WolfPAC Integrated Risk Management Blog

HIMSS 2019: OCR Asserts the Importance of Continued Risk Assessment Programs

At the recent HIMSS 2019 Conference in Orlando, I was able to attend a number of informative sessions focused on risk management. One session in particular that stood out was the update from the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), given by Roger Severino, Director, and Nick Heesters, Health Information Privacy Security Specialist.

... Read more
 
| Author Kevin Creedon, tagged in Risk Management, Compliance Risk Assessment, Cybersecurity, Information Technology, IT Risk Assessment, Vendor Management, Vendor Risk, IT Risk, Disaster Recovery, Disaster Recovery Planning, WolfPAC

KPI or KRI - Is the difference important?

rear view and forward view image
One question that I keep hearing is about the difference between a Key Performance Indicator (KPI) and a Key Risk Indicator (KRI). Examiners are starting to hone in on this now as well, telling us it is something we want to pay attention to. In short, a KPI is a backward looking indicator, and a KRI is a forward looking indicator. One tracks how well you did, and the other attempts to predict where you are going. If you are just starting out in setting up risk indicators for your monitoring activities and Risk Appetite Statement, it is more important to get your monitoring tasks set up and working in a useful way, then to get bogged down in the difference between backward and forward looking. In other words, having some monitoring program in place is better than waiting until all risk indicators are perfectly classified as forward looking or backward looking. That being said, it is important from a regulatory perspective, and just plain good business practice, to be able to monitor risks from both perspectives. You'll eventually want to get to this level of maturity.

... Read more
| Author Randy Marsicano, tagged in Enterprise Risk Management, Risk Appetite Statement, Risk Management, Key Risk Indicators

Do I Really Need to Assess ALL Of These Vendors?

Some organizations can have hundreds of vendors, and risk assessing all of them can be a battle. You might not have all the resources you need to do a full risk assessment on all of them and frankly - you don't have to. Here are three tips for third party assessments that will help keep you on track for your organization's security and your regulatory visits.

... Read more
 
| Author Ava Lucivero, tagged in Vendor Management, Vendor Risk

ERM is not reactionary: The One Thing You Can Do To Strengthen Your Enterprise Risk Management Program

If you're the Risk Manager at an organization, it's a pretty safe bet that you're feeling like you don't have the resources available to properly secure your organization. You might also feel like it leads you to a reactive management style, pinged by regulators and following up instead of building baked in controls and security.

... Read more
| Author Randy Marsicano, tagged in Enterprise Risk Management, Risk Appetite Statement, ERM, Risk Management, Key Risk Indicators

Introducing: WolfPAC Third Party Risk Management

Managing vendors at your organization can feel like herding cats. Every department has vendors that they use for services, and keeping all the contracts, due diligence information, and monitoring activities organized and centralized can feel downright impossible. This doesn't even touch on the often changing regulations you need to understand and adhere to - and determining the standards that will keep your organization both protected and compliant.

... Read more
 
| Author Puja Ghiya, tagged in Vendor Management, Vendor Risk, Due Diligence

Subscribe
Subscribe To The WolfPAC Blog

Stay up to date with Enterprise Risk Management news, topics, and trends.