Risk Bulletin

Key insights to help your organization manage risk and make timely decisions.

Fall 2016

What technology disruptions mean for the middle market

Middle market faces crucial test in managing disruptive technology.

Auditing culture - a piece of a broader governance puzzle

Internal audit plays an important role in auditing culture, however it is just one piece of a broader governance puzzle.

Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.

Regulatory compliance webcast - Summer 2015

Gain clarity on regulatory compliance issues impacting your organization in this discussion on strengthening your BSA - AML program.

Managing risk when choosing digital platforms: The keys for nonprofits

Digital platforms can support nonprofit success, but organizations must consider possible vulnerabilities and risks in addition to benefits.


Beyond compliance: Properly leveraging ERM for additional value

Many organizations leverage ERM to manage compliance and regulatory demands, but do not understand its potential to uncover business opportunities.

5 things to know about managing third-party relationship risks

Leveraging third parties can lead to significant efficiencies, but you must account for inherent risks that lie with your organization.

Effective board governance

Leverage best practices from high-performing boards to support growth initiatives and better risk management practices.

5 ways to protect your organization against cyberattacks

Protect your organization against cyber threats by ensuring the appropriate security controls are in place.

SOC 1 changes ahead

Learn what changes your organization must consider implementing following revised SOC 1 reporting guidance recently released by the AICPA.

Spring 2016

5 cybersecurity predictions for 2016

As cyberattacks become more frequent and sophisticated, RSM advisors discuss how to protect your organization against 2016’s emerging cyberthreats.

Minimizing fraud exposure with effective ERP segregation of duties controls

Companies must understand segregation of duties control risks that can result in fraud, and more effort and investment following ERP implementation.

3 steps to effective monitoring and testing for credit card issuers

Learn how your financial institution can better control regulatory risk associated with credit cards through a monitoring and testing program.

Risk management for third-party relationships

Gain insight on present-day third-party risk management issues and learn various solutions to better manage the overall relationship process.

Leveraging innovation: Utilizing the third platform to support success

Learn about the five emerging technologies in the third platform, and how successful implementation can increase data insight, access and efficiency.

Winter 2015

5 key risks companies should monitor in 2016

Companies need to plan now to manage employment, inflation, currency, cybersecurity and vendor risks in 2016.

Parsing the Difference Between GRC and ERM

Organizations understand the difference between compliance and risk management as concepts but not so much the difference between governance.

Data privacy

Clubs must be vigilant in protecting sensitive data. Learn key considerations to protect sensitive information.

Implementation considerations for enhanced prudential standards compliance

To build a robust risk management framework, FBOs need strong sponsorship from leadership and a robust organizational risk culture.

The real cost of a data breach

RSM is a sponsor of the NetDiligence® 2016 Cyber Claims Study, which provides greater insight to data breaches and associated damages.

Fall 2015

Continual PCI compliance: Securing cardholder data on a year-round basis

PCI compliance is a constant obligation; unfortunately, many merchants leave data vulnerable by only focusing on compliance before their annual audit.

Capital plan review and stress tests: Becoming compliant and adding value

Learn how financial institutions can manage increased capital planning and stress testing expectations and leverage these new processes to add value.

Using data analytics to detect and prevent fraudulent activity

Risk & Compliance magazine Q&A, featuring RSM professionals, highlights the benefits of using data analytics to combat fraud.

Is your enterprise risk management program ready for ORSA?

Learn key insights affecting insurance companies related to enterprise risk management and the Own Risk and Solvency Assessment (ORSA) process.

Summer 2015

The Functional Small Audit Department

With the right approach, small functions can provide as much value as their larger counterparts.

PCI DSS version 3.1: How will it impact your organization?

Learn how PCI DSS guidelines have been amended to reflect emerging threats and new technologies, and how changes may affect your business processes.

Avoiding risks when choosing a managed Information Technology services provider

The use of managed Information Technology services is growing due to greater efficiency and cost savings, but organizations must be careful to avoid increased risk.

SOC 2 common criteria: Addressing key changes in updated guidance

With the AICPA releasing changes to SOC 2 guidelines, service organizations must be aware of new demands and necessary framework adjustments.

Spring 2015

5 big IT threats facing financial institutions in 2015

2015 will bring increased focus on five IT threats facing financial institutions

Utilizing the compliance management system framework for vendor management

All regulated financial service entities must address evolving compliance and vendor management guidelines to protect consumers and avoid penalties.

Are you being overcharged for subcontractor default insurance?

Owners need to be aware of the various ways this insurance can be used as a hidden source of revenue.

Red flags that your licensee may be underreporting royalties

Learn how to identify and understand licensee red flags that could result in inconsistent royalty processes and potentially significant lost revenue.

Higher education: You’re already a data breach target

Higher education organizations should address data security and privacy issues now to offset debilitating damages later.

Winter 2014

SOC update: What recent changes mean for your internal control reporting

Service organization control (SOC) reports are in high demand, but recent updates have changed how internal control environments are communicated.

Executive summary: 10 ways to increase internal audit relevancy

Learn to increase the value of internal audit to the organization, by monitoring risk, but also identifying business opportunities and cost savings.

Implementing a proactive data security plan: The 3 stages of a data breach

Every business is vulnerable to a potential data breach, and companies must implement proactive strategies to prepare for, and react to, an incident.

Pre- and post-breach risks and ways you can protect your data

Learn about key pre- and post-breach data security risks consumer products companies must be aware of.

Fall 2014

Size doesn’t matter: The anatomy of a data breach

You may think you are too small to suffer a data breach. Think again. Hackers target businesses of all sizes and industries, and your data is at risk.

Executive summary: Simplify the complexity of third-party management

The use of third parties is increasing, and businesses must implement proactive strategies to mitigate financial, regulatory and reputational risks.

Information security due diligence: Did you buy an asset or a headache?

Performing information security due diligence on acquisitions can differentiate between a profitable transaction, a loss or a significant liability.

COSO Resource and Information Center

Information on COSO – from adoption tips to summaries of each of the principles.

Overcoming hidden risks within construction contracts

As construction fraud increases, know warning signs and implement measures to protect your organization and ensure projects deliver expected results.

Summer 2014

Sustainability in your organization: Expanding the role of internal audit

Internal Audit can add significant value beyond its typical role by helping create a proactive, sustainable organization.

Mobile banking at your financial institution: Key risks and countermeasures

The demand for and utilization of mobile banking services can bring more than just operational challenges when working to meet customer expectations.

Your year to be a better writer: Adding value to your reporting

Many internal auditors struggle to present the results of an audit in an effective manner and best represent findings.

Top 10 technology strategy trends for 2014

The following are ten common strategies companies are evaluating to increase performance and get the most out of IT investments

Spring 2014

Five reasons to re-evaluate your mobile security policy

A detailed look at the items that organizations should include in their mobile device security plans.

Sustainability in your organization: How internal audit can help

The role of internal audit in sustainable development of the organization

PCI DSS version 3.1: How will it impact your organization?

Learn how PCI DSS guidelines have been amended to reflect emerging threats and new technologies, and how changes may affect your business processes.

Maximizing royalty revenue: Current trends in royalty contract reviews

Royalties are commonly underreported in complex licensing and intellectual property contracts. Learn how to receive the funds you are entitled to.

One size does not fit all: Scaling internal audit to fit your company

Internal audit is a flexible function and does not have to fit the traditional mold. Learn how proper scaling adds value to your control environment.

Winter 2013

SOX Reset 2014

New guidelines for internal controls could lead to SOX “reset” in 2014, as companies take a more enterprise-wide approach to risk.

Five reasons to re-evaluate your mobile security policy

As mobile devices expand their capabilities and become more functional, they have also become an integral part of how companies conduct daily business.

Managing cloud risks with service organization controls

Service organization controls (SOC) reports can help to determine if potential cloud providers can meet or exceed your safety and privacy demands.

IT risks facing companies seeking global expansion

In today’s global economy, technology has removed barriers to international markets, opening avenues to lucrative expansion opportunities for many companies.

User-designed applications: How to control spreadsheets gone wild

User-developed applications help managers analyze data and make decisions, but they can lead to audit risks.

Fall 2013

Two common Web application attacks illustrate security concerns

By concentrating your security efforts on these more common types of attacks, you will do far more to protect your systems – and your organization.

Being proactive with your contract compliance program

Contract compliance issues are on the rise with vendors, distributors and licensees. Here are some red flags you need to know about.

Cloud risks: Striking a balance between savings and security

Migrating to the cloud can significantly reduce infrastructure, staffing and software expenses, but organizations also must be aware of potential regulatory, security and privacy risks.

Protecting your organization against damaging FCPA violations

FCPA investigations and enforcement actions are on the rise. This list includes middle-market, as well as Fortune 500 companies.

What you need to know: Implementing the 2013 COSO Framework

This high-level summary contains a changes that may significantly impact the way your organization approaches internal controls.

Receive Risk Bulletin by Email


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




RSM Raleigh Technology Conference

  • October 26, 2016


Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016


RSM’s 40th Annual National Credit Union Conference

  • October 06, 2016


Cybersecurity and cloud summit

  • September 27, 2016