Remove 2013 Remove All-Hazards Remove Evaluation
article thumbnail

ISO 27001 Certification Requirements & Standards

Reciprocity

Your primary reference points will be ISO/IEC 27001:2013, ISO/IEC 27002:2013, and ISO/IEC 27000:2018. Doing this right is critical because a scope that is too large will increase the project’s time and expense, and a scope that is too narrow may expose your firm to unanticipated hazards. Evaluating risks.

Audit 52
article thumbnail

Risky Business: Is Looking at Likelihood a Waste of Time?

Plan B Consulting

In the 2010 and 2013 GPGs we looked at threat assessments, whereas in the more recent 2018 GPG, we cover a threat and risk assessment. Your building could be state of the art, brand new and with lots of features in place to prevent a fire, or it could be old, rickety, with poor wiring and a fire hazard just waiting to happen.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Risky Business: Is Looking at Likelihood a Waste of Time?

Plan B Consulting

In the 2010 and 2013 GPGs we looked at threat assessments, whereas in the more recent 2018 GPG, we cover a threat and risk assessment. Your building could be state of the art, brand new and with lots of features in place to prevent a fire, or it could be old, rickety, with poor wiring and a fire hazard just waiting to happen.

article thumbnail

Risk Assessments and Internal Controls

Reciprocity

From innocent but costly mistakes to deliberate fraud, all organizations are subject to risks that can jeopardize financial reporting or lead to the loss of corporate assets. An internal control system is a company’s set of all internal controls plus the tools the company uses to monitor those controls. Monitoring activities.

Audit 52
article thumbnail

IRM, ERM, and GRC: Is There a Difference?

Reciprocity

Are there differences at all? Not long ago, risk managers concerned themselves mainly with hazards such as fires and floods; or in the financial sector, loan defaults (credit risk). COSO’s ERM framework builds upon, and is intended to work with, the committee’s internal control framework issued in 1992 and updated in 2013.

article thumbnail

Top Risk Analysis Tools

Reciprocity

Organizations of all types and sizes face a number of external and internal factors that make it uncertain whether they will achieve their goals; ERM can bring that uncertainty to lower levels. For many years and across industries, enterprise risk management (ERM) has always been an important part of any successful business operation.