This week on Office Hours (https://officehou.rs), hosts Kevin Legere and Dan Zitting discuss third party risk management by looking at a situation where contract risk/vendor risk led to several very large organizations being substantially over-billed and the vendor itself having to restate its financial statements after rectifying the issue. We'll dig into how it happened and using "big data" to identify and resolve the issue.
This week on Office Hours, hosts Dan Zitting and Kevin Legere summarize Kevin's experiences as a data analytics consultant to audit and compliance teams who are just getting started with an analytics program. Kevin distills the what he found are really the five key steps to getting off the ground and building your first "data robots". These worked at Fortune 500 company's and the US Federal Government, hopefully they work for you if you are just diving into "data-powering" your team or function!
This week on a LONG and in-depth Office Hours, hosts Dan Zitting and Kevin Legere try to teach the basics of using scenario modeling (or simulation analysis) to enhance risk management and risk assurance. Scenario modeling enables GRC professionals to make far more informed risk decisions by considering the universe of potential outcomes of a given risky scenario... by understanding the probability of outcomes that are inside or outside the organization's risk tolerance, we can make quantified and informed decisions that make the organization better and impress the crap out of management! We'll run through a real case study from the Arizona State Lottery to make the points, with a little side lesson what does "random" truly mean. Find out if the pick 3 lottery really is indeed truly random!
This week on Office Hours, our hosts, Dan Zitting and Kevin Legere, talk about managing risk events. What are risk events? They could be anything from an ethics hotline reports, conflict disclosures, security incidents, sexual harassment incidents, unexpected financial instrument value fluctuations, physical security breaches, vendor failures, etc., etc. No matter which function you're in or the risk you're responsible, it is surely possible to centralize the capture, review, and remediate these events in a way that maximizes assurance of appropriate follow-up while creating insightful reporting and automating much of the process. In this episodes we share examples of how to do so in ACL software, bu the principles apply regardless.