Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Tip
19 Nov 2024
Best project portfolio management software and tools in 2025
Project portfolio management software and tools in 2025 promote strategic management of projects and agile tactics. Read our PPM list for guidance on which tools do what. Continue Reading
-
News
15 Nov 2024
Google breakup likely off the table under Trump
Donald Trump might not want to break up Google, but history suggests he won't slow antitrust enforcement efforts against bad actors. Continue Reading
-
Tip
03 Aug 2016
Aligning IT and compliance procedures increasingly a business priority
Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment. Continue Reading
-
Tip
28 Apr 2016
Without IT process documentation, companies risk being held 'hostage' by IT
As cybersecurity breaches surge, it's important that company leadership know what IT is up to. Kevin McDonald explains why IT process documentation is a must-have best practice. Continue Reading
-
Tip
08 Jan 2016
The steps to effective cybersecurity incident response
Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach. Continue Reading
-
Tip
07 Jan 2016
How to test your DR/BC plan
Woe to the IT organization that hasn't taken its DR/BC plan out for a spin. The right kind of testing will close the gaps and save IT and the business a lot of grief. Continue Reading
-
Tip
29 Sep 2015
How to govern your IT outsourcing provider after the ITO deal is done
The best ITO deals need tweaking as time goes on. Good governance ensures that you and your IT outsourcing provider are on the same page. Continue Reading
-
Tip
10 Mar 2015
Staff shortage impacted by security and compliance skills demand
The data threat landscape has forced companies to rethink hiring processes before a staff shortage negatively impacts security and compliance. Continue Reading
-
Definition
20 Feb 2015
agreed-upon procedures (AUP)
Agreed-upon procedures are the standards a company or client outlines when it hires an external party to perform an audit on specific tests or business process and then report on the results. Continue Reading
-
Tip
03 Oct 2014
SOX compliance reliant on data governance strategy, with IT support
SOX compliance hinges on an effective data governance strategy, but much needed help is available from information technology tools and processes. Continue Reading
-
News
31 Jul 2014
The benefits and drawbacks of regulatory compliance automation
Increasingly complicated compliance mandates have led some businesses to implement automated processes to save resources. Participants in July's #GRCChat said compliance automation can assist data management, but also warned of unintended consequences. Continue Reading
-
News
24 Jul 2014
What to include in a post-DR-test after-action review
What should go into your organization's after-action review following a disaster recovery test? #CIOChat participants suggest what to include in the report and why. Continue Reading
-
Tip
09 Jul 2014
Three steps to keep IT policies and procedures regulatory compliant
Corporate compliance and risk management expert Jeffrey Jenkins shares how he ensures IT policies and procedures remain in sync with current compliance regulations. Continue Reading
-
Feature
24 Jun 2014
Can automated segregation of duties benefit regulatory compliance?
In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits. Continue Reading
-
Tip
18 Nov 2013
Preparation underway for Dodd-Frank conflict mineral disclosures
Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations. Continue Reading
-
Tip
13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board
CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
-
Tip
22 Oct 2013
Three strategies to align organizational compliance and security goals
Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals. Continue Reading
-
Feature
30 Jul 2013
All aboard: CIO wins the battle, initiates centralized IT organization
Our SearchCIO IT Leader of the Year Award winner, CIO Eric Hawley, explains how he built a centralized IT environment -- starting with listening. Continue Reading
-
Opinion
12 Jun 2013
The GRC maturity model and value proposition
In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
-
Definition
06 Mar 2013
geolocation data
Geolocation data is information associated with an electronic device that can be used to identify its physical location. The most common example of geolocation data is an IP address. Continue Reading
-
Tip
28 Feb 2013
Four steps to defining and articulating the role of risk management
Risk management programs are under pressure from all quarters. Here are four steps to defining and articulating the role of risk management. Continue Reading
-
Definition
01 Feb 2013
business continuity management (BCM)
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
-
Tip
01 Nov 2012
Free IT organizational structure chart templates for the CIO
Use these free IT organizational structure chart templates to illustrate the relationships and hierarchy between various IT roles in your enterprise. Continue Reading
-
News
23 Apr 2012
ISACA: Update to COBIT 5 governance framework maximizes IT assets
ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. Continue Reading
-
Tip
16 Mar 2012
Five tips to help guide green compliance at your organization
As more industries push for environmentally friendly processes, green compliance is a major concern. Here are tips to help incorporate the right green IT practices at your organization. Continue Reading
-
Tip
02 Mar 2012
Is your SaaS system in line with SOX compliance requirements?
A SaaS vendor can provide many benefits, but adhering to SOX compliance requirements remains a concern. Here’s help to stay compliant when using Software as a Service. Continue Reading
-
Tutorial
03 Oct 2011
FAQ: Four criteria for an effective IT innovation strategy
In this FAQ, IT executives share four ways to kick-start and manage an IT innovation strategy that drives business value and transformation. Continue Reading
-
Tip
16 Aug 2011
How protecting against the OWASP Top 10 helps prevent compliance risk
Mapping security processes to protect against the OWASP Top 10 could ease Web application vulnerabilities and help some companies stay compliant. Continue Reading
-
Quiz
15 Aug 2011
Test your social media risk management IQ: A SearchCompliance.com quiz
Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
-
Tip
28 Apr 2011
How GRC, sustainability and CSR relate to one another
How your organization determines the relationships among GRC, sustainability and CSR depends on the context of each item -- and is dependent on management's goals. Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
Tip
10 Dec 2010
AML compliance and money service businesses
Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical. Continue Reading
-
Feature
17 Jun 2010
FAQ: GARP and how it helps you achieve better information governance
Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer. Continue Reading
-
Tip
06 Oct 2009
Threat management for information systems relies on categorization
Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
-
News
06 Oct 2009
GPS devices, geolocation data create privacy, security risks
Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
-
Tip
01 Oct 2009
HIPAA-covered entities' first step should be a quality assurance plan
HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading
-
Feature
22 Jun 2009
Chapter excerpt: Decision-making processes and IT governance
Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
-
News
19 Jun 2009
Twitter security risks, popularity spark regulatory concerns
Twitter can be used for social good, business and journalism, but the potential for exploitation by cybercriminals and noncompliance with regulatory requirements is real and growing. Continue Reading
-
Tip
09 Jun 2009
How AML compliance applies to remote deposit capture
Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take to ensure compliance with BSA/AML laws in their RDC implementations. Continue Reading
-
Tip
19 May 2009
Why it may not be ideal for your lawyer to be your compliance officer
While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers. Continue Reading
-
Definition
12 Mar 2009
Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. Continue Reading
-
Definition
29 Jan 2009
Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Continue Reading
-
Definition
06 Mar 2008
FFIEC compliance (Federal Financial Institutions Examination Council)
FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued) Continue Reading