Risk, risk, risk. It seems like a new one materializes in my inbox each week.

I don’t want to add to your list of insomnia sources, unless there’s a viable threat. So, let’s consider the following risks more of a radar-screen update: Are they on your company’s risk radar?

These topics – environmental performance and employee engagement – are quite different. The first tends to receive too much attention (not that it doesn’t deserve much attention, but its very nature tends to arouse an emotional response). The second risk, declining levels of employee engagement, receives too little attention. more

Accountants have wrestled with the question of materiality forever and often have used a “5 percent rule” when it comes to determining materiality. In short, the theory behind this “5 percent rule” is that investors would not be unduly influenced by variances in net income or income statement line items that are under 5 percent. Most would agree that determining materiality it not a cut-and-dried deal.

This “5 percent rule” of materiality most often is applied to financial statement representations and disclosures. But there are plenty of business events where materiality matters. And when it relates to fraud, “what does it really mean?” more

Nearly 45 out of 50 European-based GRC executives (including those from Barclays, Lloyd’s, and Swiss Re) expect their companies to increase or hold steady their GRC technology spending next year.

This press release contains more information on the reasons behind their GRC bullishness along with some interesting tidbits.

For example, 53 percent of survey respondents indicate that their organizations currently use a “siloed” GRC approach. However, more than nine out of 10 of these same respondents expect their organizations to move to an integrated GRC program within the next three years. ###

I’ve discovered another golden building block in my ongoing effort to construct The Ultimate Guide to Ethical and Effective GRC (are you listening, Wiley, HBS, and Penguin/Portfolio?).

Recently, I’ve been studying GRC talent preferences as well as the makeup of operational risk councils (or risk committees), which seem to exist in every leading GRC organization. More recently, I’ve been honing in on the art and science of “exception management.”

I want to hear from you about this pivotal process. How do you handle exception management? What works? What doesn’t?

Exception management is the process by which people respond to the information that GRC technology spits out. As those of you with GRC application experience know, these tools can spit out a deluge of information. That’s why I love this topic; it blasts all of the core business elements to center stage: people, process, and technology.

When executed correctly, exception management enables the organization’s investment in GRC technology to generate valuable returns; it also helps business process owners take on greater GRC responsibility (without too much extra heavy lifting).

However, if exception management is ignored or botched – and it often is – the technology and the entire GRC program can falter. (One internal audit executive told me about a real-life situation in which an application continually e-mailed exception alerts – about a potentially major internal controls red flag – to a manager who no longer worked at the company.) more

With a new commissioner, Gary Gensler, now at the helm of the Commodity Futures Trading Commission (CFTC), the agency likely will head in a different direction than it has in the past. “Gensler clearly is in the Obama camp and very activist from the point-of-view of wanting to re-regulate,” says Michael Gorham, a professor and director of the Stuart Center for Financial Markets at the Illinois Institute of Technology. Gorham also was the CFTC’s director of market oversight for several years starting in mid-2002. more