6 Components of a Strong Healthcare Security Presence

By Lowers & Associates,

A strong healthcare security program begins with a strong presence. This presence should be both seen and felt, cultivating a multi-dimensional experience of safety. Even in moments where security is subtle, like in the case of consistent uniforms, the elements of security presence can make all the difference in a patient’s experience.

Here are the key components to a strong presence: … Continue reading

How Are You Handling This Year’s Emerging Risks?

By Mark Lowers,

cyber crime fraud

The Edward Snowden case and the theft of Target customer data have both driven home the point that cybersecurity is an emerging, and rising, risk issue for both companies and political entities. But there are other risks that emerge as rapidly-changing multi-market regulatory and business interactions redefine the landscape.

Every year business consultant CEB (Corporate Executive Board) issues a list of emerging risks that sharp companies need to address to stay ahead of the game. This year they recommend managers pay special attention to these 10 specific risks: … Continue reading

The Case for a Risk-Based Approach to Compliance Auditing

By Lowers & Associates,

In general, compliance is conforming to particular expectations, standards, or behaviors, where risk is an exposure to potential loss or injury. When we think of compliance in the security arena, it often means that you are following prescribed standards, which could be regulatory, industry best practices, or standards that are otherwise customized or company specific.

While compliance and risk often follow the same path, a compliance audit or survey is often performed with a one-size-fits-all “compliance only” approach, as opposed to one that requires more complex reasoning.

Some may question the rationale of compliance if risk is not a constant consideration. Lack of experience, industry knowledge, or even simply lack of time can hinder the ability to take a more risk-based direction. After all, taking a compliance only approach simplifies the security audit process by allowing for uniform application, reduced subjectivity and error in assessment, and strong performance metrics capability.

Is the added complexity of a risk-based approach worth the effort? … Continue reading

Cash Auditing and Compliance in a New World

By Mark Lowers,

The banking industry has undergone significant and historic change since the financial crisis of 2008. The Dodd Frank Wall Street Reform and Consumer Protection Act created heightened expectations and new regulations for financial institutions.

This, in turn, has created the need for additional levels of oversight within the financial institution itself. However, it isn’t just financial institutions that are feeling the impact. Third party service providers of financial institutions, including armored carriers, are being impacted as well.

Historically, by outsourcing cash vault operations to CIT companies, financial institutions were able to pass along many of their risks and cost burdens. Today, the Office of the Comptroller of the Currency (OCC) makes clear that banks are expected to practice effective risk management “whether the bank performs the activity internally or through a third party” and goes on to say that “A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner in compliance with applicable laws.”

Furthermore, the OCC has identified significant potential for gaps in risk mitigation and compliance, which has brought more focus on auditing procedures. … Continue reading

Where Do Compliance and Risk Management Meet?

By Michael Gaul,

Internal Control Compliance

A recent article by A-J Secrist of Parker Poe Adams & Bernstein examines the relationship between risk management and compliance. Some analysts distinguish between these two things, with risk management more a strategic concern and compliance an operational one driven by regulatory oversight. Others might go in the opposite direction and confuse a compliance program with performing risk management.

There is no doubt that there is a distinction between risk management and compliance, simply because the functions may be performed by different people within an organization, and at different levels. However, as Secrist points out, “In essence, noncompliance is a type of risk.”

Compliance is a key element of a comprehensive risk management plan. … Continue reading