Risk Bulletin

Key insights to help your organization manage risk and make timely decisions.

Spring 2019

The future of risk: 5 trends to watch in 2019

Addressing these five emerging threats can help you fix vulnerabilities, improve decision-making and develop a risk strategy.

5 benefits to implementing an effective data strategy

Middle market companies collect increasingly large volumes of data. How can you fully leverage this asset to enhance your business.

GDPR and beyond: The impact of initial sanctions and new regulations

Many U.S. companies have taken a wait and see attitude toward the GDPR, but recent enforcement actions confirm the urgency for compliance.

Auditor Assistant helps global underwriter to enhance internal audit

Auditor Assistant helps global insurance group to increase audit coverage 20% with no additional headcount through increased efficiency.

Winter 2018

Managing risk and compliance throughout your cloud journey

Before moving data to the cloud, you must have the right level of support and understand how to avoid any potentially harmful risk exposure.

Blockchain is the new black

Blockchain technology one of the most significant developments affecting the future of the internet. RSM explores.

Phishing awareness: Recognizing, addressing and avoiding threats

Phishing is one of the most common and most successful forms of cyberattack. Learn how to recognize the warning signs of potential phishing.

The past, present and future of privacy—and how you should prepare

Understand what the evolving data privacy landscape means for the middle market and how to adapt your security and privacy program.

Summer 2018

Top 4 risks organizations should monitor in 2018

Our infographic helps you understand new innovation, automation, cybersecurity and data privacy risks and potential management responses.

Understanding the Cybersecurity Threat

The age of big data translates to even bigger risk for businesses of all sizes, but middle market companies are particularly vulnerable.

GDPR enforcement is your company prepared?

With the GDPR enforcement date now here, companies must know where they stand and how to react to avoid fines and penalties.

Bribery and corruption: Remain compliant in a risky business landscape

Learn the essential role of data accountability and integrity to maximize regulatory compliance and reduce fraud risks.

Spring 2018

Top of Mind CFO Technology Issues

RSM teamed with to survey more than 100 senior finance executives regarding managed IT services and cloud computing.

The real cost of a data breach

RSM is a sponsor of the NetDiligence® 2018 Cyber Claims Study, which provides greater insight to data breaches and associated damages.

Fraud investigations: Uncovering hidden financial accounts and assets

An important part of a fraud investigation is identifying any hidden accounts that the suspected fraudster may be using to hide assets.

5 key technology trends for 2018

With a new year upon us, learn how five technology strategies can increase your efficiency and insight, and strengthen business operations.

Winter 2017

Effective SOC reporting

Service organizations must understand SOC reporting options to accurately represent their control environment to business partners.

COSO Enterprise Risk Management

COSO recently released a new ERM framework designed to address an evolving risk environment. Here is what your organization needs to know.

Combatting cyberattacks: 5 steps to managing cyberrisks

RSM provides insight into the growing threat of cyberattacks to organizations and how to manage such attacks. Learn more.

Top 7 GDPR misconceptions: Is your business prepared?

RSM provides insight into common misconceptions surrounding GDPR and what organizations worldwide must do to become compliant. Learn more.

Fall 2017

5 things to know about GDPR: Risks and opportunities

Enforcement is scheduled to start on May 25, 2018. What do U.S. organizations need to do now? Here are five key considerations.

SOC reporting: Understanding key changes ahead

The AICPA has implemented several changes to SOC reporting, and organizations must develop a strategic road map to meet the new standards.

Managing risk with third parties or intermediaries

When overseeing third parties, details matter. RSM provides tips on how to manage third-party risks and best practices to follow.

Don't be a "hacker snack": Cybersecurity done right

Cyber thieves have a name for a firm that mistakes prevention for comprehensive threat planning – a “hacker snack.” Learn more.

RSM's AML Survey identifies 7 AML trends in banks

This infographic breaks down the key findings from the RSM AML Survey of banks, including insights into budgets, staffing and operations.

Data analysis and predictive modeling: A new approach to risk culture

Learn how financial services organizations can leverage data to assess risk culture and reduce the potential of damaging headlines.

Summer 2017

Evaluating your business continuity plan to effectively manage risks

Evaluating a Business Continuity Plan requires a level of subjectivity that cannot be obtained from checklists alone. Learn more.

Optimizing your ERP implementation: Understanding 7 key risk areas

Learn about how you can mitigate ERP project risks that can create vulnerabilities, cause regulatory concerns and derail an implementation.

Ransomware: An emerging cyber risk the middle market must prepare for

Learn how to protect your company against ransomware, a growing cyber risk that threatens the middle market more than larger organizations.

How ISO 37001 certification can help reduce internal corruption risks

Learn how ISO 37001 can provide practical anti-bribery approaches for middle market companies to reduce internal corruption risks.

What the recently leaked Shadow Brokers information means for you

Understand what threats the Shadow Brokers leak presents, which of your systems may be vulnerable and how to remediate your risks.

GDPR data security compliance: You have one year to prepare

Organizations that manage EU residents’ data must comply with GDPR guidelines by May 2018. Learn about the law and how to stay compliant.

Spring 2017

2017 risk outlook: 6 trends to monitor

Plan now to address potentially harmful cloud, third-party vendor, cybersecurity, international and security and privacy risks.

Cloudbleed data leakage issue: practical advice

Recent news on data leak reminds us of the importance of ongoing security risk assessments and incident response planning.

Making the case for internal audit outsourcing

Listen to this podcast to learn how organizations are using internal audit outsourcing to help address and meet compliance requirements.

Cloud risks: Security and privacy concerns when moving to the cloud

Cloud solutions can bring big benefits, but you must consider possible risks and alignment with your regulatory demands and risk appetite.

Winter 2016

Responding to risk: Strategies to manage threats and opportunities

Your organization faces business risk daily, and must implement effective risk management strategies to attain business and strategic goals.

PCI DSS version 3.2: How will it impact your organization?

Learn how new PCI DSS guidelines reflect emerging threats and new technologies, and how changes may affect your business processes.

What is the cost of reputational harm?

Calculating the cost of reputational harm can be challenging, explore ways to quantify damages for insurance, legal and other purposes.

The real cost of a data breach

RSM is a sponsor of the NetDiligence® 2018 Cyber Claims Study, which provides greater insight to data breaches and associated damages.

Effectively performing SoD and sensitive access assessments for ERPs

Performing automated SoD assessments with GRC tools can help you better manage ERP risks and fraud amid a stronger regulatory environment.

Fall 2016

What technology disruptions mean for the middle market

Middle market faces crucial test in managing disruptive technology.

Auditing culture - a piece of a broader governance puzzle

Internal audit plays an important role in auditing culture, however it is just one piece of a broader governance puzzle.

Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.

Regulatory compliance webcast - Summer 2015

Gain clarity on regulatory compliance issues impacting your organization in this discussion on strengthening your BSA - AML program.

Managing risk when choosing digital platforms: The keys for nonprofits

Digital platforms can support nonprofit success, but organizations must consider possible vulnerabilities and risks in addition to benefits.


Beyond compliance: Properly leveraging ERM for additional value

Many organizations leverage ERM to manage compliance and regulatory demands, but do not understand its potential to uncover business opportunities.

5 things to know about managing third-party relationship risks

Leveraging third parties can lead to significant efficiencies, but you must account for inherent risks that lie with your organization.

Effective board governance

Leverage best practices from high-performing boards to support growth initiatives and better risk management practices.

5 ways to protect your organization against cyberattacks

Protect your organization against cyber threats by ensuring the appropriate security controls are in place.

SOC 1 changes ahead

Learn what changes your organization must consider implementing following revised SOC 1 reporting guidance recently released by the AICPA.

Spring 2016

5 cybersecurity predictions for 2016

As cyberattacks become more frequent and sophisticated, RSM advisors discuss how to protect your organization against 2016’s emerging cyberthreats.

Minimizing fraud exposure with ERP segregation of duties controls

Companies must understand segregation of duties control risks that can result in fraud, and more effort and investment following ERP implementation.

3 steps to effective monitoring and testing for credit card issuers

Learn how your financial institution can better control regulatory risk associated with credit cards through a monitoring and testing program.

Risk management for third-party relationships

Gain insight on present-day third-party risk management issues and learn various solutions to better manage the overall relationship process.

Leveraging innovation: Utilizing the third platform to support success

Learn about the five emerging technologies in the third platform, and how successful implementation can increase data insight, access and efficiency.

Winter 2015

5 key risks companies should monitor in 2016

Companies need to plan now to manage employment, inflation, currency, cybersecurity and vendor risks in 2016.

Parsing the Difference Between GRC and ERM

Organizations understand the difference between compliance and risk management as concepts but not so much the difference between governance.

Data privacy

Clubs must be vigilant in protecting sensitive data. Learn key considerations to protect sensitive information.

The real cost of a data breach

RSM is a sponsor of the NetDiligence® 2018 Cyber Claims Study, which provides greater insight to data breaches and associated damages.

Fall 2015

Continual PCI compliance

PCI compliance is a constant obligation; but many merchants leave data vulnerable by only focusing on compliance before their annual audit.

Capital plan review and stress tests: Become compliant and add value

Learn how financial institutions can manage increased capital planning and stress testing expectations and use new processes to add value.

E-check fraud: Mitigating risks to protect your organization

Electronic banking is efficient for transferring funds, but businesses must understand how to implement controls to limit e-check fraud vulnerability.

Using data analytics to detect and prevent fraudulent activity

Risk & Compliance magazine Q&A, featuring RSM professionals, highlights the benefits of using data analytics to combat fraud.

Is your enterprise risk management program ready for ORSA?

Learn key insights affecting insurance companies related to enterprise risk management and the Own Risk and Solvency Assessment process.

Summer 2015

The Functional Small Audit Department

With the right approach, small functions can provide as much value as their larger counterparts.

PCI DSS version 3.2: How will it impact your organization?

Learn how new PCI DSS guidelines reflect emerging threats and new technologies, and how changes may affect your business processes.

White Paper: Avoiding risk when choosing managed IT services provider

The use of managed Information Technology services is growing due to greater efficiency and cost savings, but organizations must be careful to avoid increased risk.

SOC 2 common criteria: Addressing key changes in updated guidance

With the AICPA releasing changes to SOC 2 guidelines, service organizations must be aware of new demands and necessary framework adjustments.

Spring 2015

5 big IT threats facing financial institutions in 2015

2015 will bring increased focus on five IT threats facing financial institutions

Using the compliance management system framework for vendor management

All regulated financial service entities must address compliance and vendor management guidelines to protect consumers and avoid penalties.

Are you being overcharged for subcontractor default insurance?

Owners need to be aware of the various ways this insurance can be used as a hidden source of revenue. Learn more here.

Red flags that your licensee may be underreporting royalties

Learn how to identify and understand licensee red flags that could result in inconsistent royalty processes and potentially significant lost revenue.

Higher education: You’re already a data breach target

Higher education organizations should address data security and privacy issues now to offset debilitating damages later.

Winter 2014

SOC update: What recent changes mean for your internal control reporting

Service organization control (SOC) reports are in high demand, but recent updates have changed how internal control environments are communicated.

Executive summary: 10 ways to increase internal audit relevancy

Learn to increase the value of internal audit to the organization, by monitoring risk, but also identifying business opportunities and cost savings.

Implementing proactive data security plan: 3 stages of a data breach

Every business is vulnerable to a potential data breach, and companies must implement proactive strategies to prepare for, and react to, an incident.

Pre- and post-breach risks and ways you can protect your data

Learn about key pre- and post-breach data security risks consumer products companies must be aware of.

Fall 2014

Size doesn’t matter: The anatomy of a data breach

You may think you are too small to suffer a data breach. Think again. Hackers target businesses of all sizes and industries, and your data is at risk.

Executive summary: Simplify the complexity of third-party management

The use of third parties is increasing, and businesses must implement proactive strategies to mitigate financial, regulatory and reputational risks.

Information security due diligence: Did you buy an asset or a headache?

Performing information security due diligence on acquisitions can differentiate between a profitable transaction, a loss or a significant liability.

COSO Resource and Information Center

Information on COSO – from adoption tips to summaries of each of the principles.

Overcoming hidden risks within construction contracts

As construction fraud increases, know warning signs and implement measures to protect your organization and ensure projects deliver expected results.

Summer 2014

Sustainability in your organization: Expanding role of internal audit

Internal Audit can add significant value beyond its typical role by helping create a proactive, sustainable organization.

Mobile banking at your financial institution: Key risks and countermeasures

The demand for and utilization of mobile banking services can bring more than just operational challenges when working to meet customer expectations.

Your year to be a better writer: Adding value to your reporting

Many internal auditors struggle to present the results of an audit in an effective manner and best represent findings.

Spring 2014

Five reasons to re-evaluate your mobile security policy

A detailed look at the items that organizations should include in their mobile device security plans.

Sustainability in your organization: How internal audit can help

The role of internal audit in sustainable development of the organization

PCI DSS version 3.2: How will it impact your organization?

Learn how new PCI DSS guidelines reflect emerging threats and new technologies, and how changes may affect your business processes.

Maximizing royalty revenue: Current trends in royalty contract reviews

Royalties are commonly underreported in complex licensing and intellectual property contracts. Learn how to receive the funds you are entitled to.

One size does not fit all: Scaling internal audit to fit your company

Download this white paper to learn how scaling internal audit can improve risk management throughout your organization.

Winter 2013

SOX Reset 2014

New guidelines for internal controls could lead to SOX “reset” in 2014, as companies take a more enterprise-wide approach to risk.

Managing cloud risks with service organization controls

Service organization controls (SOC) reports can help to determine if potential cloud providers can meet or exceed your safety and privacy demands.

User-designed applications: How to control spreadsheets gone wild

User-developed applications help managers analyze data and make decisions, but they can lead to audit risks.

Fall 2013

Two common Web application attacks illustrate security concerns

By concentrating your security efforts on these more common types of attacks, you will do far more to protect your systems – and your organization.

Being proactive with your contract compliance program

Contract compliance issues are on the rise with vendors, distributors and licensees. Here are some red flags you need to know about.

Cloud risks: Striking a balance between savings and security

Migrating to the cloud can significantly reduce infrastructure, staffing and software expenses, but organizations also must be aware of potential regulatory, security and privacy risks.

Protecting your organization against damaging FCPA violations

FCPA investigations and enforcement actions are on the rise. This list includes middle-market, as well as Fortune 500 companies.

What you need to know: Implementing the 2013 COSO Framework

This high-level summary contains a changes that may significantly impact the way your organization approaches internal controls.

Receive Risk Bulletin by Email


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.