The end of the world, Mayan-calendar-style, in 2012? Nah (fingers crossed).

Another global financial crisis before 2015? Well … maybe. more

There have been interesting developments in risk management lately, as evidenced by one new book and one new standard.

The standard is ISO 31000, which GRC analyst Michael Rasmussen lauds for its “simplicity and adaptability” in this post.

Rasmussen contrasts this new standard with the COSO ERM Integrated Framework, which he describes as lacking the “pragmatic simplicity and agility that ISO 31000 delivers.”

The book is Harvard-trained economist and strategist Mia de Kuijper’s Profit Power Economics, which shows how a business can better control profits while – and by – spreading the risks.

Pepsi-Cola is featured as a prominent case example. The company owns global brands but not the parts of the “value system” where most of the grunt work is performed (and, important, where large capital expenditures are required). Pepsi-Cola balances the economics and risk-sharing so that they receive superior return on capital. The book shows why their returns, in many ways, are relatively risk-free because they don’t need to own a truck, hire a deliveryman, or run a filling line. ###

At the Storage Networking World conference this fall, Computerworld reported deduplication was high on the shopping list of IT managers. Not surprising: Deduplication promises to revolutionize disaster recovery.

Deduplication isn’t exactly new. I have been writing about it for years: here at Business Management, and at Tech Target, and again at Storage Magazine.

The reason is simple: Deduplication makes it practical to back up data to disk. Organizations are being swamped with a flood of data while their own practices cause them to repeatedly store and back up multiple copies of the exact same data. This is supremely wasteful. Deduplication eliminates much of this waste. more

A new OpenPages survey shows that IT risk management practices are moving in a promising direction.

The survey contains several results that strike me as pleasant surprises … along with a couple of results that point to trouble spots.

First, the happy news: 66 percent of respondents report that their employees can speak openly about IT risk. You can’t manage risk if you don’t measure it, and you can’t measure it if you don’t discuss it. This is a promising step, considering how complicated it can be to discuss IT risk outside the IT department. more

After recovering from some hand surgery, I am now able to restart my blog postings. Sorry for the short sabbatical.

As the calendar year is rapidly coming to a close, this means that the annual closing and audit process is once again starting to get on our minds. And regardless of whether or not you have to contend with SOX compliance issues, we all want to reduce the risk of control failure in our routine closing processes and in our internal controls over financial reporting.

The monthly (and annual) close process is a critical part of an organization’s internal controls. How well that close process is managed has a direct impact on timely decision-making during the normal course of business and on the level of reporting risks the CFO and controller have to consider. It is not unusual that close processes and account reconciliation management are manually intensive, time-consuming, and error prone. The term “hodgepodge” often comes to mind when talking about the close process. more