Drafted by the International Organization for Standardization, ISO 31000 is a set of guidelines that is intended to help organisation implement better risk management. It is designed to be used by any organisation operating in any industry. There is no certification for ISO 31000, unlike other ISO standards. With the

What does a Board do? The Board of Directors’ responsibilities include delivering effective leadership, developing strategy and giving proper direction to the organisation so that it operates successfully, within all legal, regulatory and compliance bounds, and is able to deliver value to its shareholders. But in today’s dynamic, volatile corporate

Environmental, Social and Governance (ESG) requirements are gaining prominence in many large organisations. Investors and stakeholders are starting to pay closer attention to how companies treat their environment, conduct themselves as corporate citizens, and carry out their governance responsibilities. Statistics have shown increasing funds flowing to “green” bonds and sustainability-linked

Oversight, a critical function performed by Boards, is a component of good corporate governance, and is necessary to ensure that policies, plans, programmes and projects achieve the desired results, and comply with rules, regulations and ethical standards. In the course of exercising oversight, the Board usually ensures that due diligence

New technology, such as artificial intelligence (AI) and cloud-based storage, is fuelling concern over data risk. But what constitutes data risk? This usually refers to the risks that confront an organisation such as loss of value or reputation, due to the challenges it faces with regards to acquiring, storing, transforming

To determine the relationship between Business Continuity Management (BCM), Disaster Recovery Planning (DRP) and Crisis Management, these first need to be defined. BCM is the process of planning for disruptive incidents so that any damage and down time resulting from the incident, will not have extensive impact on the business.

Ethics, from the Greek word ethos, means knowing the difference between right and wrong, and doing the right thing; it is the moral principles that govern a person’s behaviour. Corporate ethics, sometimes also referenced as business ethics, is the code of conduct which guides an organisation in its business dealings;

In 1992, the Committee of Sponsoring Organisations of the Treadway Commission, COSO, introduced its Internal Control – Integrated Framework with the aim of helping organisations achieve operational objectives, better reporting and compliance. Most companies then did not have the sophisticated internal controls that are widely applied today. What was generally

Should those in the C-Suite be concerned when it comes to cybersecurity? The short answer: yes. There is no denying that being in the C-Suite signals that an executive has “arrived” and is among the movers and shakers of the organisation. But most people tend to see the perks that

Enterprise Risk Management has become an absolute necessity. Companies have been managing risk for years but traditional risk management is becoming increasingly ineffective because of the dynamics of the business environment. What is required today is a more holistic view of the risks which confront the organisation, which is what