Risk management is a team sport. So whether we are assessing health risks during a pandemic, understanding the effect of natural disasters, or trying to block a cybersecurity attack, risk communication serves a vital purpose. Risk communication aims to inform and educate individuals so they can make informed decisions and take appropriate actions in the face of uncertainty.

As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer.

Misconfigured security settings can be disastrous for a company’s cybersecurity. In 2019, for example, a researcher discovered a security misconfiguration in the popular project management tool Atlassian JIRA that allowed him to access a vast amount of confidential data from companies that used JIRA. Unfortunately, Atlassian’s error is all too common.

Investments in effective risk management, and especially in IT systems to manage risk, have historically paid huge dividends. In a 2023 PwC US Risk Perspectives Survey, 57 percent of C-suite respondents reported seeing better decision-making capabilities thanks to investments in such applications. But there is still significant room for improvement in enterprise risk management, starting with better risk modeling and forecasting.

Cybersecurity is ever-changing and a critical consideration for business survival. One must always be prepared to keep their business secure and their customers satisfied. But how do you keep up with all the compliance framework changes, such as last October’s SOC 2 guidance updates? This was my challenge as the GRC manager at a SaaS startup: an updated compliance framework version would be released, and I’d need to figure out how to incorporate the new requirements.

Accounting is a core function in every business. Organizations need accounting teams to track revenue and expenses, evaluate financial performance, create budgets and financial projections, and maintain compliance. Skilled accountants provide up-to-date financial information to support decision-making. Unfortunately, the word “accounting” is often followed by the word “scandal,” especially given examples such as Enron, WorldCom, Tyco, Hertz, Lehman Brothers, and Bernie Madoff.

Network vulnerabilities can leave an organization’s entire IT environment compromised. Sensitive data can be lost or (even worse) stolen by cybercriminals. A data breach can severely harm your company’s reputation and bring substantial financial losses. Worse, these vulnerabilities are constantly evolving. Hackers have proven methods to infiltrate a seemingly secure network, and they employ various tricks, devices, and information to get the job done.

Data privacy has become a paramount concern in the digital age, as organizations collect and process vast amounts of personal information. As a result, governments are increasingly enacting data privacy laws. While the European Union’s General Data Protection Regulation (GDPR) sets a global benchmark for data protection, the United States lacks a comprehensive federal data privacy law. Instead, businesses operating in the U.S.

The collection and evaluation of audit evidence plays an important role in assessing an organization’s compliance with established standards. The American Institute of Certified Public Accountants (AICPA) serves as a guiding force, establishing methods that auditors should use to carry out their duties effectively. As auditors start their examination, they first collect and analyze various types of audit evidence, each serving as a piece of the puzzle that forms the auditor’s report.

Compliance with regulatory requirements works best when you understand the terms of art used in compliance and cybersecurity, such as the difference between penetration tests and vulnerability scans. You can perform many types of tests to assess the state of your data security, vulnerability scans and penetration tests being among the most important — but they are not the same thing, and they serve different purposes.