Understanding Identity Risk Management
Category: Risk Management | Feb 18, 2010 |
Organizations take on risk when they do not know their customers, employees and vendors. According to the Association of Certified Fraud Examiners 2006 Report to the Nation on Occupational Fraud and Abuse, “U.S. organizations lose an estimated 5 percent of annual revenues to fraud.” Fraud goes beyond a quantitative dollar amount. Fraud can do additional damage because of the potential regulatory sanctions and loss of trust and reputation in the marketplace.
Many solutions exist today that help mitigate enterprise-wide fraud risk from customers, employees and vendors. A series of software and solutions help perform checks prior to entering a business relationship, and then once a relationship has been established, can provide alerts of suspicious activity.
Implementing a comprehensive Identity Risk Management (IRM) solution means various tools, processes and policies are designed to help an enterprise mitigate potential fraud caused by inaccurate or incomplete information about a business (vendors) or individual (customers and employees).
As a best practice, a robust Identity Risk Management solution should help an organization by recognizing:
- Identity misrepresentation, impersonation, or identity theft
- Unauthorized physical access
- Unauthorized electronic access
- Collusion
The result of an effective ID Risk Management system is it can help strengthen an enterprise’s identity verification, enhanced due diligence and regulatory compliance programs. This translates into additional layers of protection being incorporated into an enterprise’s overall fraud prevention efforts.
Below are examples of how an enterprise can mitigate fraud on the customer, employee and vendor level by implementing Identity Risk Management solutions.
How to Mitigate Customer Fraud Risk:
Knowing your customer means having strong identity verification, regulatory compliance and enhanced due diligence programs. These five ID Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from customers.
Step 1. Discover – Who are you?
Step 2. Verify – Do you exist?
Step 3. Authenticate – Are you who you say you are?
Step 4. Evaluate – Can I do business with you?
Step 5. Alert – Are you exhibiting high-risk behavior? (This is process that involves ongoing notifications.)
How to Mitigate Employee Fraud Risk:
To know your employee means your have taken efforts to obtain pre-employment and background screening information. In addition, the organization might want to pursue drug testing, biometrics and enhanced due diligence and ongoing post-hire services. These five ID Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from employees.
Step 1. Discover – Who are you?
Step 2. Verify – Do you exist?
Step 3. Authenticate – Are you who you say you are?
Step 4. Evaluate – Can I do business with you?
Step 5. Alert – Are you exhibiting high-risk behavior? (This is process that involves ongoing notifications.)
How to Mitigate Vendor Fraud Risk:
Knowing your vendor is essential to companies that are sensitive to regulatory compliance. This is magnified by companies that rely on third-party vendors, a trend that is becoming more critical as means of controlling costs. However, the added savings of these vendors come with additional exposure to fraud risk. Performing background checks and monitoring activity that is not aligned with your core business values are essential to an organization working with third parties. These five Identity Risk Management tips are the foundation for an organization to implement to better mitigate fraud risk from vendors.
Step 1. Discover – What is the business’ legal name? Who are the principals? Who are the officers?
Step 2. Verify – Does the business have the appropriate credentials?
Step 3. Authenticate – Is this a legitimate business?
Step 4. Evaluate – Can I do business with this company?
Step 5. Alert – Is this business exhibiting high-risk behavior? (This is process that involves ongoing notifications.)
Whether you are concerned with regulatory compliance or your organization’s reputation, implementing an Identity Risk Management solution is something you should consider the next time your organization is discussing ways to mitigate potential fraud risk. The process of mitigating fraud exposure starts with having this fraud risk discussion.
Watch the video related to risk management
Listen to Ann King from Financial Services Solutions Marketing at RSA, The Security Division of EMC, as she discusses Information Risk Management, a solution for managing security across the entire enterprise. Learn how information risk management provides the most effective means of recognizing, assessing and mitigating the risk that information is exposed to throughout its lifecycle. For more information: www.rsa.com
Great! Answered a lot of my questions about risk management!
Understanding and allocation of risks involved in any investment or work is called risk management. First, you need to do a thorough study of the subject to understand the risks involved. Then for each risk you choose a way to allocate it such as buying insurance or having some contractual obligations for other parties involved in the work or the investment.
If some competent engineer/analyst has done a FMECA or FMEA, an FTA, and other safety analyses. AND, these analyses have been peer-reviewed and corrected (if necessary), then I see no need for further modelling.
If the system in question is dynamic (changing part types, changing design, changing configuration), then yes, an ongoing model with a full-time or most-time risk manager may be necessary.
Even if the risk manager is not doing his/her job, a continuing model wouldn't be necessary. A simple peer review of the existing models and analyses would be all that is necessary.
.
http://www.meridianlink.com/articles/security_risk.pdf
http://www.netaddiction.com/articles/eia_framework.pdf
http://www.thefreelibrary.com/Internet+Risk+Impact+Summary+Report+for+Q3+2003-a0113377379
First you need to learn to spell interpretation correctly. Mistakes like that in a resume are really damaging.
You may find a course at a community college. I took one from Dun & Bradstreet by correspondence years and years ago and found it quite helpful.
In business, the term operational risk management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk does not include market risk or credit risk.
Good for you. But there is no such thing as MBA in risk management, or MBA in marketing, of MBA in finance. The MBA is a general broad degree covering a wide variety of business issues and training students for careers in managing any area of business up to CEO. MBA students study accounting, finance, marketing, statistics, management, economics, strategy, policy, leadership and similar courses. The MBA was developed because people with technical backgrounds getting promoted into management are not always able to manage, and people in management often don't understand the technical fields they manage. That's why MBA programs prefer students with degrees in other than business and with 2-4 years of work experience. Their graduates learn to manage and can speak the language of the people they manage, whether that is engineering, chemistry, medicine, music, or any other field.
Many MBA programs offer concentrations, but this usually amounts to 2-3 elective courses in a specific field in the second year of the program. So don't worry about a concentration but be careful in choosing the right program. If you find one with Risk Management courses, consider the quality of the school first, and the concentration second.
Before you consider which MBA program is for you, consult the Official MBA Guide, a comprehensive free public service with more than 2,000 MBA programs listed worldwide. It allows you to search for programs by location (US, Europe, Far East, etc.), by concentration (finance, marketing, aviation management, health management, accounting, etc.), by type of program (full-time, distance learning, part-time, etc), and by listing your own criteria and preferences to get a list of universities that satisfy your needs. You can use the Guide to contact schools of your choice, examine their data, visit their web site, and send them pre applications. You can see lists of top 40 schools ranked by starting salaries of graduates, GMAT scores, and other criteria. It's the best service available at http://officialmbaguide.org.
You'd do a lot better researching the general principles of risk management strategy before asking individual insurers (it's a huge subject)
You can read up on various principles through the IAIS which is pretty much the lead organisation in the world for setting requirements for insurers.
http://www.iaisweb.org/index.cfm?pageID=2
Also ..a personal tip …. although obviously rules are different from jurisdiction to jurisdiction, some of the most comprehensive and yet concise I've seen are the Australian ones (they are very hot on risk management in Aus).
You can read the guidance notes here….
http://www.apra.gov.au/General/General-Insurance-PPGs.cfm
That way you can target your questions and get a much better response
What is Quality Assurance?
The answer will be something along the lines of fitness for purpose.
Also, perhaps you could do a bit of research on the Prince2 project methodology…….it covers all of the areas you are interested in.