Inherent risk and control risk are two of the three parts of the audit risk model, which auditors use to determine the overall risk of an audit. Inherent risk is the risk of a material misstatement in a company’s financial statements without considering internal controls.

If your organization has a presence in California or does business with California residents, then it probably needs to comply with the California Consumer Privacy Act (CCPA). CCPA compliance is no easy task but never fear: Using this checklist and our CCPA audit guide can help smooth the way.

For decision making, “reactive” tends to be frowned upon in the business world. “Proactive” is the preferred mode and has been pretty much since the word was coined (in 1933).

A formal, written vendor or third-party risk management policy is the first step in developing your vendor risk management program, and essential to that program’s success. Vendor risk management encompasses third-party risks as well as that of your vendors’ vendors — fourth-party risks — and is an important component of any cybersecurity program.

A change is coming for privacy protection. Are you ready? For the past twenty years, most financial services businesses fell under the requirements of the Gramm-Leach-Bliley Act (GLB Act or GLBA). This law federally governed the collection and disclosure of customers’ personal financial information. However, on January 1st, 2020, a new privacy rule—the California Consumer Privacy Act (CCPA)—wentis going into effect.

Cyber supply chain risk management touches all aspects of a business. Supply chain risk management (SCRM) is not solely the responsibility of cybersecurity, but instead a partnership between sourcing, vendor management, cybersecurity, and transportation. The National Institute of Standards and Technology (NIST) released a set of best practices for cyber supply chain risk management in 2016.

Strategic risk and operational risk are both valuable to organizations and are critical in managing an organization’s overall risk management program. Organizations are finding that strategic risk management is something that can’t be done the same old way and requires new creative thinking in order to execute successfully. Operational Risk Management is important to make sure there are plans in place to remove roadblocks in order for organizations to execute against their strategic plans.

Reciprocity’s mission is to connect the people, processes, and technologies critical to our customers information security risk and compliance management. As InfoSec becomes increasingly more complex, our customers want to become more agile in their risk management strategy. It is important for them to have better visibility and be able to respond to changes quickly.