

6 Key Questions to Define Risk Control In last week's blog, I discussed the basic but often confused issue, of describing operational risks in a ...

Can Residual Risk Be Higher Than Inherent Risk?

  For those that adopt inherent risk in their risk assessment process, there is general recognition that inherent and residual risk are connected in ...

Risk Velocity - The Third Dimension of Risk?

The primary purpose of risk management is to create and preserve value. Rather than it being a chore or a regulatory demand, risk management should ...

Featured Articles

feature image

Managing Risk and Compliance in a COVID-19 World

This is the time for a well-developed, well-embedded and well-operated enterprise risk management framework and processes. It is not a time to throw away risk management thinking. It is a time to bring it into action.
feature image

Redefining Risk - Never Look at Risk the Same Way Again

What was once a backstage concern must now play a leading role. The reality is, if you want to be better as a company, you need to get better at taking risks.

Get practical resources in your inbox every month.

Thought leadership content on risk management, governance and compliance.

Subscribe Now