Is “risk management” creating more risk in how you manage & use data?

In a recent article we spoke about a privacy impact assessment (PIA) that did not consider all the risks. The resulting breach occurred, in part, because of the false sense of security created by the PIA. In a previous article we outlined how a flaw in risk-thinking can increase risk by reducing efficiency and effectiveness. Those articles might appear

Protect against inadvertent privacy breaches

There has been a raft of data breaches over the past few months. Some of those were due to poor controls and/or significant effort by hackers. But some recent breaches have been rather inadvertent. Despite some controls put in place, with no significant effort by evil actors and with the risk of breach not that

Going beyond the initial remedial action

Management action often focuses on the sample or weakness that audit identified. We call this “remedial action” – but is it really a remedy at all? We must ask: Does the action minimise the risk? And, importantly, if a customer knew about it, would they be satisfied with the fix?   Better remediation needs to include,

More access to data to reduce risk & enable better decisions

You already know that there is untapped value within your systems and the data they contain. But user access limitations – because of audit, risk and compliance expectations – mean that it is increasingly difficult to get access to the data you need. Access to systems and data is traditionally limited by job function, and

Are you augmenting your team or just automating your processes?

As an auditor, you will be involved in automation for your own function and the business more broadly. In this article, reference to automation and augmentation covers both scenarios i.e., where you are automating for audit purposes and where you are involved in audit activities related to the business adoption of automation.   If you

Can you survive the damage caused by a spreadsheet model error?

Spreadsheets are often used (and have been for decades) for modelling and analysis, largely because they are easy to use and highly flexible. But what happens when a simple error like cutting-and-pasting the wrong formula, or omitting data in a calculation, ends up costing you thousands / millions of dollars? It has happened before: Mistakes in multiple

Emerging risks – Artificial Intelligence

When you hear the phrases “artificial intelligence”, “machine learning” or “autonomous systems”, what images do they conjure up? You might be imagining a world with endless possibility. The eternal optimist? Or perhaps a dystopian future – a robotic society. The less optimistic? Or maybe something in-between. The balanced view? Whatever it is, there is little