Tag Archives: Enterprise Risk Management

Institute of Risk Management East Africa Regional Group partners with Serianu Ltd to grow local cyber risk talent

The Institute of Risk Management’s (IRM) East Africa Regional Group (a member body of the IRM in the UK) and Serianu Ltd have agreed to work together on addressing the huge deficit of qualified risk managers in the region coupled with local public and private sector organisations needing critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed.

The collaboration is bidding to develop a fundamental home-grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.

Serianu Ltd is a pan-African cyber security consulting firm. The business has signed a Memorandum of Understanding (MoU) with the IRM that will engender collaboration on research, training, community out-reach and policy design.

IRMLogo

According to Dorothy Maseke, chair of the IRM’s East Africa Regional Group, Kenya especially needs 1,000 qualified risk management professionals annually, yet over the last three years the population has grown from just under 20 to around 120 today.

“Risk management is a relatively new field of professional practice yet, locally and globally, there’s a major shift by regulators to entrench high risk management standards,” explained Maseke. “Risk has become a core reporting requirement by management as well as a key responsibility of Boards of Directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters.”

New specialism

Maseke added that risk management had emerged as a new specialism as a result of changing business and public sector operating environments that have shone a spotlight on governance mechanisms. At the same time, the practice of risk management is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organisation from achieving its goals at any one time.

DorothyMasekeIRM

Dorothy Maseke

Threats and opportunities have been a standard in every organisation’s overall strategy for several decades, but now for the first time in corporate governance history, this is firmly set in the risk manager’s scope of work and monitored daily. Maseke noted that, in this way, organisations are also able to clearly assess and derive the benefits from investing in their systems and processes.

Carol Misiko, the East Africa Regional Group’s secretary, added that cyber risk is no longer a back-office IT team issue (although they clearly play a vital role). Misiko noted that today’s enterprise risk management function needs to be able to understand this constantly evolving risk, but also manage, monitor and report on this emerging risk.

Common interest

Speaking during the MoU signing ceremony, Serianu Ltd’s CEO William Makatiani observed that the two institutions have a common interest in growing the knowledge of Boards of Directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organisations.

“We’re collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” stated Makatiani. He added that, generally – and especially so in the public sector – the degree of compliance is still quite low and that many highly regulated private sector organisations are yet to get to cross the 50% mark.

Advertisements

Leave a comment

Filed under Risk Xtra

Institute of Risk Management forges alliance with Chartered Institute of Loan and Risk Management in Nigeria

The Institute of Risk Management (IRM) has signed a group affiliate scheme agreement with Nigeria’s Chartered Institute of Loan and Risk Management (CILRM).

The IRM is the leading global professional body for Enterprise Risk Management and currently has over 600 members across Africa, with active regional groups in Ghana, Kenya and South Africa. The organisation is currently in the process of setting up a group in Nigeria and Zimbabwe.

Legislation dictates that all companies over a certain size must have qualified risk management professionals in place in the region, highlighting the importance of risk management to the success of both organisations and the economy.

The scheme involves the CILRM purchasing 2,500 IRM group affiliate memberships which will then be allocated across the CILRM membership network. This means that the IRM’s counterparts can benefit from demonstrating their commitment to the risk management agenda by being part of a growing global network.

IRMAlliance

Other membership benefits include events, qualifications, networking and access to online materials.

Dr Ian Livsey, CEO of the IRM, said: “This is an exciting development for both the IRM and the CILRM when it comes to strengthening the risk management profession in Nigeria and for us to work more strategically going forwards.”

Livsey added: “The IRM already had a great footprint in Africa, but this news cements the importance of the developing Nigerian market. We’re keen to progress the risk management profession globally and determined to raise the importance of enterprise risk at Board level.”

Dr Sir Oladipupo A Bailey, president and chairman of the Governing Council of the CILRM, responded: “The signing of the Memorandum of Understanding with the IRM will not only strengthen the working relationship between the two bodies, but will also go a long way towards creating awareness of risk management’s importance for the Nigerian economy, both in the private and public sectors.”

He continued: “This is another milestone achievement for the CILRM and the IRM in terms of growing and developing the profession, especially in the areas of resource enhancement and capacity building.”

*The IRM has recently launched The Big Debate, which is a series of global events, interviews and a survey designed to find out more about the Risk Agenda 2025. Click here https://www.theirm.org/risk-agenda-2025.aspx for details

Leave a comment

Filed under Risk UK News

‘Demonstrating Cyber Security Readiness to Regulators through Risk Assessments’: White Paper issued by Hatstand

Specialist financial technology company Hatstand has issued a White Paper around regulators in the financial services world increasing their focus on cyber security and the need for businesses operating in this sector to view this as part of the overall enterprise risk management of a company. 

The White Paper discusses how performing a risk assessment can help a business deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets concerning current status and gaps in controls and processes. A baseline assessment can then be used to evolve a Working Plan designed to mitigate the gaps and demonstrate to the regulators and stakeholders that the business is taking its cyber risk management responsibilities extremely seriously.

Cyber security is, of course, a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices.

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Many industry experts predict that it’s not a matter of ‘If’ but ‘When’ a company will experience a cyber security breach. Indeed, it has been reported that the number of cyber security attacks increased by over 50% in 2014 when compared with the statistics recorded for the previous year.

The Security and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have made cyber security preparedness a top priority for their 2015 member firm examinations. Furthermore, the Commodity Futures Trading Commission (CFTC) is weighing in to the debate as indicated by the recent remarks made by its chairman, Timothy Massad, who said: “Cyber security is the most important single issue facing our markets today in terms of market integrity and financial stability.”

Policies and guidelines

More countries are taking the initiative to educate their ‘net’ citizens and are creating policies and guidelines for firms and individuals to create awareness of such crimes. In Europe, the EU is putting together a Cyber Security Directive that’s planned to apply to all business sectors. Although some of the EU regulations recently passed or currently under consultation have some cyber security elements, nothing has been specifically aimed at the financial services sector.

With cyber security directly affecting clients, data, networks, hardware, software and operations, the need to protect them from theft, business disruption and destruction is paramount.

Hatstand’s White Paper evaluates why businesses need to have sound governance practices in place and recognise that cyber security is more than just an IT-related issue. It also examines how the threat of a cyber attack should be viewed as part of the overall enterprise risk management of the firm, with Board oversight and a proper risk framework covering identification, protection, detection, response and recovery.

Firms should be identifying their possible risks, assessing the likelihood of events occurring and preparing their response(s). Once armed with this information, they can then determine their risk tolerance and prioritise their cyber security counter-measures. This is an iterative process that needs to be continuously reviewed and updated as the environment is constantly changing.

*Download a full copy of Hatstand’s White Paper

Leave a comment

Filed under Risk UK News

Securitas to host inaugural ASIS UK Enterprise Risk Management Northern Seminar

Securitas has been announced as the main sponsor and organiser for the inaugural ASIS UK Enterprise Risk Management Northern Seminar.

The seminar, which will take place at the University of Leeds on Thursday 9 April 2015, will afford delegates an understanding of how organisations can use Enterprise Risk Management to deliver their security and risk-related services.

Speakers on the day will include Neil Gammon (head of physical security at Sky) who will give an insight into managing enterprise risk within a creative media organisation and Dr Kevin Macnish, teaching Fellow at the University of Leeds. Macnish is to deliver a talk on how risk may be managed from an ethical perspective.

Securitas’ Gail Pinkerton, account director on the Workman contract, will present delegates with a Case Study on security risk management within a business environment, duly explaining how Securitas works alongside the property management and building consultancy to minimise and mitigate risk.

Dr Peter Speight CSyP: director of security risk management at Securitas

Dr Peter Speight CSyP: director of security risk management at Securitas

Speaking about the event, Dr Peter Speight CSyP (director of security risk management at Securitas, an ASIS UK member and recently elected UK Chapter Secretary) told Risk UK: “We’re very much looking forward to this event and we’re delighted that nearly 100 delegates have registered. Enterprise risk management is such a focused area for risk and security professionals. Indeed, the interest in this event has given us the confidence to look into hosting even more in the future.”

​ASIS International is one of the leading organisations for security professionals with more than 38,000 members worldwide, all of whom are involved in the protection of people, property and assets.

Founded in 1955, the organisation is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programmes and materials that address broad security interests.

The seminar begins at 1.30 pm and there will be drinks, canapés and networking opportunities from 6.00 pm. Those interested in attending should contact the ASIS UK Office either by telephone (01494 488599) or e-mail: info@asis.org.uk

Securitas awarded ISO 27001:2013 Information Security Management accreditation

Securitas is also pleased to announce it has been awarded the ISO 27001: 2013 Information Security Management standard, demonstrating the company’s firm commitment to providing the highest quality of service to its customers.

ISO 27001 is an internationally-recognised certification developed as a Best Practice standard which enables organisations to formalise and verify that risks are properly identified and managed. It also demonstrates to customers and stakeholders alike that the security of their information is taken seriously.

David Barlow of Securitas

David Barlow of Securitas

David Barlow, business standards and risk manager at Securitas, said: “In 2014, we completed an internal review of the whole of our UK security operations and realised we needed to concentrate on improving our data protection policies if we were to seriously advance in the security solutions aspect of the industry.”

Securitas duly sought the services of UKAS quality and compliance auditing body ALCUMUS, and soon realised that accreditation to ISO 27001:2013 Information Security Management would be required in order to satisfy the needs of both the security services and security solutions sectors.

In June last year, a member of the business standards team was appointed as project manager to concentrate on key areas which included the communications centre, ALCUMUS, environmental Health and Safety, the standards department, screening, finance, the Alarm Response Centre and the Help Desk function.

Following a period of internal and external audits and the creation of the Information Security Management System, all information – either printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films or spoken in conversation – is now handled and stored in a secure manner.

All assets, either physical or electronic, are also risk assessed and suitable control measures taken to ensure the security of these assets.

Subsequently, the ISO 27001:2013 accreditation has now been awarded in respect of Securitas’ UK operations in Birmingham, Wellingborough, Milton Keynes and Uxbridge.

Barlow concluded: “This accreditation demonstrates to our customers that we take all aspects of IT and data security very seriously indeed. I believe that not only will it be of great benefit in winning new clients but will also help us to retain our existing ones. I’m fully confident Securitas will be reaping the rewards of all this hard work in the months to come. “

Leave a comment

Filed under Risk UK News