Author Archives for Jim DeLoach

Ask These Key Questions to Assess Cyber-Risk Oversight

Published by

This special supplement to Jim DeLoach’s recent blog post provides several questions to empower effective conversations about the state of a company’s cyber-risk oversight practices. I recently shared several business realities that boards should consider as they oversee cybersecurity risk. These realities point to the need for companies and their boards to ensure that cyber-risk management efforts are focused, targeted, cost-effective, and continuously improving. While these realities are important to bear in mind, the board must inform its understanding of the company’s cyber-risk capabilities by asking the right questions. Following are suggested questions that directors may consider, in the context... Read More


Elevating Board Oversight of Cyber Risk

Published by

Cyber risk, which is among the top five risks for organizations across many industries, presents a moving target. As innovative information technology (IT) transformation initiatives expand the digital footprint, they outpace the security protections companies have in place. Security and privacy internal control structures that reduce risk to an acceptable level today will inevitably become inadequate in the future—and even sooner than many may realize. As companies continue the battle to protect their resources, boards remain concerned with the security and availability of information systems and the protection of confidential, sensitive data. Many executives think their risk tolerance is low,... Read More


Ten Practices for Improving the Risk Assessment Process

Published by

Effective risk assessment is fundamental to the management and oversight of risk. While the risk assessment process must be tailored to the individual needs of each organization, the hallmark of a successful risk assessment is one that helps directors and executive management identify emerging risks and face the future confidently. Rather than shuffle “known knowns” around on a risk map, a risk assessment should help decision makers understand what they don’t know. To that end, 10 practices are summarized below that will help management and directors maximize the value derived from the risk assessment process. 1. Involve the appropriate people.... Read More