Effective communication and preparation are key to successful meetings and decision-making processes. One powerful technique that can significantly enhance the outcome of your meetings is the "pre-wire." This concept, which involves holding preliminary discussions before the main meeting, ensures that all participants are on the same page and any potential concerns are addressed in advance. When I was with APM I learned the phrase “pre-wire.” A pre-wire is simply the meeting before the meeting. As consultants it was important to share the meeting agenda with the customer and be aware of any concerns that they may have. As a manager I still find pre-wires important. For example, we always review the IT Steering Committee agenda with the chairperson a few days in advance of the meeting. The better prepared I am for the pre-wire the better the Steering Committee meeting will go. ...

Less than a month until the new American administration, Wired predicts what will change in US cybersecurity policy - and regulations. Wired predicts shifts in U.S. cyber policy under the new administration; if accurate, this would mean a lighter regulatory touch. It remains to be seen how industry will respond. [… ] “more regulation will be dismantled than introduced.” Biden’s presidency was “riddled with new cyber regulation” that sometimes confused and overburdened industry, he adds. “The new White House will be looking to reduce regulatory burdens while streamlining smart compliance.” ...

CISOs should be thinking now about changing the assumption that the ‘Great Machine’ of artificial intelligence is so transformational it can replace, rather than augment, human activity. There’s a philosophical concept called the Great Man Theory that suggests history is all about how significant individuals act as centers of gravity for society as a whole — think Alexander the Great, Napoleon Bonaparte, Queen Elizabeth I, or the founding fathers of the American Revolution. ...

For those considering their next career move, a new study by The Economist and the Burning Glass Institute highlights the best British companies to work for to get ahead in your career - categorised between access, promotion, retention and pay - in a good example of open source data analytics, using “publicly available data on 151 of the country’s biggest and most recognisable employers.”

Increased AI usage is driving significantly higher energy demands, often met by fossil fuels, raising sustainability concerns. Gartner Predicts Power Shortages Will Restrict 40% of AI Data Centers By 2027 - Gartner Gartner predict that data centres will experience power shortages in the next few years, driven mainly by increases in usage of AI. Data centre emissions are soaring - it’s AI or the climate - The Conversation Three of the biggest tech companies, Microsoft, Google and Meta, have reported ballooning greenhouse gas emissions since 2020. Data centres packed with servers running AI programs day and night are largely to blame. ...

Forrester Research challenges the Three Lines of Defence (3LOD) model twenty years on. The research firm writes that the three lines of defence is outdated: built for SoX, 3LOD hasn’t been reconsidered in two decades, and it’s time for a change. The three lines of defense (3LOD) concept was initially developed as a corporate governance framework to implement segregation of duties requirements under the 2002 Sarbanes-Oxley Act. […] But as anyone who has tried to implement it as a foundation for enterprise risk management will tell you, the 3LOD is not a model for managing risk. Instead, it defines, with ample rigidity, the roles required to comply with segregation of duties requirements. This division is conceptually simple but does not match the operating model at most organizations. Forrester ...

The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...

Control Risks released their predictions for the top business risks for 2025, calling out Digital Concentration Risk as companies outsource their specialist IT services to external providers, such as cloud and security. “The concentration of risk in centralised technological ecosystems in a worsening threat landscape will be a top risk for organisations in 2025.” Global technology disruptions such as the July 2024 Crowdstrike outages shows how human error or system misconfigurations can create a correlated industry-wide impact to customer organisations. And as these companies pass control to external tech vendors, they may be losing the in-house skills needed to respond to future incidents and outages. ...

With the new UK Labour government, changes are expected in legislation and regulations for risk and resilience. The Cyber Security & Resilience Bill will be coming before Parliament in 2025, helping government ‘build a better picture’ of the cyber threat landscape. The Bill will [… expand] the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. ...

Security Boulevard notes that firms have less than two months to comply with DORA. With the EU’s Digital Operational Resilience Act (DORA) coming into effect next month, financial services firms in the EU are updating processes, policies and provisions to comply with the new regulation. Meanwhile, PwC highlights in International Banker (PwC) the challenge of updating ICT contracts under DORA’s requirements. As part of TPRM, DORA stipulates that all ICT contracts must contain specific baseline contract terms. There are also more onerous additional requirements for contracts supporting critical or important functions (CIFs). ...

The Bank of England and the Financial Conduct Authority have released a report on Artificial intelligence, surveying participants in the UK financial services sector (report 2024-11-21 - 29 pages). The report highlights respondent’s views on the benefits and risks of AI, use cases including “data and analytical insights, anti-money laundering (AML) and combating fraud, and cybersecurity.” From the report: ...

Article: What you need to know about NIST’s AI Risk Management Framework published in January 2023 Want to know more about the NIST CSF 2.0? See Lines of Defence’s outline on NIST CSF 2.0 Framework Related pages

WEF report: Global Risks Report 2023 | WEF Launch event (video)

WEF report: Global Risks Report 2022 | WEF

Excerpts Certainly, non-financial risks have always existed. However, it’s only relatively recently that the way we conceive of risk has broadened beyond traditional risks (such as credit risk, competition and market factors) to include operational risks, conduct risks, compliance risks and cyber risks, as well as environmental, social and governance (ESG) factors. Guide Article: Accountants are pivotal in identifying and managing non-financial risk Download: Guide to non-financial risks (PDF) by the Chartered Accountants Australia and New Zealand ...