WolfPAC Integrated Risk Management Blog

Does a “Fits and Starts” Culture Drive your Risk Management Program?

We’ve all made that contractual purchase - the one where you sign your name to purchase a car and realize you are now confronted with deciding how to use all the new features and functionalities, where to navigate first, or even what errand to accomplish. Signing the contract to license WolfPAC, puts you in a similar driver seat, and empowers you to drive forward with a roadmap to finally complete all those risk assessments using a software package instead of clunky spreadsheets. Receiving a finding on your last exam could make you want to accelerate significantly to complete the outstanding risk assessments in WolfPAC.

... Read more
| Author Lisa Spampinato, tagged in ERM, Risk Management, Information Technology, WolfPAC

How Much of Your Capital is at Risk



Although a solid compliance program may not help you grow revenue, a weak compliance program can cost you plenty in the long run. On the other hand, ERM programs are different; a solid risk management program is a source of competitive advantage. If your Chief Risk Officer presents the ROI of new investment alternatives after having established a track record of documenting and monitoring ALL the threats to your business, instincts should be to assertively move forward if the rest of the business is sound. But, how do we know when ALL the threats are known and how do we know if serious danger is not on the horizon?

... Read more
| Author Mike Cohn, tagged in Enterprise Risk Management, ERM, Risk Management, Operational Risk, Compliance Risk Assessment, Regulatory Compliance, Cybersecurity, Information Technology, IT Risk, WolfPAC

HIMSS 2019: OCR Asserts the Importance of Continued Risk Assessment Programs

At the recent HIMSS 2019 Conference in Orlando, I was able to attend a number of informative sessions focused on risk management. One session in particular that stood out was the update from the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), given by Roger Severino, Director, and Nick Heesters, Health Information Privacy Security Specialist.

... Read more
| Author Kevin Creedon, tagged in Risk Management, Compliance Risk Assessment, Cybersecurity, Information Technology, IT Risk Assessment, Vendor Management, Vendor Risk, IT Risk, Disaster Recovery, Disaster Recovery Planning, WolfPAC

KPI or KRI - Is the difference important?

rear view and forward view image
One question that I keep hearing is about the difference between a Key Performance Indicator (KPI) and a Key Risk Indicator (KRI). Examiners are starting to hone in on this now as well, telling us it is something we want to pay attention to. In short, a KPI is a backward looking indicator, and a KRI is a forward looking indicator. One tracks how well you did, and the other attempts to predict where you are going. If you are just starting out in setting up risk indicators for your monitoring activities and Risk Appetite Statement, it is more important to get your monitoring tasks set up and working in a useful way, then to get bogged down in the difference between backward and forward looking. In other words, having some monitoring program in place is better than waiting until all risk indicators are perfectly classified as forward looking or backward looking. That being said, it is important from a regulatory perspective, and just plain good business practice, to be able to monitor risks from both perspectives. You'll eventually want to get to this level of maturity.

... Read more
| Author Randy Marsicano, tagged in Enterprise Risk Management, Risk Appetite Statement, Risk Management, Key Risk Indicators

Subscribe To The WolfPAC Blog

Stay up to date with Enterprise Risk Management news, topics, and trends.