IT GRC Forum

We are pleased to announce the grand opening of the GRC Marketplace!

The IT GRC Forum an online resource and networking platform for the Governance, Risk Management and Compliance (GRC) Community.

• Reach key decision-makers with responsibility in purchasing GRC products & services.
• Activate your complimentary listing, and increase your company's exposure to our buyers

JAZD, the leader in online B2B directory service platforms, and Executive IT Forums Inc., publisher of ITGRCForum.com, announced today their new online Governance, Risk Management, and Compliance industry marketplace, GRCMarketplace, is now live and open to buyers here.

GRCMarketplace, powered by the JAZD directory platform, delivers complete listings of companies and products, deep industry content, user ratings & reviews, geographical search, side-by-side product comparisons, videos, webinars, downloadable product specifications, pricing and marketing literature, along with an array of social tools for users to share information and network with peers. This infrastructure combined with highly-engaged suppliers and buyers provides a new, more effective directory experience for the GRC industry.

"The launch of the GRCMarketplace is a perfect extension of the ITGRCForum," said Jamie Bedard, Founder and CEO at JAZD. "Working with Executive IT Forums Inc, we are able to provide their audience a full range of research, purchasing, education and networking tools."

JAZD, the leader in online B2B directory service platforms, and Executive IT Forums Inc., publisher of ITGRCForum.com, announced today their new online Governance, Risk Management, and Compliance industry marketplace, GRCMarketplace, is now live and open to buyers here.

GRCMarketplace, powered by the JAZD directory platform, delivers complete listings of companies and products, deep industry content, user ratings & reviews, geographical search, side-by-side product comparisons, videos, webinars, downloadable product specifications, pricing and marketing literature, along with an array of social tools for users to share information and network with peers. This infrastructure combined with highly-engaged suppliers and buyers provides a new, more effective directory experience for the GRC industry.

"The launch of the GRCMarketplace is a perfect extension of the ITGRCForum," said Jamie Bedard, Founder and CEO at JAZD. "Working with Executive IT Forums Inc, we are able to provide their audience a full range of research, purchasing, education and networking tools."

• 
• Join GSMI in Boston, MA on April 9-11, 2013 for the 8th installment of the Governance, Risk Management and Compliance Summit and save 15% with the d ...

Join GSMI in Boston, MA on April 9-11, 2013 for the 8th installment of the Governance, Risk Management and Compliance Summit and save 15% with the discount code TDITGRC15 on your registration.

The IT GRC Forum has announced the grand prize winner of an Apple iPad. Congratulations to Laura Buckley, whose name was randomly selected from more than 240 registrants when she attended our webcast on 'How to Select the Right MDM & BYOD Security Solutions' held on February 21, 2013.

Laura is SVP and Information Security Director at Cadence Bank. Here is a quote after she attended the session, "In response to a growing request for BYOD, my challenge is to find the best solution to protect sensitive corporate data on all types of mobile devices – at the best price. I've attended several webinars to ensure we are prepared to ask the right questions and evaluate appropriately. This webinar brought to light several items we had not considered and certainly was beneficial in providing material for the RFP and future conversations with vendors."

.

Upcoming Events

The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in enterprise risk management (ERM) practices.

John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola answered a series of questions written by marcus evans before the forthcoming 6th Annual Enterprise Risk Management Conference, March 19-20, 2013 in Chicago, IL. All responses represent the view of Mr. Brown and not necessarily those of Coca-Cola  

When it comes to quantifying risks within the supply chain, are there sure-fire approaches or methods to apply? Why or why not.

John Brown: The sure fire approach is to map your supply (value) chains, delineating the flow of value contribution from each node (value-adding operation) and through each link. As is normally the case, however, the sure-fire approach is not easy to implement, especially since the “map” must extent to tier 2, 3 and beyond suppliers, and downstream through customers to end consumers.  The effort and resources it takes to complete this mapping is insurmountable for most companies.  Some excellent work is taking place to visualize value chains by mining data in enterprise applications, such as SAP. But there are challenges even in this approach, which at best captures tier 1 suppliers. I am hopeful that elegant (and affordable) solutions will be developed in the next few years. 

What are some of the vital steps an organization must take to mitigate risks in the supply chain associated with fat-tail risks like Hurricane Sandy?

JB: Interesting question, and no easy answer. Risk management is essentially prevention, and few company reward structures are geared to prevention activities (as compared to reaction, such as crisis management).  Part of the difficulty is that it is next to impossible to demonstrate that risk management activities prevented an uncertain event from occurring.  The steps most companies can take today include understanding where they have critical dependencies, such as single-sourced materials or services, suppliers who are susceptible to external events, or vulnerable transportation/logistics links. And then establish arrangements to avoid a major disruption in the value creation chain. The challenge with this approach is that it ultimately increases your cost-of-goods, relative to a steady-state environment.  Where it pays off is if you experience a disruption and are able to flex with it.  A more fundamental approach is to design products and services with a view of minimizing exposure to disruptions. 

When it comes to risk buckets, how is The Coca Cola Company currently managing risks within the supply chain?

JB: You would think that the beverage industry is relatively simple. Yet it is an amazingly complex system, especially for a globally diverse company. Our approach has been to develop a common methodology and tools to identify, analyze and mitigate risks at every locally relevant business entity. We then use technology to create an aggregated view of risks at successively higher organizational levels. This approach ensures that risks are identified and managed at the local level, which in itself is true risk management across the enterprise. The sweet spot is where we can identify systemic risks across multiple entities and then apply higher level resources to solve these risks once, instead of multiple times, and with sometimes different approaches. Likewise, some risks that are seen at higher organization levels (which tend to be more strategic in nature) can be communicated to local entities as a watch-out. The strategies and processes we developed in the supply chain and technical areas have been adopted by the ERM team, so we have a single, unified approach to risk management across the company. 

What are some of the types of risks that are overlooked when it comes to the supply chain?

JB: Supply chain organizations tend to be focused on sourcing, making, moving and selling--and as such sometimes have a blind spot relative to external events that can significantly impact value chains.  Some of these risks exist in the political and social arenas, human resources, public perceptions, large-scale economic changes, and sometimes in the critical linkages in global value chains. The Fukushima earthquake (and the ensuing tsunami and  nuclear power impacts), the Thailand floods, the Eyjafjalla volcanic eruption, and the Middle East unrest all exposed weaknesses that crept into value chains as we continued to find ways to increase productivity and reduce costs.  It will always be a challenge to employ risk prevention in the face of constant pressures to reduce costs.

As a speaker for the 6^th Annual Enterprise Risk Management Conference, what do you look forward to most about attending this event?

JB: Learning about the strategies, tools and techniques companies are using to implement risk management programs, with a focus on effectiveness and efficiency. Risk management is an evolving discipline, with many approaches and espoused best practices. Over the last few years I’ve seen a gradual move towards a common set of guiding principles, with a focus on identifying and preventing risk events. This is a critical step in my view, and ISO 31000 has provided a foundation.  Too many risk management programs focus on compliance or reaction. So, the move towards a focus on prevention is welcomed.

John J. Brown, a registered professional engineer, Associate in Risk Management-ERM (ARM-E) and Certified Protection Professional (CPP), has worked directly in the risk management field for well over a decade, and indirectly most of his career. Since joining The Coca-Cola Company in April 2008, John has developed a risk management strategy and processes for the Company's global value chain, and is currently implementing that strategy.

For more information please contact Michele Westergaard, Senior Marketing Manager, Media & PR, marcus evans at 312-540-3000 ext. 6625 or Michelew@marcusevansch.com. 

Identity theft is the easiest crime to commit and the hardest crime to get caught for. It has been said numerous times that identity theft is the closest we’ve ever come to the perfect crime.  This explains why a recent study by ID Analytics found more than 10,000 identity fraud rings in the U.S.  An identity fraud ring is a group of people actively collaborating to commit identity fraud. This study is the first to investigate the interconnections of identity manipulators and identity fraudsters to identify rings of criminals working in collaboration.

In a press release, ID Analytics states that many of these fraud rings are made up of two or more career criminals, surprisingly, others are family members or groups of friends. The ring members may be either stealing victims’ identities or improperly sharing and manipulating personal identifying information such as dates-of-birth (DOB) and Social Security numbers (SSNs) on applications for credit and services.

Other findings of the study include:

Hotbeds for Fraud Rings—States with the highest numbers of fraud rings include Alabama, the Carolinas, Delaware, Georgia, Mississippi and Texas. The three-digit ZIP codes with the most fraud rings observed are areas around Washington DC; Tampa, Fla.; Greenville, Miss.; Macon, Ga.; Detroit; and Montgomery, Ala.

Fraud in the Countryside—While many fraud rings occur in cities, a surprisingly high number were also found in rural areas of the country.

Consumers’ best protection against identity theft begins with a credit freeze or identity theft protection. But businesses can do more to protect the public by not allowing stolen credentials to be used for fraud in the first place.

Identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials.  For businesses, what might typically look like a single transaction can often be calculated attacks across multiple businesses, according Oregon-based iovation Inc. and the businesses that it protects. One computer (or a group of related Internet-enabled devices including smartphones) may open new credit card accounts, make online retail purchases, and schedule shipment of stolen goods — yet iovation’s view of device-related activity can connect these relationships across multiple businesses, geographies and industries — in order to detect and stop cybercrime, and make the Internet a safer place to interact and do business.